What is Altor Networks up to with virtual firewalls?

Altor Networks is a Redwood City, Calif. based provider of virtual firewall solutions who emerged on the virtualization scene recently. So what are they up to? And where are they going in 2009 with all of this? I spoke with the company’s co-founder and CEO, Amir Ben-Efraim to find out.

Q: Altor Networks has emerged on the scene over the past several months. What problem does the company help solve for virtual environments?

A: Altor developed and is selling a virtual firewall, the first firewall purpose-built for the virtual environment. Our customers use the product to create policies on a per virtual machine basis; policies that follow the virtual machine when it moves around the datacenter via live migration or VMotion.

Live migration is a core aspect of virtualization, since it’s a process by which virtual machines are moved among different physical servers, best optimizing the use of the physical resources. Altor’s firewall creates policies that follow each specific virtual machine.

Our virtual firewall product allows companies to enforce corporate-wide policies regarding data protection on virtual machines. This significantly reduces the dangers of security breaches and the mis-configuration of virtual machines, assists with overall regulatory compliance, and vastly improves operational agility.

Q: What types of security issues does the virtual firewall address?

A: A virtual machine is just as vulnerable as a physical server; therefore, it is vulnerable to countless known exploits affecting both operating systems and applications. However, unlike a physical server, an infected virtual machine is especially hard to spot given the lack of security and network management capabilities inside the virtual environment. This is what we call the virtual “blind spot.” Virtual firewalls address this specific problem by installing a special-purpose virtual-appliance to monitor and control network activity inside virtual servers.

Q: What emerging security threats targeting virtualization are you most concerned about in 2009?

A: One example is the threat posed by virtually aware malware, which malware writers developed as a response to a common technique for identifying malware in the first place. IT pros will often test executable files for malicious intent by operating them in a segregated, virtual environment. Malware writers have adapted to this technique. They can design malicious worms so as to lie dormant in virtual environments, allowing them to execute when installed later in non-virtual machines.

The ramifications of the virtually aware aspect of malware are significant. One could imagine an exploit that capitalizes on the provisioning aspects of live migration once discovering it is operating within a virtual network. By manipulating virtual machines sharing physical resources, malware could propagate in ways that cannot be monitored or prevented by traditional physical-network security software solutions.

For this reason, many companies are investigating virtual firewalls to monitor, manage and protect network traffic between virtual machines. Without purpose-built virtual firewalls, virtual networks represent very large, growing areas of uncertainty.

Q: I hope the malware writers aren’t reading this. The virtualization-aware malware does sound scary. Why haven’t we seen a major attack using that method to this point?

A: Actually, in our investigation with the research team at anti-virus software provider ESET, they have confirmed seeing 200,000 virtually-aware malware files in November alone. It’s only a question of time before new malware variants create havoc by capitalizing on the unique aspects of virtualization.

Q: Can you point to some early customer deployments of Altor’s virtual firewall?

A: When we launched our solution in October 2008, several companies were evaluating an early version of the product, and many of them have purchased the solution. The Nielsen Mobile division of The Nielsen Company is a great example. The division is storing a lot of information, and it is using virtual machines heavily across their production environment.

To manage, protect and control virtual traffic, Nielsen Mobile is installing Altor’s virtual firewall. Nielsen Mobile noted a significant “gap” in the way they’re able to monitor and control network traffic on the physical network when compared with the virtual network inside virtual servers. Nielsen is addressing this gap by deploying the Altor virtual firewall.

Many of our customers cannot be named publicly. Besides Nielsen, I can also mention Hearst Corporation.

Q: When you introduced the virtual firewall, you also announced partnerships with a few other IT security technology vendors, such as ArcSight and Juniper. How do those relationships work?

A: Many of our customers are already using solutions from Juniper, ArcSight, Mazu Networks and other security vendors to define data security policies for an organization. Altor is working closely with these vendors so that information and events created by our virtual firewall can be exported into their systems.

As a result, customers benefit from the virtual machine-specific functionality provided by Altor while applying the policies and rules developed within other security applications to Altor-managed traffic. In this way, security managers receive the alert notifications and experience the alert escalation to which they are accustomed.

To be clear, Altor’s virtual firewall also comes with comprehensive features for policy creation and notification. However, we are very cognizant that our customers have invested in other security policy frameworks for their physical networks, and we want them to fully leverage their existing investments.

Q. Do you think virtualization as a concept received too much hype in 2008?

A: Definitely not. Especially given the economic realities, virtualization is a wise investment. It allows companies to more fully utilize the investments they’ve made in their physical resources.

I expect that more and more critical systems will rely on virtual servers as we move into 2009. With the emergence of purpose-built management and security solutions, such as Altor’s virtual firewall, enterprises can finally address concerns or roadblocks that may have impeded the adoption of virtualization into production environments.