Virtualization Security Hole Plugged by Altor’s New Tool

There’s no shortage of startup companies hawking virtualization management and security tools, but a new entrant, Altor Networks, has an interesting angle for IT leaders worried about virtualization security. Its debut product, being announced today, the Virtual Network Security Analyzer, gives visibility into the data traffic between virtual machines— which has until now been a security blindspot for people managing virtualized servers.

MORE ON VIRTUALIZATION

How to Find and Fix 10 Real Threats on Virtual Servers

10 Virtualization Vendors to Watch

Virtualization giant VMware and a slew of startup companies have addressed myriad management and security features, but none have been able to offer visibility into or analysis of the traffic running between multiple VMs. This means, for instance, that IT managers have been able to get a good look inside individual VMs, but have been blind to what one VM on one physical machine is trying to say to a VM on another physical machine. This presents real malware and compliance risks, as security experts noted in CIO’s earlier article “How to Find and Fix 10 Real Threats on Your Virtual Servers.”

Altor has a unique offering, says Mike Montecillo, a security and risk management analyst with Enterprise Management Associates.

“Gaining the visibility into virtual networks has been difficult due to the fact that in most cases organizations are deploying physical appliances to monitor network traffic,” Montecillo says. Those physical security appliances, designed to watch for risks on a physical network such as intrusions, unauthorized internet connections and suspicious traffic on ports, today do not work with VMs, Montecillio notes. Nor can today’s firewall products see into traffic between virtual machines.

Altor’s Virtual Network Security Analyzer will be sold as software inside a virtual appliance, says Amir Ben-Efraim, founder and CEO of Altor Networks. “Our goal is to make the virtual network more secure than the physical,” he says.

Today the product works with VMWare ESX Server, but Altor Networks plans to later support other major players including Citrix/Xen and Microsoft, says Ben-Efraim.

The software will centrally collect data on all packets traveling between VMs and uncover potential risks such as port scans and unusual protocols, Ben-Efraim says. The tool also will create what he calls a “baseline on your data center behavior,” then analyze traffic going forward, looking for unusual patterns, Ben-Efraim says.

This summer, Altor Networks plans to release a second product, a virtual network firewall. This firewall, which will support VMware’s recently announced VMsafe security standards and products, will allow IT departments to write security policies for individual VMs, Ben-Efraim says.

Will this firewall software be able to communicate with existing firewall products for the physical world? At the outset, no, says Ben-Efraim, but that capability is planned. “We believe you need two levels of granularity,” he says. “With time, we will be able to leverage APIs from major security vendors.”