Blog

VMworld 2010: We’re Virtually There!

08/26/2010

The date for VMworld 2010, San Francisco, Monday August 30th, is fast approaching, and we at Altor are all abuzz with preparations.

More than 10,000 attendees are expected in San Francisco and 19,000 worldwide, when including the Copenhagen show. This year’s show is themed “Virtual Roads, Actual Clouds,” highlighting virtualization’s significant role in enabling cloud-computing environments.

To support this year’s theme, VMware devoted over 75,000 hours to the preparation of 30 labs that provide hands-on exposure to the technologies and tools that make clouds run.  And as a pioneer of virtual firewalls and leading provider of cloud security, Altor will support and extend this theme at our booth, #1437, with live demos and staff on hand to help provide you with all of the information necessary to evaluate and implement comprehensive virtualization and cloud security.

Below is a quick reference guide to all things Altor at VMworld 2010, San Francisco:

-Visit us at booth #1437

-Live demonstration of Altor 4.0 featuring security automation – during expo hours Monday through Thursday

-A Special guest will be on hand to give a sneak peak of upcoming Altor offerings – during expo hours Monday through Thursday

-iPad giveaway raffle – to enter, come by the booth and ask us “about unified physical and virtual security”

-Password-protected invitation-only pre-show party at a fabulous undisclosed locale in San Francisco – email us at marketing@altornetworks.com to get the secret word that gets you in! Hint: prohibition!  :-)

-Show floor survey – our product team wants to talk about your virtualization and cloud security priorities, so if you’re approached by friendly gals, please take a minute to give us your thoughts

-Real-time updates – follow VMworld on Twitter or follow us.  We’ll be tweeting from the show floor!

Have questions? Want to know more about our special guest or private party?
Just email us:  marketing@altornetworks.com

Read Full Story >

No Comments »

Burton Group’s Catalyst Conference Proves Aptly Named

08/18/2010

The Burton Group’s annual conference has long been a vastly respected event for its ability to draw top industry minds true to its namesake and catalyze meaningful discussion on emerging technologies and trends. This year’s gathering in San Diego was no different, and while topics ranged from SOA to security, cloud computing and virtualization commandeered much attention in the packed four-day agenda.

These days when cloud security is mentioned, most of us now have come to expect that the topic of data center virtualization, one near and dear to Altor’s heart, is not far behind.  Especially since it is – after all near de-facto architecture – for most private clouds and some public ones too.

So naturally our eyes were closely trained on Thursday’s 4:45pm session that promised a “debate” on hypervisor security with the goliaths of security and virtualization weighing in.



Well, maybe they weren’t wielding swords, but for 70 minutes Altor’s CEO joined CTOs and senior executives from RSA, NetApp, Citrix, VMware and Microsoft in a lively discussion.  The dialogue focused on whether architectures such as VMware’s VMsafe API program (which solutions like Altor’s can leverage to embed within the hypervisor) constitute security risk or provide greater protection for virtualized environments.

Anytime competitors are pitted against each other on stage, brisk disagreement is sure to ensue, but with technical heavies of this caliber it is a logic-based argument and technical expertise that pervades the discussion.

Underlying the premise of the staged debate was the following (gleaned from the Burton Group conference’s agenda):

“Significant differences of opinion exist in how security policy should be enforced within virtual infrastructure. Are traditional host- and network-based practices enough, when shifted to virtual appliances within the virtual infrastructure? Or are new introspection architectures such as VMware’s VMsafe the future?”

Altor was honored to join this group of industry luminaries and to add our experiences in leveraging the VMware VMsafe API program to deliver an innovative virtual firewall and virtual security suite.

I’ll cut to the chase, there is much more agreement then there is disagreement about the merits of hypervisor-based security. All present agreed that virtualization and cloud computing are changing the very fabric of data center designs and architectures. Naturally, new ways of securing virtualized resources are being brought forward because legacy approaches impede the virtual environment’s capacity for self-service and resource scaling. In other words if you’re going to virtualize your data center you would do well to virtualize your security as well.

While some skepticism about kernel-based software exists, the fact is that the APIs are only available to established security solution providers, products undergo comprehensive certification testing (e.g., “VMsafe Certification” by VMware), and hypervisor plug-in modules must be digitally signed by the hypervisor vendors. In the plus column, the hypervisor based approach gives customers unprecedented visibility and control over their VMs with virtual firewall and compliance mechanisms that are far more granular and automated then what is possible with the non-hypervisor based approach.

Read Full Story >

1 Comment »

Burton’s Catalyst Conference Tees Up Some Sizzle on Cloud Talk

07/27/2010

This week, hundreds of business and technology executives, representing Global 2000 and Fortune 500 companies, will converge in sunny San Diego, CA, for Burton Group’s (recently acquired by Gartner, Inc. ) annual America’s Catalyst Conference, July 26-30.

A quick glimpse at the Burton Group Insight sessions shows that  no hot-topic stone will be left unturned—from e-mail server virtualization to qualitative risk management, Smartphone-device management, and BPM Infrastructure.

To boot, there’s a healthy helping of virtualization and cloud discussion with sessions on cloud infrastructure, cloud databases, SaaS, data clouds, hybrid clouds, federation and clouds, client virtualization, and securing workloads in the cloud. It’s all clouds all the time.

With the CTOs and Chief Scientists of Amazon, Citrix, NetApp, and RSA (to name a few) on hand, attendees are sure to be treated to some of the latest thinking and insights on security.

This is why, with particular pride, we call your attention to the roundtable, “Debating Hypervisor Security,” set  to occur at 4:45 p.m., on Thursday, July 29, the discussion will be moderated by Gartner’s Trent Henry, Principal Analyst and will feature:

  • Bret Hartman, CTO, RSA
  • Simon Crosby, CTO, Data Center & Cloud Division, Citrix Systems, Inc.
  • Dale Wickizer, CTO, U. S. Public Sector, NetApp, Inc.
  • Mike Neil, General Manager, Virtualization Strategy, Windows Server Division Microsoft
  • Allwyn Sequeira, Vice President & CTO, Security, VMware
  • and Altor’s very own CEO,  Amir Ben-Efraim

If you can make it, we look forward to hearing your thoughts on the session. If not, please visit our blog next week for a recap and highlights.

Follow us on Twitter: http://twitter.com/altornetworks

Read Full Story >

No Comments »

CIOs and CISOs: Declare Your Independence from ROI Robbing Security

07/07/2010

If you are using VLANs or your perimeter firewall technology to secure your virtual environment, you are removing a lot of dollar signs from virtualization’s promised savings, and more importantly you aren’t protecting your virtualized workloads as well as you could.

At this point you are thinking, “I bet the author works for a virtual firewall firm.” And you’d be right, but give me 30 more seconds before clicking away.

Do the Math
If you have three departments each with five critical virtual machines (VMs) that need to be isolated from one another, then you are managing 15 VLANs (3×5). For the same deployment with a hypervisor-based firewall, you can have three or zero (you may want to keep your departmental VLANs in place). I will spare you the calculations on the cost and complexity of managing 15 VLANs versus three or zero and simply ask this: What happens when there is a change in the network as new VMs are introduced or someone accidentally assigns a VM to the wrong VLAN? There is no question that VLANs are a part of most networks. The problem appears in using them for granular, per VM, security where the rate of change and the risk of misconfiguration both run high.

Now, what about those perimeter firewalls? You are familiar and comfortable with running those so why not add a couple more to handle your virtualized data center?  Again, let’s do some quick math. Assuming that you have a couple of ESX or VM hosts running at near capacity, you are looking at supporting two fast Ethernet connections worth of traffic or 2 x 10Gbps. Some of the fastest firewall appliances on the market deliver 4.5Gbps and cost upwards of $25K each. So you’d need at least four of these. These are going to be outstanding security devices with all of the bells and whistles you’d expect from enterprise-grade firewalls, but they are not integrated with the virtual environment’s management system or operating layer, so once again as new virtual machines enter the environment (e.g., are cloned, created, live migrated from another data center), your new firewalls aren’t automatically going to know about them, so those VMs will remain unsecure until you update the firewall policy for them.

Suffice it to say that hypervisor-based solutions that are purpose-built for virtualization do not suffer from these shortcomings.

In the final analysis, you’ll need your VLANs and your outstanding perimeter firewall technology. However, just because they serve you well in the physical network doesn’t mean they do so equally well in the virtualized one. In fact, their effect in the virtualized environment is punitive, both in huge costs and, most importantly, in security risk.

Read Full Story >

No Comments »

We’re Giddy About Duvel, That’s Altor v4.0 To You

06/05/2010

By now you’re noticing that there’s something “different” about Altor and no we didn’t get a haircut but we did change our look and feel a bit. Altor’s newest release, codenamed Duvel and now released as v4.0 packs a wallop of new features for security automation and compliance assessment and we felt this was good cause for some serious highlighting – and what better way to do it than the color orange. We hope you enjoy our new site, which is meant to treat you to lots of helpful content including overviews of our newest features and functionality. Not sure where to look first for changes? Here is a list of what’s new to guide your way.

Product – you’ll want to check out the new product modules that deliver VM Introspection and Compliance. These will make quick, not to mention automated, work of keeping your VMs in a good “state”.

Use Cases – you may not know all of the ways in which Altor can help your virtualization and cloud computing implementations so we’ve made it a whole section, including one for how we can save you money.

Blog – we want to hear from you, so our posts now include an area for your comments. Please help keep the author honest and interesting.

Customers – none make us prouder than our customers and we have lots of new case studies to share. If you see an orange “corner” on a logo box there’s a case study ready for download.

Collateral – a new datasheet gives you the highlights of Altor v4.0 and a white paper outlines security concerns and options for multi-tenant environments.

Product walk-through – there’s a lot to say about the ways we can help you audit and protect your virtualized environment but we know your time is precious so a quick 4 minute walkthrough gives you the highlights.

Social media – while we might not be old hat at this you can find us on YouTube, facebook and twitter. In fact, we have some special offers in store later in the year just for our fans so follow us.

If you have some thoughts to share on everything that’s new with us, we’d love to hear from you so send me a note: marketing@altornetworks.com

Read Full Story >

No Comments »

5 Bookmarks We Like For Cloud Security

05/14/2010

A lot of the technology news for the week is coming out of EMCWorld, where chief executive Joe Tucci is heralding that the age of virtualization and cloud adoption is here. Now given that EMC owns VMware, the virtualization platform market leader, the comments may seem expected – but data from analyst firms and demand side surveys all point to the very same conclusion — tens of thousands of private clouds based on virtualization will be deployed imminently. Now in the simplest of terms, a private cloud is a wholly owned network where the organization or corporate metes out its resources in the same way that a service provider manages customers. The fact that the network or data center is controlled by one entity (a business, university, government agency, etc.) makes it “private”. The “cloud” part of private cloud comes in when considering the compute scale, resiliency and platform in use. Virtualization is the likely platform of choice for most enterprises’ cloud deployment. So while there are all types of clouds (public, hybrid, etc.) if you have been considering virtualizing your data center or any portion of it, you are rolling out a private cloud. And you’ll need to consider how to best secure the critical workloads running within. Information on these topics abounds so this post in no-way aims at providing you with an exhaustive list. Rather we wanted to share with you some of the sites we like for their insights, accuracy and utility.

Read Full Story >

No Comments »

April Cloud Deployments Bring May Flowers — 5 Tips To Get Ahead Of Risks

04/16/2010

If you’re reading this it’s likely that my mother sent you the link or you are seriously considering a private cloud deployment. Working off the latter, you are understandably worried because Google Alerts is filling your daily inbox with reasons to delay the implementation but operational efficiency trumps punditry so you are putting hand to throat and moving forward nonetheless. This needn’t be the equivalent of Russian roulette with your job. Although standards and reference architectures for cloud computing and security are still evolving, you have a couple of facts in your favor.

Read Full Story >

No Comments »

Not Securing Your Virtualized Data Center is Madness in March and Any Other Time

03/30/2010

This is the core message of a recent Gartner report which outlines the security risks associated with virtualizing critical workloads and what can be done to mitigate exposure. This research is an update to a report that was first introduced in 2007 and now has expanded to include thousands of client discussions that Gartner has conducted since then. While the full research report may not be available to everyone (Gartner does offer some free research with registration) a summary of the six key security risks can be obtained from a number of sources including this SearchSecurity.com article.

The key findings and recommendations of the report are particularly apt and timely, as virtualization nears as the de facto platform for green data centers and private clouds, and will be implemented at a rapid clip by many enterprises looking to save operating costs and increase data center performance and scale. The report’s key findings and recommendations have been paraphrased below although we encourage you to obtain the full report.

Read Full Story >

No Comments »

RSA Conference 2010: Red Carpet & Backstage Report

03/05/2010

Everything from the wonderfully apt and beautifully rendered Rosetta Stone theme, to the impressive speaker and keynote line up, to the pervasive and continuous multi-media updates – this was for me by far the best RSA yet.

I have to admit, I arrived at the Moscone center braced for yet another RSA conference. The registration regimen reminded me that I’ve been attending since — yikes — ’99! Long enough to remember many of the themes, the salad days of lavish parties and the more austere times of tchotchke-free booths.

Now here is the part where I will tell you how surprised I was. Everything from the wonderfully apt and beautifully rendered Rosetta Stone theme, to the impressive speaker and keynote line up which included the Secretary of the US DHS, to the pervasive and continuous multi-media updates via email and on the show floor — this was for me by far the best RSA yet.

Okay maybe it has a little something to do with Altor’s big win at the Innovation Sandbox but this event too was first rate. A well-apportioned space gave each of us contestants a chance to showcase our latest products. The conference organizers made sure that plenty of registrants knew about the contest and when the doors were opened to the showcase area at 1pm on March 1st, there was a line of folks ready to engage us in interesting and challenging discussions. The contestant presentations took place on a well-lit stage with professional audio/video equipment and personnel on-hand. This well thought out innovation showcase is an absolute bonanza for any start-up looking to get close to customers and industry experts and well worth the rigorous application process.

The energy of the ISB carried over to the show floor where the booths and hallways seemed busier than in years past. The magicians, tossing greens and bouncy balls were back but so too was the excitement over industry turning points that are fueling new technologies and thinking about security. The big winner among these was cloud security with no fewer than five keynotes being devoted to the topic including those of Arthur Coviello, EVP of EMC, Scott Charney CVP of Trusted Computing, Phillippe Courtot CEO of Qualys, Dave Hansen SVP and GM of CA and Phil Dunkelberger CEO of PGP.

There’s already talk about whether “cloud” marketing has gone over the top and admittedly it was the easiest square to fill on Bruce Schneier’s RSA bingo card (BTW this is a guaranteed side splitting laugh for any trade show veteran).

But whether we marketers are doing a job too well, doesn’t change this very real customer need which CISOs say is the inevitable way ahead and which IDC’s Chris Christensen puts at the $1B dollar market mark (mainly for web and email services cloud security).

And as Jon Brodkin of Network World points out, virtualization and cloud security is an area of huge investment by EMC, Intel, Cisco, VMware and Juniper Networks.

I for one couldn’t be prouder to be a part of Altor and accountable in a market that feels a bit like being in the midst of a revolution. It’s nice to be excited about security after all these years and I’m looking forward to RSA 2011.

Read Full Story >

No Comments »

Love Is In the Air For Virtualization Security

02/18/2010

Some of the industry’s biggest names have come together to propose an architecture for the safe deployment of virtualized applications

Maybe it’s the time of year or maybe it’s simply that the time is right in the virtualization adoption curve (see CDW Study: Market is Virtualization Friendly, Yet Concerns Remain) but virtualization security concerns are spurring partnership among some of the industry’s biggest names. Cisco, NetApp, and VMware have recently come together to propose an architecture for the safe deployment of virtualized applications and cloud computing environments. The collaboration has resulted in an 80 page document which outlines how to secure compute, network and storage resources. It puts forward, Four Security Pillars: Availability, Secure Separation, Service Assurance and Management. At the center of the Cisco, NetApp, VMware proposed-architecture is a virtual-firewall — the primary security layer for securing the virtual machines themselves.

The purpose of the paper is to help guide customers in the use of technologies for securing their virtualized workloads, especially in those environments where critical and compliance intense information must have all possible means of protection in effect.

Pages 3-4 succinctly summarize the customer use cases:

  • Large enterprises need to isolate HR records, finance, customer credit card details, etc.
  • Resources externally exposed for out-sourced projects require separation from internal corporate environments.
  • Health care organizations must ensure patient record confidentiality.
  • Universities need to partition student user services from business operations, student administrative systems, and commercial or sensitive research projects.
  • Telcos and service providers must separate billing, CRM, payment systems, reseller portals, and hosted environments.
  • Financial organizations need to securely isolate client records and investment, wholesale, and retail banking services.
  • Government agencies must partition revenue records, judicial data, social services, operational systems, etc.

The pages that follow do a very thorough job of nearly creating a specification for the ideal virtual firewall. Customers are well advised to read the document in its entirety but we’ve consolidated the salient points (yes it helps us too) and reference pages for you here:

  • Allows role-based duty separation for network, security, and vSphere administrator duties (page 7)
  • Delivers secure separation between VMs – (page 25)
  • Facilitates ease of management, configuration, and auditing of access policies (page 29)
  • Allows one to set sophisticated security policy rules within tenants to protect tenant virtual machines from malicious traffic from the outside (page 30)
  • Enforces security policies between VLANs (page 31)
  • Provides traffic monitoring, and allows for the forensic analysis of VM traffic flows (page 32)
  • Create security zones on top of VLANs, and ensure no cross-talk between zones (page 32)
  • Creates a positive security model where only needed applications and services are allowed to be accessed from the virtual network (page 32)
  • Protects inter-tenant resources (page 34)
  • Implements sub-tenant security rules: Web, App, DB (page 34)
  • Offers VM level access control and separation (page 39)
  • Reports on network activity for discovery, historical analysis, forensics and troubleshooting (page 69)

Needless to say we think these specifications and Altor are a match made in heaven but to make sure you’re getting the whole picture, we’d like you to consider adding these must have requirements to the solution you evaluate and test.

  • Performance – near 10GBps or near zero reduction in host VM capacity
  • Fine grained security – between and within zones so that each VM is uniquely protected
  • Zero-day Protection – integrated intrusion detection so that allowed traffic also gets the benefit of security and risk mitigation
  • Hypervisor-agnostic architecture so that VMware, Citrix and Microsoft virtualized environments can have security parity
  • Integration with existing data-center infrastructure like virtual switches, 3rd party security products, diagnostic tools etc.

Read Full Story >

No Comments »

« Older Entries