Original URL: http://www.theregister.co.uk/2013/01/30/netcitadel_security_policy_orcestration/

Startup decloaks, rolls out cloudy security 'conductor'

Let all make sure we're on the same hymn sheet here

By John Leyden

Posted in Cloud, 30th January 2013 07:54 GMT

Security startup NetCitadel is tackling the problem of automatically applying security policies across physical and virtual environments with a cloud-based approach.

NetCitadel's OneControl Security Orchestration Platform enables the application of network security policy changes across cloud, virtual and physical environments in minutes rather than days or weeks. The technology is designed to automate a policy change process that is sometimes manual and therefore both time consuming as well as subject to human error.

OneControl is a virtual appliance that ensures that applications are subject to the same security controls whether they are executed on servers on a corporation's premises or in the cloud. The technology can be tuned to users, applications and workloads as well as the current threat environment.

The technology creates a central panel to manage security policies across different applications and workloads between sources (such as VMware vCenter and Amazon AWS) and security infrastructure (such as Cisco ASA and Juniper SRX devices). Device connectors allow the technology to apply security policies by making changes to the configuration of firewallls, routers and switches from a single interface.

NetCitadel chief exec Mike Horn told El Reg that both Cisco and Juniper have management tools but they are vendor specific, unlike NetCitadel's tech - which supports a mixed environment. He compared the technology to a conductor in an orchestra that, instead of introducing new instruments into the movement of a overture can recognise and provision a new server in Amazon. Security policies can be applied that are appropriate for this server's use as either an application server or web server, for example.

"You need a conductor because networks are becoming more dynamic, which the need to set up new servers and users in real time," Horn explained.

As well as ease of provision NetCitadel's technology offers the potential to minimise firewall configuration flaws, which sometimes lie at the root cause of security breaches. The firm hopes its technology will give customers the confidence to move sensitive workloads to the cloud without running into concerns about compliance.

NetCitadel OneControl ships as a virtual appliance and provides modular security options, including the Virtual Security Module and the Cloud Security Module which are sold as add ons. Pricing starts at $25,000 for up to 25 security devices, and increases depending on the number of additional devices supported. Pricing for the Virtual Security Module and Cloud Security Module starts at $7,500 each.

The release of the technology sees NetCitadel emerging from stealth mode for the first time. NetCitadel is initially targeting larger business and managed service providers. Its 25 staff come from stints at varied tech heavyweights including Avistar, Neoteris, Google, VMWare, FireEye and Cisco.

NetCitadel is rolling out with a direct sales model on its home turf but is keen to work with partners to secure international sales.

Horn said that future development plans include extending the orchestration tool with interfaces to talk to security event management (SIEM) and logging tools that collate warnings from firewalls and intrusion prevention devices. ®