mardi 2 juin 2020    || Inscription
Event summary

- Swedish network security specialist Clavister has adapted the CorePlus OS, used within its physical appliances, to run inside a virtual machine (VM). It says the move addresses fundamental security issues within hosted virtualization services.

- CorePlus effectively places a dedicated security gateway in front of a VM subnet, and as it runs within a VM itself it can follow the VMs it is protecting as they are moved around the datacenter. VMware is supported initially.

- Clavister will charge clients a revenue-sharing fee rather than a traditional licensing fee, lowering the barrier to entry. Individual network services can be separated out and sold individually to end users. Terremark is an early customer.

The 451 take

Security has been something of a blind spot for virtualization vendors, and although there haven´t yet been any high-profile security breaches involving VMs, it´s probably only a matter of time before there will be. More important, some new hosting companies, including Joyent, Rackspace, Savvis, Terremark and Xcalibre Communications, are in the process of trying to convince their corporate customers that it´s safe for them to share infrastructure with other customers. They still have a lot of persuading to do, but integrating security into the virtual infrastructure is one way to expedite the process. And by operating within the VM itself, Clavister can maintain security settings even when VMs are being moved around the datacenter.


Clavister´s network security OS, CorePlus 9.10, can now be run as a virtual appliance inside a VM. Virtual security gateways for ESXi (and soon for Xen and other hypervisors) will be offered not only as an alternative to physical appliances, but also as a more effective way to protect dynamic virtual infrastructures where multiple applications or even multiple customers share the same physical resources. CorePlus monitors and shapes network traffic for content filtering, offers intrusion and virus protection and guards against denial-of-service attacks. ISPs, managed service providers and telcos are the company´s primary targets. Terremark in Europe is one of the first customers to sign up for CorePlus 9.10 and is integrating the virtual appliance into its Infinistructure platform. Hosters can sell security services to customers as a premium option. Carriers and cable operators offering virtualized services can deploy specific security gateways for individual customers.

Clavister claims an advantage over many of its direct physical appliance competitors because its OS was built to be portable, although it is targeted primarily at x86 chips and network processors. ASICs can´t be virtualized, and more bulky network security operating systems, many of them based on Linux, would require too much RAM and storage to operate effectively within a virtual appliance.

Competitive landscape

VMware began to take hypervisor security more seriously in August 2007 with its acquisition of security startup Determina for $15m. It followed that up last March by introducing VMsafe, a set of APIs that security vendors can use to hook in their products to the VMware infrastructure. Partners such as Check Point, EMC, IBM, McAfee and Symantec have signed up to use them to build out a virtualization-aware ecosystem. The Xen community has similar plans for its XenAccess program. More recently, VMware made another security-related acquisition, of Blue Lane Technologies, for a reported $15m. Blue Lane has been a partner of VMware for more than a year, with Blue Lane´s VirtualShield integrated into VMware´s VirtualCenter.

We also have seen activity pick up in the guest-to-guest layer with the emergence of firewall, intrusion-detection systems and intrusion-protection system tools designed to run inside and harden the virtual LAN. Aside from Blue Lane, companies in this space include Altor Networks, Catbird Networks and Reflex Security. Four others, Embotics, Fortisphere, ManageIQ and Tripwire, are working on the problem from a configuration and policy-enforcement point of view. Vendors who use ASICs in their physical security appliances such as Check Point, Fortinet and SonicWall may find it less straightforward to port over their wares to a virtual appliance.

Noter cet article (de 1 = Nul à 5 = Excellent) Valider



Événements SSI