Data sheet

HPE Virtualized Security Services

HPE Virtualized Security Services (VSS) is a software-defined security solution for data centers and wide area network (WAN) environments. It is based on the HPE Distributed Cloud Networking (DCN) to help address protection, detection, and operational security challenges in cloud environments driven by emerging security threats and multi-tenancy. VSS is the industry's first distributed, end-to-end (cloud, data center, and branch) software-defined network security, visibility, and automation solution.
VSS extends HPE DCN, a software-defined networking (SDN) platform, with value-added security capabilities that provide contextual traffic visibility and security monitoring, as well as dynamic security automation for rapid incident response. VSS delivers these features in addition to inherent DCN capabilities to provide secure microsegmentation, policy automation, and policy enforcement.

Cloud security challenges

Current network security models across data center and branch environments cannot effectively address new requirements driven by the move to cloud and an evolving threat landscape. VSS is designed to overcome critical obstacles to cloud security:
  • Lack of sufficient network segmentation inside the data center as well as between remote branch sites and data centers - Current perimeter-centric approaches to securing data centers are proving to be insufficient to prevent new and emerging attacks that move laterally between workloads within a data center. In addition, a lack of sufficient end-to-end segmentation across the WAN poses additional security risks where an attacker can use the branch as an entry point to access applications and data inside the data center.
  • Lack of visibility of traffic inside the data center and across the WAN - Organizations lack the visibility and tools to detect advanced security threats across the data center, cloud, and branch networks. Based on a recent security survey, it takes, on average, several months from initial compromise to when an attack is actually detected.