VMware has announced an integrated distribution system and application of the McAfee network security platform based on its network virtualization layer NSX: it is supposed to automate the distribution of the second to the IPS modules within a data center infrastructure. Martin Casado, senior vice president and general network security expert at VMware, and former co-founder of Nicira, stresses that this is primarily to improve visibility into network traffic: by virtualizing the firewall function, NSX can deliver the firewall around each server and operate detection and intrusion prevention on each packet in transit in the computer center. “This gives McAfee access to even more traffic. Before, they could see only about 20% of traffic. Now they can see it in full,” he says. To increase traffic to your business’s website, try some Norwich IT support services.
For Casado, software defined networks and network virtualization functions open a wide range of new possibilities that we are just beginning to understand, especially in security: “Security already represents 40% of our sales. Network virtualization functions are very interesting for anyone involved in security in the data center.”
The jointly developed system is a new model of IPS-VM series of McAfee, the IPS-DK-VM100 VSS, designed to integrate with NSX, with McAfee Network Security Manager and Intel Security Controller. The latter operates as a broker between NSX and DK. Running VMware NSX Manager, as it enables automatic provisioning of the IPS for traffic between virtual machines, according to the rules and conditions set by the directors. Ultimately, it is a free environment of trust zones which is thus established to provide thorough and comprehensive protection.
A promise that finally delivers
Certainly, as vShield APIs have allowed already for several years, some degree of automation and visibility gains on traffic on virtual machines. But this is to go much further in the future. In fact, it is starting to achieve a vision described in words covered by Art Coviello, executive chairman of RSA then, beginning in 2013 with his concept of architecture “anti-fragile”: concerning massively abstract environments that layer materials and are able to change their topology and dynamic behavior based upon threats.
And if Coviello evoked the subject without giving too much away, it was not a coincidence. With its acquisition of Nicira in July 2012 , VMware could start working on the integration of the network component in its work to develop a consistent offer for virtualized data centers at any time. But it will only really complete once integrated into the security layer. Rob Randell, principal architect, security and compliance solutions from VMware, did not disagree in February 2013, in San Francisco, at the RSA Conference. He explained that the next major evolution of computing is none other than the center of programmable computing or SDDC for computer center Software definition, where you control a consolidated servers, storage, constraints availability, and security policies. And indeed, the “security and network” were still there two years ago, the sticking points , particularly because it is difficult to “have visibility on trade between virtual machines on the same host; we do not see what does not come out on the network … “
But the tide has begun to turn. At a meeting, Rob Randell explained: “I can not tell you more for the moment here. But if you want, we can arrange an interview after signing a confidentiality agreement. ” For his part, Dave Martin, Vice President and Chief Security Officer of EMC, cautiously evoked the “beginning of the discussions for the establishment of laboratory test environments.”