When firewalls were first designed, their role was to control traffic between network segments and physical hardware.  As we move into greater adoption of cloud and virtualized infrastructure, the physical design of the network becomes less dominant, largely due to the collapsing of physical servers into fewer virtualized servers.  This means the main source of security control needs to also be adapted as the threats start to move to the individual VMs residing in servers, especially when multi-tenancy is utilized.  This means that the logical barriers segregating virtual machines become the concern for firewalls, not just the network around the physical server.  So how do you protect the inter-VM traffic when a traditional firewall cannot see traffic beyond the physical NIC card of the server?

Continue reading →