Feeds

Cloudy admin? Here's how to ward off Call of Duty-playing teens

Cheeky little rascals

Choosing a cloud hosting partner with confidence

Palo Alto Network has gone virtual with the latest version of its next-generation firewall, the VM-Series. The tech, launched last week, is designed to protect virtual and cloud environments and comes as part of a wider industry push to market virtual security appliances.

Analysts Infonetics Research says the booming market for virtual security appliances is being driven by the adoption of cloud infrastructure buildouts and server virtualisation, among other factors. It adds that the virtual appliance vendor landscape is a crowded with a mix of established security players, virtualisation platform vendors and specialist vendors - all competing for market share.

"Many of the traditional vendors in the firewall space, including many of Palo Alto's competitors, have virtual appliance solutions already, including Cisco, Check Point, Juniper, and many others," Jeff Wilson, principal analyst for security at Infonetics Research told El Reg. "You can find virtual appliance versions of just about every gateway security product you can imagine (including SSL VPN, web security, mail security, IDS/IPS)."

Chris King, director of product marketing at Palo Alto, said traditional firewalls only look at port and IP address while Palo Alto's looked at the identity of an application before making an access decision.

Traditional firewalls screen for port and protocol but Palo Alto's technology also provides security controls based on application, user and content. Both of the new VM-Series firewalls from Palo Alto offer this capability.

Network traffic between virtual machines may not leave physical machines but workloads are constantly getting transferred between physical machines. That's why different forms of firewall technology are needed to protect virtual and cloud environments.

Virtual security appliances from traditional vendors, according to King, fall short because application like SSH always normally need to be allowed for remote administration. Port 22 would therefore be allowed. But this can be abused.

"Traditional firewall assume traffic on port 22 is SSH and not something tunnelled over SSH," King explained. "So if an administrator sets up a SSH tunnel from his home machine to do back-ups and perform admin tasks you're setting up a node on a data centre network that his son also uses to play Call of Duty."

"If this machine becomes compromised, then it [becomes] a backdoor into virtual server farms," he concluded, adding that Palo Alto's VM-Series technology is capable of blocking this type of attack scenario.

Palo Alto's virtual firewall technology, which integrates with VMware vSphere, screens intra-host data centre applications regardless of port or protocol.

The VM-Series launch is part of Palo Alto's strategy of allowing customers to roll out virtualisation projects without running into security or compliance concerns. The technology allows enterprise to safely enable applications in a virtualised data centre combined with the ability to secure intra-host traffic. The technology is designed for use in both virtualised data centres and private cloud infrastructures.

King said the future of data centres is both physical and virtual firewalls, potentially tied together under the same policy and management framework.

In addition to the VM-Series virtual firewalls, Palo Alto also launched a new, midrange next-generation firewall hardware platform (PA-3000 Series) and a management appliance for centralised control over a network of enterprise firewalls (the M-100 management platform).

The products, already available, are supplemented by the release of a new operating system, PAN-OS 5.0. The new firewall OS offers 60 new features for security in cloud environments, as well as improved management capabilities. PAN-OS 5.0 boasts an improved ability to scale and simplify network security management in large enterprise environments, enhanced IPv6 capabilities and increased control over SSL traffic, among other improvements. ®

Beginner's guide to SSL certificates

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
China is ALREADY spying on Apple iCloud users, watchdog claims
Attack harvests users' info at iPhone 6 launch
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.