Stonesoft Gets VMware Cert for Virtual Security Appliances

Published: February 27, 2008

by Alex Woodie

Stonesoft, a developer of network security devices, today announced the first in a series of VMware certifications ensuring its products can protect virtualized IT environments. By enabling its firewall, VPN, and IPS offerings to monitor and manage traffic among virtual machines connected through a virtual local area network, Stonesoft offers the same level of separation and control that traditional physical infrastructures rely upon.

One of the problems with X64 virtualization as it exists in the market today is that it's not as inherently or easily securable as a traditional physical infrastructure. If an organization chooses to run a Web server and a database server side by side in separate virtual machines but on the same physical server (as many do), it runs the chance of allowing hackers to traverse virtual machines if it doesn't have security components in place along the virtual LAN to stop them. This wouldn't be a problem in a traditional environment, where best practices dictate firewalls and intrusion protection systems (IPSs) be installed on the physical LAN between the database and the Web server. But in a virtual environment, there is no physical LAN to hook into.

It's largely a matter of wires, says Mark Boltz, senior solutions engineer with Stonesoft. "And if you do have wires, you're losing the benefit of virtualization. We allow you to have the full benefit of virtualization and still have the security components with the Firewall/VPN and IPS and not have to have physical wiring."

Today, the company announced that the StoneGate Firewall/VPN has been certified by VMware to run under its virtualization and hypervisor offerings. The Atlanta, Georgia, company also announced it has joined VMWare's Technology Alliance Partner (TAP) program, through which it will work to certify other Stonesoft products, specifically the StoneGate IPS.

Boltz says Stonesoft made some changes to its Linux-based Firewall/VPN offering to take advantage of VMWare network and display drivers. VMWare then certified that the software was implemented correctly on its hypervisor and workstation virtualization products.

Organizations can mix and match virtual and physical products from Stonesoft, and manage them all centrally from the same graphical console, the Stonesoft Management Center, making Stonesoft's virtualized security appliance the only offering of its kind, Boltz claims. "We're providing something that's very unique in the market right now in terms of a solution that actually covers both worlds--virtual and physical--with the same technology and the same features."

Stonesoft's Firewall combines packet filtering, stateful connection tracking, and application-level security to weed malicious traffic out of regular traffic. The VPN component of StoneGate provides both IPsec and site-to-site capabilities. Stonesoft traditionally sold the software, which can be clustered, as part of a Linux appliance offering, or allowed users to install the software on their own Linux servers or Linux partition in a mainframe. VMWare certification for the virtualized StoneGate IPS will come later.

Boltz says IBM's mainframe virtualization (and System i logical partitioning) are more secure than X86 and X64 virtualization technologies. "In a lot of virtual environments, they don't have the ability to separate the partitioning. From a mainframe point of view, that concept is very robust and very well proven," he says. "In VMware, what we've seen for a lot of organizations is they've virtualized the Web servers, the middleware components, and such, but they're all on one flat virtual network with no controls to prevent a compromised Web server from then hacking the database server on the back end."

Proper security can be maintained by installing all the virtualized Web servers on one physical server and all the virtualized database servers on another, and putting the necessary firewalls and IPSes in between them, but then you lose the benefits of virtualization. "The traditional ways of doing security no longer apply, or haven't been able to be applied until now with us, with this technology," Boltz says.

But as users move toward virtual security appliances, they shouldn't forget the lessons of physical security. "You still need your perimeter security devices and you still need a physical network for your actual physical people to connect to, to do the work that actually drives the applications at the end of the day."

RELATED STORIES

Stonesoft Unveils New Generation of Firewall, IPS Products

StoneSoft Readies Updated Firewall/VPN Software for Mainframes

Stonesoft Clamps Down on Evolving Security Threats with Firewall

                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot