Enhancing Data Center Security Without Sacrificing Performance

Every data center cybersecurity team faces the same impossible equation: host-based agents consume CPU cycles that high-performance computing requires. For years, the industry has tried to balance this trade-off. The more security you implement, the more performance suffers; yet, the more you preserve performance, the greater the risk of blind spots. For an example of such a blind spot, look no further than the gap between a virtual machine (VM) and its physical host. In March 2025, Broadcom patched a series of VMware ESXi zero-day vulnerabilities that could escape the VM sandbox entirely. In 2023, the ESXiArgs campaign affected an estimated 3,800 servers globally. In both instances, a single compromise disabled or encrypted dozens of VMs simultaneously. Host-based agents were ineffective because the attack occurred in the hypervisor. The solution is not optimization; it requires reimagining the architecture by removing it from the host entirely. Data processing units (DPUs), installed on each server, provide this capability. Executing security workloads on the DPU instead of the CPU frees the host CPU and GPU cycles for the operations they were built to perform. Even better, the DPU is invisible and inaccessible to attackers because it operates independently from the host OS. The end result is tamper-proof security, enforced at line speed – without any negative performance impact. Legacy Risks at a Modern Pace Data centers have always been among the most challenging environments to secure. Physical servers host hypervisors. Hypervisors host VMs. VMs host containers. Each layer adds abstraction, and each abstraction introduces blind spots where assets go unmanaged and vulnerabilities remain undetected. Misconfigurations compound over time. VMs get copied from outdated templates. Firewall rules accumulate exceptions that no one audits. Servers remain running for a project long completed because no one wants to risk an outage by decommissioning them. Perimeter security is of little use in these environments. Firewalls and network security devices monitor north-south traffic (i.e., data flowing into and out of the data center). But the majority of traffic in a data center is east-west (i.e., the lateral movement between VMs). Once an attacker breaches a single instance, perimeter defenses have no visibility into what follows. This is where dwell time accumulates, and privilege escalation occurs, well beyond the defense of the traditional network perimeter. AI data centers inherit all of these risks and then accelerate at an exponential rate. Transient network flows exist for hours (or even just minutes) before disappearing entirely. VMs are created and terminated for individual tasks. Containers are orchestrated across nodes that redistribute resources in real-time. These just-in-time assets materialize and vanish faster than any human operator or periodic scan can track. When you consider that a single GPU cluster can represent millions of dollars in hardware and every percentage point of efficiency translates directly into a competitive advantage, then installing host-based security agents does not make sense. Unfortunately, that means some operators are quietly disabling security on their most critical compute nodes and hoping the perimeter holds. It doesn’t add up. A Blueprint for a Better Tomorrow Shifting security from CPU-based agents to a DPU-based security architecture eliminates the security vs. productivity tradeoff by relocating the entire security stack onto dedicated silicon. The DPU functions as an embedded sensor in each server, streaming telemetry data and monitoring network traffic without any operational impact on the host. The performance implications are significant. Continuous real-time monitoring on a DPU can operate faster than CPU-based approaches – and the speed is only half of the advantage. The separation between the DPU and the host enables zero trust security at the hardware level. The DPU resides between the host and the network, treating both with zero trust. Every packet, every access request and every process is subject to inspection and policy enforcement. Even if the host operating system is somehow compromised, the hardware isolation of the DPU maintains control. In terms of visibility, a DPU-based architecture enables continuous monitoring across physical and virtual infrastructure and across east-west (internal) traffic and north-south (external) traffic. Deep packet inspection analyzes traffic at the endpoint, eliminating bottlenecks to and from external appliances. Simultaneously, privacy protections are built into the design. Information is only extracted from kernel-level structures and system metadata, not from user data or application-layer content. The net result is comprehensive visibility without exposing sensitive data. Enabling Security and Performance For two decades, data center security has been defined by an impossible equation: security or productivity. DPU-based security balances the equation. For AI data centers, where the stakes are the highest and performance constraints are the tightest, security and performance are no longer a zero-sum game. Related: Cisco Patches Critical Vulnerability in Data Center Management Product WRITTEN BY Nadir Izrael Nadir Izrael is Co-founder and CTO at Armis. He co-founded Armis in 2015 with his friend and army colleague, Yevgeny Dibrov, after the two started looking for new and interesting problems to solve in technology. Prior to founding Armis, Nadir spent four years as a senior software manager at Google, working on Google Maps and Google Autocomplete. He began his career in the Israel Defense Forces in the elite Unit 8200 intelligence corps where he served first as a software developer and then as a team leader, ultimately achieving the rank of captain. More from Nadir Izrael The New Rules of Engagement: Matching Agentic Attack Speed How to 10x Your Vulnerability Management Program in the Agentic Era The Upside Down is Real: What Stranger Things Teaches Us About Modern Cybersecurity From Open Source to OpenAI: The Evolution of Third-Party Risk Latest News New Linux Kernel Vulnerability Fragnesia Allows Root Privilege Escalation Mythos Proves Potent in Vulnerability Discovery, Less Convincing Elsewhere Akamai to Acquire AI and Browser Security Firm LayerX for $205 Million Chinese APTs Expand Targets, Update Backdoors in Recent Campaigns G7 Countries Release AI SBOM Guidance F5 Patches Over 50 Vulnerabilities Hackers Targeted PraisonAI Vulnerability Hours After Disclosure High-Severity Vulnerability Patched in VMware Fusion Trending Webinar: Third-Party Risk In Practice June 4, 2026 Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice. Register Virtual Event: Threat Detection And Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the Move Silvio Pappalardo has joined AuthMind as Chief Revenue Officer. iCOUNTER has appointed Lisa Hayashi as CMO and Bob Kalchthaler as CFO. Thomas Bain has been appointed Chief Marketing Officer at Silent Push. More People On The Move Expert Insights Is The SOC Obsolete, And We Just Haven’t Admitted It Yet? Many AI-first enterprises have already embraced sovereign architectures for general AI initiatives; cybersecurity—and the SOC—should be next. (Danelle Au) The Mythos Moment: Enterprises Must Fight Agents With Agents Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era. (Etay Maor) Why Cybersecurity Must Rethink Defense In The Age Of Autonomous Agents From autonomous code generation to decision-making systems that initiate actions without human intervention, the industry is entering a new phase. (Torsten George) Government Can’t Win The Cyber War Without The Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) The Hidden ROI Of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) Flipboard Reddit Whatsapp Email