Virtualization March Madness Continues: Altor Networks
Yes, I know it’s April, but I couldn’t get this all done in March, damnit.
Per the promise in my last driveby-post featuring Montego Networks, here’s a quick bit of insight regarding Altor Networks, another start-up recently out of stealth in the virtualization security space.
I spent some time with Amir Ben-Efraim, Altor’s CEO. I knew Amir from our days working together when he was at Check Point and I was at Crossbeam.
Amir has brought forward what he learned from his time served at CHKP and understands the gaps between how the current crop of security toolsets fall short in virtualized environments.
Altor’s solution called "Virtual Network Security Analyzer" is the company’s initial offering which is billed as providing the following functionality:
Altor’s Virtual Network Security Analyzer (VNSA) delivers unprecedented, granular, real-time, and historical visibility into the virtual switch traffic.Built from the scratch for the virtual environment, VNSA’s integration with virtualization platform management like VMware Virtual Center greatly simplifies product configuration.
VNSA has two main components as shown in the diagram:
Altor Agent – The Altor Agent plugs-into the virtual switch and passively monitors the virtual switch traffic. Only one Altor Agent is needed per physical server.
Altor Center – Information from multiple Altor Agents is consolidated by the Altor Center giving administrators a centralized view of the virtualized data center.
Altor Agent and Center are delivered as virtual appliances ensuring installation and uninstallation with zero downtime.
When Amir and I first spoke, I had trouble understanding how the product differentiates itself from "legacy" competitors in the IDS/monitoring space as well as those emerging in the VirtSec space. So we dug appropriately one layer down.
Many of the emerging VirtSec companies are hitching their ponies to the "we protect against intra-vm abuse" barn and given the current constraints around the underlying networking mechanics, there’s not a lot of differentiation therein until VMsafe arrives which ultimately levels the playing field for everyone.
So one has to ask that if the mechanics of intercepting and inspecting traffic are fairly commoditized, what’s the secret sauce that makes a solution a better mousetrap?
With Montego — at least for the next 6 months or so until VMsafe arrives — it’s the partnering model of integrating other 3rd party security applications based upon intelligent classification; if it sees traffic that matches a particular profile, it applies some level of security "magic" natively and then ships it off to vendor A’s virtual appliance, etc…
So when looking for Altor’s secret sauce, the reality is that VNSA is actually much more of a network configuration, analytics and policy management solution; it is really focused in it’s first iteration on detection/monitoring and understanding how the virtual switches and virtual machines are configured and profiling what traffic is flowing between them via integration with VMware’s Policy Center.
The product differentiates itself by first focusing on re-capturing the lost network-based visibility inherent in the current vSwitch architectures but does so from a unique perspective.
Rather than position VNSA as a pure "security" tool focused on prevention, it’s an operational tool meant to shed light on questions which are seldom easily answered regarding exactly what is going on in the vSwitch, the dependencies from a VM perspective, the interaction from a network perspective, and allowing operators to group applications and assets into a hierarchical management framework that allows policies to be attached to them.
Namely, VNSA provides a single pane of glass from which a server, network or security admin. can capture not only how the vSwitch and VM’s are configured from the virtual infrastructure perspective, but also regain network statistics, troubleshooting, optimization and standardization views into the vNet.
Now that the servers, networking and security are all collapsed as a function of virtualization and the network and security teams are somewhat at odds as to where the boundary and separation of duties exist and who is responsible for what, VNSA offers all a single tidy view. The web-based UI is quite nice and easy to use. I found the statistics and insight it provides as decent for a first-run product and I can see how operators will gain value quickly given the information one can extract.
As the product evolves, security and configuration policies will be "attached" to the VM’s based upon VM ID’s that will allow enforcement of policy regardless of which physical host houses them. Application detection capabilities beyond port will ultimately allow for even more automated app. grouping and application of policy.
The next step is then the more prevention-focused capabilities which will allow the same profiling of traffic from VNSA to be used as the intelligent basis for selective "firewalling" of traffic between VM’s based upon historically observed behavior. This will be accomplished via the second product coming later this year tentatively called "Virtual Network Firewall."
I do hope they drop the "firewall" moniker and use something else as I know that depending upon who they’re selling to, mentioning the "f word" could cause some to turn off to the idea before they even consider it…
I think the approach and implementation is well thought out. I think that the solution will appeal to the server admins who need to gain as much visibility about the virtual network configuration as well as the network and security teams who have lost context and visibility.
I’ll leave the more technical review up to Scott Lowe who is promising to give us the in-depth exploration of VNSA soon.
Next up, Blue Lane’s new solutions…
You have a lot of great information on these up and coming businesses. Do you know anything about TBD Networks' new Virtual Firewall and how it compares to Altor or Montego? I can't find much about it yet, but from what I can see it's similar, but seems to have a few more capabilities. Please let me know if you hear anything new about TBD Networks or any insight you might have. Thanks.
Talk about setting the bar high…I hope my review is in-depth and technical enough! Seriously, though, with so many virtual security (virtsec) products emerging, it's hard to keep track of all of them, much less choose the right one for your organization and your virtualization installation.
This is an interesting space. Sounds like Altor is trying to make a Mazu in the VM Host.