A new security and compliance software for virtual servers, recently made available by a Menlo Park, Calif.-based startup, aims to do for virtual servers what traditional perimeter-oriented defenses have done for on-premise servers. While one analyst appreciates the technology, he doesn’t think host-based firewalling is exactly optimal for enterprises.
The startup, CloudPassage Inc., released, following a beta period, Halo SVM (Server Vulnerability Management) as well as some Halo Firewall products. The idea is that organizations providing infrastructure services or those in the business of social media and online gaming can apply security and governance to servers residing in the cloud.
“Any type of problem on a server, any configuration issues, any software package that has vulnerabilities are being replicated along with those servers,” said Bilger.
Enterprises, added Bilger, are erroneously addressing this problem by using products built for the static IP addresses of on-premise physical environments.
“It’s very, very difficult to do in the cloud because the virtual servers are moving all over the place and bouncing all around, said Quin. “I don’t think host-based firewalling is optimal.”
The issue, explained Quin, is that the security software must be run on every virtual machine, which then impacts the performance of the server or device. Ideally, he added, network-based firewalling is best.
An alternative approach, Quin pointed out, is VMware’s vSafe technology that is basically a virtual security layer that sits beneath the virtual machines. Virtual security can then be applied with just a single impact on the physical host and zero impact on virtual machines. But the issue then becomes who is accountable for that security capability, said Quin.
Whiel CloudPassage’s approach to virtual server security may not be optimal, Quin does add that “the way they’re going about it is probably as good as you can do right now.”
Moreover, the centralized management console is great for the IT admin to monitor everything holistically, otherwise, Quin said server management would be “horrific.”
“If we ever decide to move either to a hybrid or completely off Amazon (AWS) in the future, we don’t have to rethink how we are going to firewall our host server because it’s built into the demon,” said Birdsong.
Being a company with a small operations team, Birdsong said Halo SVM lets the IT team easily audit server installations through a running dashboard.
Birdsong also appreciates the usability of the software, which he describes as “obvious” in terms of functionality. Other such systems, he said, are “bare bones frameworks that you must curtail to how you want to use it.”
Follow Kathleen Lau on Twitter: @KathleenLau