Visibility and granular control over virtual network traffic
CURRENT THREAT SCENARIO
Virtualization of computing hardware creates networks of virtual machines (VMs) within physical servers. Traditional network monitoring and security measures don't see or control the growing volume of inter-VM traffic.Enterprises are concerned about the risks of virtual networks ranging from security policy violations, such as mixing trusted and un-trusted systems, to malware exploits that can propagate undetected in virtual LAN and quickly spread to other physical servers in the network while remaining unseen by traditional security solutions. Sensitive corporate information such as customer records and financial data can be tampered with, crippling the ability to do business and losing customer trust.
The Altor VF virtual firewall uses purpose-built, patent-pending technology to meet the unique security challenges of the virtual environment. Administrators can now control the virtual network by enforcing a rule-based policy for each VM. Because the Altor VF was designed with virtualization features in mind, it synchronizes automatically with VMware’s VirtualCenter and secures VMotion. The Altor VF is the only product that solves the problems of blind spots, uncontrollable inter-VM traffic, unprotected migration of VMs, and erroneous mixing of VM trust levels. Enterprises can now achieve the full ROI of virtualization while maintaining security and regulatory compliance across both physical and virtual networks.Enforceable Policy per VMAdmins can enforce stateful firewall policies for individual VMs, logical groups of VMs, or all VMs. Global, group, and single VM rules ensure easy creation of policies with tight security, while enabling enterprises to take full advantage of virtualization benefits.Secure VMotion and Live MigrationFirewall protection is continuous as VMs move from host to host using VMotion. Unlike traditional firewalls, the Altor VF keeps the “live” in live migration by maintaining open connections and security throughout the event. Physical IDS/IPS IntegrationThe Altor VF can send some or all inter-VM traffic out to physical security devices, such as IDS/IPS sensors. By mirroring traffic based on firewall rules, it brings intrusion detection to virtual environments by leveraging existing physical IDS capabilities, with no performance degradation to the virtual environment.Default Policy for New VMsWhen a new VM is created, the Altor VF assigns it an administrator-defined default policy. Allowing only admin and DNS protocols, for example, mitigates the risks of misconfigured or “rogue” VMs with vulnerable or infected workloads.
Conclusion:
Altor provides customers with unprecedented visibility into and granular control over virtual network traffic with award-winning technology that dramatically improves the security of virtual servers in data centers. Security policies are enforced on individual VMs simplifying deployment and on-going security management of virtual infrastructure, reducing the dangers of security breaches.
Altor Networks
350 Bridge Parkway
Redwood City, CA 94065
