Since Juniper bought Altor Networks, there has been steady progress to use Altor VF3 (now Juniper vGW, pronounced vee-Gee-W) as a way to extend the functionality of the Juniper SRX Series of Service Gateways into the virtual and cloud environments. Juniper is focusing on the entire security stack from the endpoint to the hypervisor, vGW offers one component of that entire picture. Another component is the Junos Pulse Mobile Security Suite which provides Security as a Service for mobile devices. These two components alone are a very powerful set of tools for any Enterprise. When you add in the other components it is a compelling story from network security perspective. Continue reading Juniper Provides Security from Mobile Endpoint to Hypervisor
My conference schedule kept pace with the changes in the virtualization security ecosystem throughout the year. What are those changes?
- Auditors were educated at an ISACA event in Florida about the intrinsic security of most modern Type-1 hypervisors. Through out the year we saw auditors educated and becoming more involved in virtualization and cloud security. The advent of CloudAudit and the ISACA and other educational events surrounding virtualization have increased through out the year. Continue reading Virtualization Security: Year in Review
Virtualization Security was one of the BIG Deals at VMworld with several announcements:
- VMware vShield Edge, App, and End Point
- Trend Micro will have the first product making use of vShield End Point
- Cisco Virtual Security Gateway (VSG)
- HyTrust and their growing list of technology partners
But the biggest news is that Virtualization Security is finally on the radar of most if not all C-level as it is now seen as the gate to entering the cloud. But before we can solve the cloud security issue we have to solve the virtualization security issues. VMware’s announcement has the most impact on the virtualization security ecosystem. At once they are competing head-to-head with some vendors while providing a platform to use for other vendors.
I keep asking myself, can any of the current batch of virtualization security products replace my existing virtual firewall setup, I keep on coming back to my modest requirements:
- Network Address Translation
- Port Redirection
- Logging of bad traffic (and filtering)
- Web Proxy
These Edge Firewall requirements push many of the security tools away from me, but then I started thinking what happens to the products if I did not use their firewall technology, what are the benefits and could this actually be done?
So let’s look at each of the virtualization security products and ignore the firewall and networking access control components which are part of their firewall products.What I realized was that the firewall is intrinsic and a major component of each of these tools and while you can disable policy settings, most of the unique functionality of each tool does not work with out it. Even so, what does each give me as a useful tool without the firewall in use? To me this implies that any VMsafe network introspection is not in use.
Virtualization Security vendors are starting to seriously investigate the possibilities of the various introspection APIs available to the hypervisors. Introspection APIs allow security groups to now investigate the security of a virtual network, virtual machine, and other components from without. In other words, why rely on an agent within the VM to protect your network, virtual machine, or components. Instead, we can use these APIs to peer into these components from without the system to be tested.
Why is this important?
Introspection is important due to the fact that one the first things attackers do is disable, bypass, or otherwise render harmless any security agents that live within the virtual machine under attack. Thereby making it difficult to track. You would think, the management tools for these agents can see that the agent may not be running, but intelligent attackers will keep the agent running, but they will be below its radar. The agent is rendered harmless to the attacker. Continue reading Anti-This, Anti-That, getting into the Virtualization Security Game with Introspection
While at RSA Conference I visited the RSA Innovation Sandbox and noticed that three out of ten finalists were virtualization security vendors:
- Altor Networks
- Catbird Security
Altor Networks won the Innovation Sandbox contest and all that goes with it. Congratulations to them, but Altor’s win is actually a win for all virtualization security players. It shows that virtualization security is extremely important to the data center as well as moving forward to the cloud. Continue reading Altor Networks wins RSA Innovation Sandbox