As a business that analyzes consumer mobile phone service behavior, Nielsen Mobile Inc. houses a lot of data. When the company, a division of The Nielsen Company, began running out of data center space, managers looked to virtualization.
While virtualization helped overcome space and power constraints and eliminated the long hardware procurement process, it created a couple problems. One complication was VMware sprawl, said Nicholas Portolese, senior manager of data center operations at the San Francisco-based firm. The other problem was security.
"Our network security manager at the time said, 'We have tools to understand the physical network layer, but how do we know what's going on in the virtual switch?'," Portolese said. "It was an interesting problem we hadn't really thought about."
Nielsen Mobile tapped Redwood City, Calif.-based Altor Networks Inc. for help. The company deployed Altor's Virtual Network Security Analyzer (VNSA) to get a view into activity on its virtual network such as top bandwidth consumers and heavily used protocols.
The deployment started with two ESX hosts dedicated to internally hosted VMs. A VNSA agent was installed on each host while one also had the Altor Center management console, which consolidates information gathered by the agents and integrates with virtualization management systems.
McAfee debuts protection for offline virtual environments: McAfee's Total Protection for Virtualization is a suite of products that includes a component that scans offline virtual images for configuration and security vulnerabilities.
VNSA allows Portolese and his team to troubleshoot problems and enforce policy. For example, the tool makes it easier to identify a machine in the network that's been compromised and is attacking domain controllers. "In the past, I had to review the logs on all my domain controllers," he said.
The tool also uncovered a policy breakdown. While reviewing data collected by VNSA, Portolese noticed that some machines were violating policy by going directly to Microsoft for Windows Server Update Service instead of the local server.
"These systems weren't put into the proper organizational container," he said. "That was a great finding for understanding a process breakdown in our relatively strict policy. Without that tool, I had no way to understand the whole picture."
In addition, VNSA helped Portolese put a stop on peer-to-peer file sharing when it spotted a machine using BitTorrent. The discovery raised concerns about bandwidth consumption and possible distribution of pirated software, which is against company policy. Portolese said peer-to-peer activity also could lead to potential exploitation of OS-level vulnerabilities.
"We were able to follow up with HR and inform them and go through the process to make sure it was eradicated," he said.
Phil Hochmuth, a senior analyst at Boston-based Yankee Group Research Inc., said Altor's technology addresses a growing need among enterprises that rushed into virtualization in order to cut hardware costs and reduce energy consumption.
"Security wasn't as big a concern because they saw such value in the consolidation of servers," he said. "Now that everyone's done this big virtualization push, they're taking a breath and realizing that security might have been overlooked a bit."
It's easy to move systems around in virtual environments, which can lead to compliance and security issues, Hochmuth said. Altor's VNSA is a "good first step" to help enterprise managers get a view into their virtual systems, but the company's recently released virtual firewall is more valuable because it can enforce policy, he said.
"Visibility is good, but visibility without any ability to take action or mitigate security problems isn't as valuable," he said.
Portolese said he's interested in potentially using the Altor VF in Nielsen Mobile's DMZ. VNSA, meanwhile, is helping to keep the company from being blindsided by unwanted activity in its virtual environment.
"By not knowing what's going on, you're basically being ignorant," he said.