Gentlemen, you can’t fight in here! This is the War Room!

I think one of the most daunting discussions to have about cloud security is that there is a perception that security folks need to rip everything out and buy all new technologies to secure their virtual environments. The problem with this logic is that there is still a fundamental backbone of traditional security that needs to be in place, cloud security is really a way to augment and extend these capabilities. The easiest way to start the transition is by leveraging hybrid solutions that protect both physical and virtual environments such as next-generation firewalls and IPS. One of the leading next-generation technology vendors leading the charge in this transition is Sourcefire, most well known as the developers of Snort, an open-source intrusion detection engine.

Sourcefire has always been ahead of the curve with their next generation firewall and IPS technologies, so the movement towards applying them to virtual environments comes as no surprise. Back in 2009, Sourcefire released their first major security solution for virtual environments in the form of their Virtual 3D Sensor which allowed the inspection of inter-VM traffic. This was a critical first step in providing monitoring and aggregation of security information for virtual environments, providing key visibility through reporting and dashboards and finally centralized policy management.

What I have always appreciated about solutions like those from Sourcefire is that regardless if you want to use a physical solution or a virtual solution, the functionality stays the same. While many organizations still have a tendency to favor physical devices, there is merit in transitioning to virtual appliances (particularly if they leverage paravirtualization) as they have a unique side effect of being not just cost-effective, but also energy efficient. But more importantly, virtual appliances are in some cases more flexible in deployment because they can be implemented on remote sites and managed through a centralized VM management console. It can also be used to support multi-tenancy for service providers as an extra layer of security.

More recently, Sourcefire opened up their virtualization security to support Red Hat which leverages an open source virtual machine which is the backbone of the Open Virtual Alliance. This alliance was founded by Red Hat with HP and Intel to drive the adoption of the Kernel-based hypervisor. The goal was that it would offer stronger security and integration for organizations and the ability to virtualize infrastructure segments without adding additional hardware. This extension to Red Hat means that Sourcefire now supports Vmware, Red Hat and Xen with the same appliance, a great solution for mixed environments and for organizations who haven’t decided on a single platform on which to standardize.

Virtual IPS is a huge growth industry, and there are very few technologies that can deliver on the requirements that compliance is demanding for virtual and cloud environments. The problem is that these environments are usually mixed, not 100% virtualized, but not 100% physical either. Expecting to invest in a whole new set of technologies for virtualization or cloud is simply not feasible, especially when organizations are still sore from all the money invested in traditional security solutions. But these hybrid solutions, those that use a common interface and protect both physical and virtual environments are where organizations should start investing. It is much easier to start the transition to virtualized security if you work with vendors who have proven solutions that support the entire environment. These technologies then become a matter of transitioning from outdated solutions to next generation solutions such as next-gen IPS that support future movements to cloud and virtualization adoption which conveniently is on the roadmaps of just about every large organization.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s