Wednesday, October 3, 2007

EMC should buy Check Point - How to Secure Virtual Machines ?

Virtualization security is an interesting topic. For years many security vendors tried to focus on hardware security, assuming that all network world will be appliance only soon (It is a small Cisco world after all) Now the times are changing, there is a new phenomenon on the market which pushes all software platforms into a single virtual platform...

In the old world of 1 server per blade designs, many enterprise shops have done the right segmentation, by building multiple server farms segregated by beefy firewalls. Server to server communication control was always a challenge. Only a few enterprise shops were lucky enough to deploy firewall appliances and blades between servers. And even less could find out a way to deploy a multi gigabit IPS. Playing with switch ACLs, VLANs inline firewalls were the instant remedies, that didn't really answer the real security question.

Nowadays, 1 server per blade racks are out. It is a green world (and a datacenter) where we have multiple virtual systems (VMs) on 1 box. Segmenting these servers, checking the traffic flow and detecting/blocking malicious activity in between VMs is close to impossible. The nice chic ASIC appliances do not fit there. There are solutions like Bluelane, but there are problems...
- The security solution should be on the vmkernel…
- The security solution must cover CPU virtualization, and memory virtualization issues.
- The security solution should not be another VM (that acts like a virtual switch/router) where the server-to-server communication is filtered. Too much overhead, too many VMs
- Security solution must be trusted, tested approved, and must have certifications from 3rd parties.
- Existing legacy security licenses should be portable (firewall to virtual firewall, ips to vips.
- Security solution should cover virtualized crypto devices (hardware accelerators, host security modules)
- Security solution should be managed by a different console and access right system, probably a different company for risk management and segregation of duties purposes etc... Basically VMware is not the right solution developer (integrating Determina VIPS was a good idea though)
- …..and the list goes on.

EMC may certainly develop a new security solution for the VMware spin-off using parent company links, or acquire another security company after RSA and Network Intelligence.

But there is one another company who sticks to software only security with a full portfolio of security products... I think it is a good match. Being an IT Security Professional (my main expertise is not the M&A area) and knowing Gil Shwed’s expansion plans, (I do not own any stocks) the "EMC should buy Check Point" idea may not fly. But Check Point would a good and quick response to address VMware security concerns with lots of new expansion possibilities for both operations

Disclaimer: Blog posting on this site are my own and don't necessarily represent my employers' positions, strategies, or opinions

No comments: