Feeds

Cloudy admin? Here's how to ward off Call of Duty-playing teens

Cheeky little rascals

Beginner's guide to SSL certificates

Palo Alto Network has gone virtual with the latest version of its next-generation firewall, the VM-Series. The tech, launched last week, is designed to protect virtual and cloud environments and comes as part of a wider industry push to market virtual security appliances.

Analysts Infonetics Research says the booming market for virtual security appliances is being driven by the adoption of cloud infrastructure buildouts and server virtualisation, among other factors. It adds that the virtual appliance vendor landscape is a crowded with a mix of established security players, virtualisation platform vendors and specialist vendors - all competing for market share.

"Many of the traditional vendors in the firewall space, including many of Palo Alto's competitors, have virtual appliance solutions already, including Cisco, Check Point, Juniper, and many others," Jeff Wilson, principal analyst for security at Infonetics Research told El Reg. "You can find virtual appliance versions of just about every gateway security product you can imagine (including SSL VPN, web security, mail security, IDS/IPS)."

Chris King, director of product marketing at Palo Alto, said traditional firewalls only look at port and IP address while Palo Alto's looked at the identity of an application before making an access decision.

Traditional firewalls screen for port and protocol but Palo Alto's technology also provides security controls based on application, user and content. Both of the new VM-Series firewalls from Palo Alto offer this capability.

Network traffic between virtual machines may not leave physical machines but workloads are constantly getting transferred between physical machines. That's why different forms of firewall technology are needed to protect virtual and cloud environments.

Virtual security appliances from traditional vendors, according to King, fall short because application like SSH always normally need to be allowed for remote administration. Port 22 would therefore be allowed. But this can be abused.

"Traditional firewall assume traffic on port 22 is SSH and not something tunnelled over SSH," King explained. "So if an administrator sets up a SSH tunnel from his home machine to do back-ups and perform admin tasks you're setting up a node on a data centre network that his son also uses to play Call of Duty."

"If this machine becomes compromised, then it [becomes] a backdoor into virtual server farms," he concluded, adding that Palo Alto's VM-Series technology is capable of blocking this type of attack scenario.

Palo Alto's virtual firewall technology, which integrates with VMware vSphere, screens intra-host data centre applications regardless of port or protocol.

The VM-Series launch is part of Palo Alto's strategy of allowing customers to roll out virtualisation projects without running into security or compliance concerns. The technology allows enterprise to safely enable applications in a virtualised data centre combined with the ability to secure intra-host traffic. The technology is designed for use in both virtualised data centres and private cloud infrastructures.

King said the future of data centres is both physical and virtual firewalls, potentially tied together under the same policy and management framework.

In addition to the VM-Series virtual firewalls, Palo Alto also launched a new, midrange next-generation firewall hardware platform (PA-3000 Series) and a management appliance for centralised control over a network of enterprise firewalls (the M-100 management platform).

The products, already available, are supplemented by the release of a new operating system, PAN-OS 5.0. The new firewall OS offers 60 new features for security in cloud environments, as well as improved management capabilities. PAN-OS 5.0 boasts an improved ability to scale and simplify network security management in large enterprise environments, enhanced IPv6 capabilities and increased control over SSL traffic, among other improvements. ®

Remote control for virtualized desktops

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Choosing a cloud hosting partner with confidence
Download Choosing a Cloud Hosting Provider with Confidence to learn more about cloud computing - the new opportunities and new security challenges.