GNESS

The Dangers of Cloud Computing: VirtSec on Steroids

I think the rate of new release adoption would depend on existing customers, contracts and service guarantees, etc.

VMware and Deep Packet Apocalypse

Nick: great question. We've charted a single mutation against MS 06-040 since MSFTs announcement almost two years ago and we showed dozens of mutating bot attacks (zero day exploits) and of course corresponding signatures from the deep packet pattern match vendors. I think speed is a must but at the end of the day countering mutations with growing pattern histories is still a reactive posture that accepts a level of vulnerability and requires "fire hose" enforcement (compute-intensive) versus layer 7 complete app/protocol decode and exception processing.

Then there are the other issues that are problemmatic from the standpoint of pattern match defense: SQL injection; cross-site scripting;and layer 2 evasions (like IP fragmentation).

The data center that has both servers and VMs in a mesh will require more flow visibility, more vulnerability intelligence and more app knowledge than the traditional systems are capable of delivering. I think these devices will stay at the perimeter (because they're exploit-focused) while a new data center (or server/VM) IPS category will take shape as meshes replace pipes.

Thanks for your comment./
Greg

Network/Virtualization Security: Weird Scenes Inside the Gold Mine

Timmy: I have a 5 year old so let me give it a shot. With virtualization applications and operating systems are no longer coupled with hardware... they can move around from server to server, etc With mere mouse clicks). That enables a tremendous amount of flexibility, which enables substantial cost savings... because enterprises won't have to purchase more hardware (and space, electricity) than they need and they can make changes more easily.

As enterprises move to these virtual data centers, their network hardware will have to adapt to this new, fluid world of change. Many of these network security solutions require custom hardware, so it may be difficult with them to keep up or be positioned in the right place to deliver equivalent protection.

Securing a "fabric" of servers that can all communicate with each other (where the biggest savings of virtualization will be) is very different from inspecting traffic running between a dedicated pool of servers and the network or another pool.

Netsec hardware vendors will not only have to tackle the problem of larger traffic spikes across a wider and more fluid environment, but will also have to keep up with heightened change. Those that require manual tuning/management will keep security pros even busier merely managing change.

Then there is the question of where these devices will be inserted in the data center in order to be effective. Can VMs communicate with each other (be compromised) without a security appliance even knowing? Could copies of compromised servers then be made and moved for malicious purposes, behind or around security measures?

VMW has introduced some dramatic new capabilities for managing data centers. If the security solutions can adapt and the security pros understand the security differences between the physical data center world and virtual, data center security will be improved by virtualization. Network security pros will enjoy many of the same benefits as the server ops teams (enhanced flexibility and performance). This depends on security solutions ability to be re-architected for these new demands and the success of some hot private companies in the virtsec space.

I think I exceeded the vocab and comprehension of a typical 4 year old... but then I sensed that you were actually much older. SO I hope this explanation helps. You can get more info at archimedius.net.

Thanks,
Greg