COLUMN

Virtual appliances boost flexibility, improve security

By Eric Ogren 18 Jun 2009 | SearchSecurity.com Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Security products purchased as virtual appliances give IT greater flexibility in deployment than traditional security hardware devices.

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

The concept of treating network security as a software application has proven to be successful. Organizations can save money by re-purposing expensed servers as security devices, achieve a performance boost by placing network-oriented security on a faster processor and consolidate security functions on fewer servers to save on administration while making the security function a bit greener.

One of the more interesting news items of late barely caused a ripple in the security blogosphere: Check Point Software Technologies, Ltd and Riverbed Technologies Inc. entered an agreement allowing Check Point's new software blade architecture to run as a virtual appliance on Riverbed's Steelhead WAN optimization platform. Branch offices can take advantage of data center consolidation cost savings without sacrificing end-user performance or exposing the organization to increased security risks. Virtualization is one of the technologies that make this enhancement practical. Riverbed relies upon VMware, enabling Check Point to co-exist on the Steelhead device without significant software re-engineering.

Server virtualization: Virtualization server security best practices: Avoid server virtualization security bad practices with these dos and don'ts. Get info on virtualization products, segmentation, implementation, avoiding malware and staging. VMware releases long-awaited VMsafe security API: With the release, the virtualization powerhouse will now enable third-party security vendors to apply security within the hypervisor to safeguard virtual machines at the host level.

The next generation of network perimeter devices will likely offer business connectivity features in addition to firewall security to capture market share. The traditional drivers of firewalls enable business connectivity to the Internet including network address translation, protocol validation, and VPN termination – functionalities that are more important for allowing traffic into the network than for blocking traffic at the edge. Organizations with branch offices and remote campuses are concentrating Internet security into network devices to save on acquisition and operational expenses.

Security vendors can pack more security features into a hardware appliance, such as with Unified Threat Management devices, but the disruptive innovations will appear with integrated capabilities such as WAN optimization, virtualization support, routing, and auditing. Security co-existing with optimization technology is also not new. Microsoft included security with performance features in ISA Server and also integrates secure branch office access to SharePoint repositories.

SearchSecurity radio:

By contrast, UTMs, package firewall functionality with network security technologies such as network antivirus, intrusion prevention, and URL filtering into a single appliance to fulfill a small and medium sized business need for low administration small footprint security devices. Security vendors liked the concept because vendors could augment firewall sales with signature-update subscription revenues, and also protect the price points of the product line by including commoditized features. The seldom-mentioned issue with UTMs is that security effectiveness is often pared way down to maintain performance, especially AV and IDS inspection technologies with short signature lists to keep the traffic moving.

IT always prefers secure products over incremental security products. Additional devices in the network require time and energy to deploy and operate. In addition to Check Point and Riverbed, SourceFire has announced the availability of SNORT as a virtual appliance in 2009 which means IT has a leading firewall, WAN optimization, and IPS to start with. IT should start making requirements for its strategic security vendors to deliver products as virtual appliances allowing the enterprise the most flexibility in deploying security and business connectivity.

Tags: UTM Appliances and Strategies,  Virtualization Security Issues and Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT UTM Appliances and Strategies Best Unified Threat Management Products Unified threat management products gaining midmarket, enterprise foothold Enterprise UTM security: The best threat management solution? Microsoft Threat Management Gateway has some drawbacks The case against UTM: Is there a better alternative? Rising Profile Check Point to acquire Nokia security appliance business McAfee adds NAC module, appliance for unified policy enforcement IBM announcements mark two years of ISS marriage Fortinet acquires database vulnerability scanner from IPLocks Virtualization Security Issues and Threats Cloud computing data security starts with internal strategy, experts say PCI virtualization SIG closer to proposing changes to standard Security challenges with cloud computing services Secure virtual desktop software enables remote client security Security threats to virtual environments less theoretical, more practical At VMworld 2009, companies focus on virtual desktops for security Security fundamentals remain focus of virtualization deployments How to implement virtual firewalls in a complex network infrastructure How to find virtual machines for greater virtualization compliance Quiz: Virtualization and compliance

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary denial of service  (SearchSoftwareQuality.com) digital certificate  (SearchSecurity.com) distributed denial-of-service attack  (SearchSecurity.com) encryption  (SearchSecurity.com) integrated threat management  (SearchSecurity.com) Trojan horse  (SearchSecurity.com) trusted PC  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary