Virtualization.com

News and insights from the vibrant world of virtualization and cloud computing

Search Results for: virtualization security

Trustware Introduces BufferZone Pro 3.0

by Leave a Comment

Trustware, provider of application virtualization security technologies, recently unveiled a new version of its security software application, BufferZone Pro 3.0.

Trustware

While BufferZone Pro is mostly known for creating a virtual “buffer zone” around Internet facing applications, BufferZone Pro 3.0 adds a new feature called “privacy zone”. Beginning with Version 3.0, users are now able to both encapsulate their browser session and create a list of trusted Web sites used for confidential transactions such as banking, online trading or Intranet sites. Once defined, these trusted sites will always open within the “privacy zone,” thereby preventing identity thieves from stealing or gaining access to sensitive information such as social security numbers, banking information, or passwords. With BufferZone Pro 3.0, consumers can safely browse their favorite Web sites, as well as shop and bank online, without being afraid.

Based on virtualization technology, BufferZone Pro claims it creaties an impenetrable barrier that isolates Internet activity like Web browsing, instant messaging and peer-to-peer downloads, from the actual underlying PC’s operating system. This approach eliminates the need for file and traffic scanning as well as analysis of malicious code. Similarly, BufferZone Pro requires no signatures or security updates to perform its work. Its “set and forget” approach not only provides constant, always on protection, but also acts as an ideal partner for desktop firewalls and existing anti-virus solutions.

BufferZone Pro 3.0 for Windows XP is available immediately. Its suggested retail price of $39.95 includes one year of service and maintenance. BufferZone 3.0 for Windows Vista is available as a free beta version.

Blue Lane Releases VirtualShield 4.2

by 1 Comment

Blue Lane Technologies today announced the general availability of VirtualShield 4.2, which it claims to be the first virtualization security solution to include inter-VM flow analytics and enforcement, application-aware partitioning (VMwall), and a robust set of application, protocol and vulnerability security policy controls.

VirtualShield

These capabilities in the latest release of VirtualShield, enhanced by VMware VirtualCenter integration, allow Blue Lane’s layer 7 architecture to apply granular application/protocol/port-based policy enforcement on the flows between VMs. According to the press release, VirtualShield’s accuracy, comprehensive protection and minimal processing requirements make it the first IPS capable of protecting virtualized production data centers from network-based attacks.

VirtualShield 4.2 includes:

  • Advanced flow analytics and policy enforcement by cluster, host, VM, data center, OS, application or protocol;
  • VMwall – Blue Lane’s Integrated application-aware firewall enforcement by cluster, host, VM, data center, OS, application or protocol;
  • A rich array of inbound/outbound application policy controls for intra-flow policy;
  • Protocol integrity check for aligning ports with appropriate protocols and services; and
  • A vulnerability policy framework to proactively protect VMs from attacks like SQL injections, cross-site scripting and http smuggling.

Blue Lane VirtualShield 4.2 will be available May 15. Current VirtualShield customers will receive the upgrade as part of their support plan.

Release: Altor VF 3.0 Virtual Firewall

by Leave a Comment

Altor Networks has announced the Altor VF 3.0 virtual firewall with integrated intrusion detection. Developed using VMsafe APIs, the Altor VF offers robust defense-in-depth virtualization security with mission critical reliability and value through breakthrough fast-path performance.

The Altor VF is the first product to be integrated with VMware VMsafe network APIs in fast-path mode, where security inspections are processed in the hypervisor kernel. As a result, customers deploying the Altor VF will benefit from increased performance, achieving approximately ten times greater throughput than virtual firewalls running in a Virtual Machine (i.e., bridge mode), as well as greater security and reduced complexity.

Security policy is applied at an individual-VM level and enforcement of this policy occurs within the Kernel. VMs are protected without requiring security agents on the guest, complicated network reconfigurations, or performance degrading remapping of network flows.

The Altor VF delivers defense-in-depth with virtual-aware intrusion detection for up-to-date protection against emerging threats with a security-signature update service. Purpose-built for the virtual environment, the Altor VF enables secure usage of unique virtualization features, such as vMotion, and provides ease of administration and tight integration with vCenter.

Catbird Debuts VMShield 2.0 With V-Tracker

by Leave a Comment

Catbird today announced the immediate availability of VMShield 2.0 with V-Tracker.

VMShield 2.0 leapfrogs legacy virtual firewall technology to enforce compliance and policy of both network and VM state, regardless of location or movement of VMs. With V-Tracker, VMShield 2.0 combines proven virtual machine tracking capabilities with in-depth monitoring of suspect activity on the network itself; preserves policies across hosts, clusters and vendor platforms; and automatically blocks out-of-policy or compromised VMs from breaching data center security.

VMShield 2.0 with V-Tracker is the latest innovation in Catbird’s comprehensive line of cross-platform, non-invasive security solutions for virtual and physical networks. Catbird’s encyclopedic Virtual Infrastructure Security Engine (VISE) correlates hundreds of machine attributes with access control, network segmentation, vulnerability and IDP security events for both virtual and physical machines, across multiple clusters and data centers, to deliver broad asset awareness and defense-in-depth.

Moreover, VMShield’s internal or external cloud-based platform with stateless monitoring enables unprecedented visibility and control to track virtual machines across clusters and detect and thwart potential security and policy violations before they escalate to a breach.

Catbird V-Tracker uniquely fingerprints each VM it tracks, even through virtual machine mobility. In combination with Catbird’s ground-breaking TrustZones policy enforcer, these machines stay monitored and protected via the Catbird Control Center, validating and enforcing policies for all VMs within a given TrustZone. Catbird’s automated quarantine mechanism instantly shuts down non-compliant virtual machines. The architecture is designed with maximum flexibility and portability to allow for cross-host and cross-platform coverage and ease of use.

VMShield 2.0 delivers a highly-correlated approach to virtualization security, a key capability for TrustZone enforcement and data protection. At its heart is the Catbird VISE, enabling intelligence and protection not possible with simple virtual firewall technology and which goes well beyond simple segmentation and ACLs.

VMShield 2.0 with V-Tracker utilizes hypervisor APIs to be VM aware and is also designed for compatibility with Citrix Xenserver and Microsoft Hyper-V.

Unlike conventional host-based solutions, stateful appliances and proprietary hardware solutions, VMShield 2.0 leverages Catbird’s fully SOA and cloud-based stateless architecture and is 100% plug-and-play, web-enabled, and architected to have minimal impact on the virtual environment itself. VMShield 2.0 is available as part of Catbird’s flagship V-Security 2.0. The company is a VMSafe partner.

Guest Post: VMware’s Biggest Threat Isn’t Microsoft

by 1 Comment

This is a cross-post of a blog article written by Gregory Ness, former VP of Marketing for Blue Lane Technologies who is currently working for InfoBlox.

The tech industry loves great battles between rivals, and it is often tempting to frame challenges within the context of specific competitive battles. Many see the entrance of Microsoft or even Citrix into virtualization as VMware’s biggest threat. I beg to differ.

VMware’s biggest threat is virtualization-lite, or the confinement of the virtualization business case to within hypervisor VLANS. VMware needs to get enterprises to the bigger picture, the full realization of the benefits of virtualization in the data center, including VMotion. If it cannot, then its sheer share of the data center market will be many times smaller than otherwise, with or without Microsoft or Citrix.

Getting beyond virtualization-lite should be VMware’s number one goal. That would involve unprecedented work with related IT eco-system elements. VMsafe was a great step forward, but it didn’t deliver dynamic security solutions capable of protecting moving VMs.

Another area directly impacted and often overlooked is the network itself. That is, can a static network infrastructure manage, protect, maintain and/or deliver dynamic systems and endpoints? If it cannot, then that is a problem for VMware and an opportunity for the network solutions players.

That is why I think the biggest VMware requirement for success is dynamic infrastructure, or Infrastructure 2.0.

There are substantial virtualization and cloud computing initiatives that will also depend upon dynamic infrastructure. We’ve talked about this issue at Archimedius from both the standpoint of virtualization security and cloud computing. Yet I’m discovering that the issue is much bigger than that. Some enterprises get this and are moving to more dynamic infrastructure; yet others are trying to figure it out.

I think this issue is bigger for IT and networking than a weak global economy. It promises to produce an explosion of breakthroughs in network, endpoint and application intelligence.

Guest Post: Clouds, Networks and Recessions

by Leave a Comment

This is a cross-post of a blog article written by Gregory Ness, former VP of Marketing for Blue Lane Technologies who is currently working for InfoBlox.

Over the last three decades we’ve watched a meteoric rise in processing power and intelligence in network endpoints and systems drive an incredible series of network innovations; and those innovations have led to the creation of multi-billion dollar network hardware markets.  As we watch the global economy shiver and shake we now see signs of the next technology boom: Infrastructure2.0.

Infrastructure1.0- The Multi-billion Dollar Static Network

From the expansion of TCP/IP in the 80s/90s, the emergence of network security in the mid/late 90s to the evolution of performance and traffic optimization in the late 90s/early 00s we’ve watched the net effects of ever-changing software and system demands colliding with static infrastructure.  The result has been a renaissance of sorts in the network hardware industry, as enterprises installed successive foundations of specialized gear dedicated to the secure and efficient transport of an ever increasing population of packets, protocols and services.  That was and is Infrastructure1.0.

Infrastructure1.0 made companies like Cisco, Juniper/NetScreen, F5 Networks and more recently Riverbed very successful.  It established and maintained the connectivity between ever increasing global populations of increasingly powerful network-attached devices.  Its impact on productivity and commerce are proportionate to the advent of oceanic shipping, paved roads and railroads, electricity and air travel.  It has shifted wealth and accelerated activities on a level that perhaps has no historical precedent.

I talked about the similar potential economic impacts of cloud computing in June, comparing its future role to the shipment of spices across Asia and the Middle East before the rise of oceanic shipping.  One of the key enables of cloud computing is virtualization.  And our early experiences with data center virtualization have taught us plenty about the potential impact of clouds on static infrastructure.  Some of these impacts will be felt on the network and others within the cloudplexes.

The market caps of Cisco, Juniper, F5, Riverbed and others will be impacted by how well they can adapt to the new dynamic demands challenging the static network.

Virtualization: The Beginning of the End of Static Infrastructure

The biggest threat to the world of multi-billion dollar Infrasructure1.0 players is neither the threat of a protracted global recession nor the emergence of a robust population of hackers threatening increasingly lucrative endpoints.  The biggest threat to the static world of Infrastructure1.0 is the promise of even higher factors of change and complexity on the way as systems and endpoints continue to evolve.

More fluid and powerful systems and endpoints will require either more network intelligence or even higher enterprise spending on network management.

This became especially apparent when VMware, Microsoft, Citrix and others in virtualization announced their plans to move their offerings into production data centers and endpoints.  At that point the static infrastructure world was put on notice that their habitat of static endpoints was on its way into the history books.  I blogged about this, (sort of ) at Always On in February 2007 when making a point about the difficulties inherent with static network security keeping up with mobile VMs.

The sudden emergence of virtualization security marked the beginning of an even greater realization that the static infrastructure built over three decades was unprepared for supporting dynamic systems.  The worlds of systems and networks were colliding again and driving new demands that would enable new solution categories.

The new chasm between static infrastructure and software now disconnected from hardware, is much broader than virtsec, and will ultimately drive the emergence of a more dynamic and resilient network, empowered by continued application layer innovations and the integration of static infrastructure with enhanced management and connectivity intelligence.

As Google, Microsoft, Amazon and others push the envelope with massive virtualization-enabled cloudplexes revitalizing small town economies -and whomever else rides the clouds– they will continue to pressure the world of Infrastructure1.0.  More sophisticated systems will require more intelligent networks.  That simple premise is the biggest threat today to network infrastructure players.

The market capitalizations of Cisco, Juniper, F5 and Riverbed will ultimately be tied to their ability to service more dynamic endpoints, from mobile PCs to virtualized data centers and cloudplexes.  Thus far, the jury is still out about the nature and implications of various partnership announcements between 1.0 players and virtualization players.

As enterprises scale their networks to new heights they are already seeing the evidence of the stresses and strains between static infrastructure and more dynamic endpoint requirements.  A recent Computerworld Research Report on core network services already shows larger networks paying a higher price (per IP address) for management.  Back in grad school we called that a diseconomy of scale; today in the networked world I think it would be one of the four horsemen of infrastructure1.0 obsolescence.  Those who cannot adapt will lose.

Virtsec as Metaphor for the New Age

Earlier this year VMware announced VMsafe at VMworld in Cannes.  Yet at the recent VMworld conference mere months later the virtsec buzz was noticeably absent.  The inability of the VMsafe partners to deliver on the promise of virtualization security was a major buzz killer and I think it may be yet another harbinger of things to come for all network infrastructure players.  This issue is infinitely larger than virtsec.

I suspect that the VMsafe gap between expectations and reality drove production virtualization into small hypervisor VLAN pockets, limiting the payoff of production virtualization and I think impacting VMware’s data center growth expectations.  That gap was based on the technical limitations of Infrastructure1.0, more than any other factor.  It also didn’t help the 1.0 players grow their markets by addressing these new demands.  The result was as slowdown in production virtualization, a huge potential catalyst for IT, with new economies of scale and potential.

The appliances that have been deployed across the last thirty years simply were not architected to look inside servers (for other servers) or dynamically keep up with fluid meshes of hypervisors powering servers on and off on demand and moving them around with mouse clicks.

Enterprises already incurring diseconomies of scale today will face sheer terror when trying to manage and secure the dynamic environments of tomorrow.  Rising management costs will further compromise the economics of static network infrastructure.

The virtsec dilemma was clearly a case of static netsec meeting dynamic software capable of moving across security zones or changing states.  There are more dilemmas on the way.  Take the following chart and simply add cloud and virtualization in the upper right and kink the demands line up even higher:

If you take a step back and look at the last thirty years you’ll see a series of big bang effects from TCP/IP and application demand collisions.  As we look forward five years into a haze of economic uncertainty, maybe it’s a proper time to take heed that the new demands of movement and change posed by virtualization and cloud computing need to be addressed sooner rather than later.

If these demands are not addressed, more enterprise networks will face diseconomies of scale as TCP/IP proliferates.  They’ll experience additional availability and security challenges and will emerge when the haze clears at a competitive disadvantage after years of overpaying for fundamental things like IP address management (or IPAM).  Most enterprises today are still managing IP addresses with manual updates and spreadsheets and paying the price, according to Computerworld research.  How will that support increasing rates of change?

The Emergence of Connectivity Intelligence

As I mentioned one of the biggest challenges of virtsec was the inability of network appliances to see VMs and keep track of them as they move around inside a virtualized blade server environment (racks and stacks of powerful commodity servers deployed in a fluid pool that can add or remove servers/VMs on short notice and therefore operate with less power than the conventional data center with each server running a unique application or OS and therefore having to be powered 24/7).

The static infrastructure was not architected to keep up with these new levels of change and complexity without a new layer of connectivity intelligence, delivering dynamic information between endpoint instances and everything from Ethernet switches and firewalls to application front ends.  Empowered with dynamic feedback, the existing deployed infrastructure can evolve into an even more responsive, resilient and flexible network and deliver new economies of scale.

A dynamic infrastructure would empower a new level of synergy between new endpoint and system initiatives (consolidation, compliance, mobility, virtualization, cloud) and open new markets for existing and emerging infrastructure players.  Cisco, Juniper, F5 Networks, Riverbed and others who benefited from the evolving collisions between TCP/IP and applications could then benefit from the rise of virtualization and enterprise and service provider versions of cloud, versus watching it from the sidelines.

The Rise of Core Net Service Automation

That connectivity intelligence requirement will make core network service automation (DNS, DHCP, and IPAM, for example) strategic to infrastructure2.0.  Most of these services are today manually managed.  That means that network and system are connected and adjusted manually.  More changes will mean more costs and more downtime and less budget for static infrastructure.

These networks need dynamic reachability (addressing and naming) and visibility (status and location) capabilities.  In essence, I’m advocating the evolution of a central nervous system for the network capable of delivering commands and feedback between endpoints, systems and infrastructure; at the core it would be a kind of digital positioning system (DPS) that would enable access, policy, enforcement and flexibility without the need for ongoing and tedious manual intervention.

In between recent emails with Rick Kagan and Stuart Bailey (both also at Infoblox) Stuart recommended Morville’s “Ambient Findability”.  I soon found out why.  The following is from the online Amazon review:

“The book’s central thesis is that information literacy, information architecture, and usability are all critical components of this new world order. Hand in hand with that is the contention that only by planning and designing the best possible software, devices, and Internet, will we be able to maintain this connectivity in the future.”

In a recessionary scenario these labor-intensive strains will get worse as budgets and resources are trimmed.  Rising TCO for infrastructure will impact the success of the infrastructure players as well as VMware, Microsoft and others, as virtsec friction has already impacted VMware.  The virtualization players will be forced to build or acquire application layer and connectivity intelligence as a means of survival.  They may not wait for the static team to convert to a more fluid vision.

That is why the fates of the static infrastructure players (and IT) will be increasingly tied to their ability to make their solutions more intelligent, dynamic and resilient.  Without added intelligence today’s network players will benefit less and less from ongoing innovations that show no sign of slowing; the impacts of a recession would be made even more severe.