Skip to main content

Reflex Security CTO interviewed; Security discussed!



A little about Hezi Moore



Hezi is the founder of Reflex Security and pioneer of the automated network intrusion response system. He brings more than 15 years experience in security, networking and entrepreneurial experience. Prior to founding Reflex Security, Hezi was president and co-founder of MicroTech Systems - a firm specializing in network design and configuration of point-of-sale systems - which was subsequently acquired by Retail Technologies International of Sacramento, California. He has also held such diverse occupations as a technical support and research analyst for GE Technology.


And what I thought about Hezi?

I think Hezi came upfront and was very open about their strategy. Hezi fits in many ways rather snugly in the world of "Connect and Collaborate", the new world, the one ridden with the Cynefin puzzles.

We discussed some real issues that we are facing in the industry, which is at the cusp of a total data center overhaul, if you will. I think a lot of firms, whether in stealth or in business, are still hiding away from the "real facts", Hezi and I spoke about some real facts, and that is where a firm, led by such leaders, can really strike a chord with its customer base.

Here are the Q&As:

Tarry Singh: Tell us something about Reflex Security and its product line?

Hezi Moore: Today Reflex Security provides security for core networks, datacenters and virtualized environments. The company was founded in 2000 as an IPS company. At that time, Reflex provided security for perimeter and gateway for mostly SMB market through our appliance-based Interceptor IPS solutions. In 2003 the attack landscape changed, and Reflex solutions evolved and we began developing products to protect the core and datacenter providing security in the LAN. Requirements are different in the core than the typical gateway security requirements. There is a need for network visibility, high-speed, high-availability, switching capabilities and integration into current infrastructure. Our Multi-gigabit products, the MG5 and MG10, are network security switches deliver up to 10Gbps of secure throughput with the reliability, density and manageability needed for mission-critical networks and applications running in the core network. In 2005 many companies started deploying virtualized solutions and Reflex developed the first Virtual Security Appliance (VSA) that sits inside virtual environment and provides visibility
and security for the virtual network.

Tarry Singh: What is your differentiated strategy? What makes you different than other vendors such as Bluelane, Catbird etc?

Hezi Moore: What differentiates Reflex is our history, our customers and our focus on core network, datacenter and virtual security solutions. Reflex Security has been in the security business for more than 7 years providing solid security solutions to our customers. We have taken this knowledge and leveraged our security expertise to be the first to market with a Virtual Security Appliance in early 2006 and a high-performance, scalable, multi-gigabit Network Security Switch solution in 2007.

Unlike some competitors, Reflex Security offers a multi-faceted solution that combines critical security features such as signature-based and anomaly-based analysis, Botnet, IDS/IPS, server-based NAC, LAN firewall, Anti-malware, policy enforcement, network visibility and patch shielding. We have the capability to provide these core advanced security features to the physical and virtual environment. We also provide a robust integrated security management console that allows enterprises to manage both physical and virtual security from a single interface.

We have not seen other competitors that can provide this level of security and combination of hardware and software in both the physical and virtual network.

Tarry Singh: Are you looking you expand within EMEA? What are you doing on the marketing front?

Hezi Moore: Reflex has had a presence in EMEA for several years now and we have a growing customer base worldwide. We are currently expanding our sales team throughout EMEA to answer market demand of the multi-gigabit network security switch solution and the Virtual Security Appliance. We have seen a good pace of adoption of virtualization in EMEA over the past few years and we have great traction with our VSA product. We are very successful in that region we will continue to expand our marketing efforts in 2008 to target enterprises looking for core network, datacenter and virtual network security solutions.

Tarry Singh: How is your relationship affected with VMware since its acquisition of Determina?

Hezi Moore: We were one of the first to approach VMWare about security solutions for the virtual network two years ago and we continue to have a very good working relationship with VMWare today. Reflex Security is a technology alliance partner, community source partner and we work very closely with the VMWare team regarding security solutions for VMs and virtual networks. The acquisition of Determina has not impacted our relationship or our work with VMWare. This acquisition is primarily to secure the Hypervisor and below. VMWare is continuing to expand its partner program, leaving the virtual machine security to the security partners like Reflex Security, so they can focus on the core competency of its business.

Tarry Singh: Why is the industry so sluggish when it comes to adopting Security and Backup?

Hezi Moore: IT operations are aggressively pursuing, and businesses are funding virtualization projects due to rapid ROI. However, as with any new technology, there exists a lack of best practices, experience and established collaboration framework for security. This combined with the desire to achieve rapid savings, leads to security often being an afterthought.

As a result many virtualization projects are at risk of being less secure than their physical counterparts. Emerging trends, such as virtual server sprawl and mobility, threaten to replace one problem with another, potentially more un-manageable. The lack of Best Practices and established frameworks often places IT Operations and Security Teams at opposing ends of the project thus slowing or stalling adoption.

In many respects virtual and physical infrastructure appear the same. However, numerous features and benefits of virtualization create unique security challenges. Virtualization technologies introduce new levels of administration that challenges, and in some cases, breaks traditional IT separation of duties.

Tarry Singh: What culture change do you expect to see in the coming future?

Hezi Moore: As we continue to see more and more enterprises implement virtualization on any scale, I believe we will see a convergence in management of the datacenter. We are already seeing this change starting to occur in the organizations that we are working with today regarding virtualization and security.

Historically there has been a divide between the System Administrators that own the network and servers and the security teams that manage the security policies. In the future, these teams will have to work together to implement these multi-functional technologies to address these cross-functional requirements. Currently there are not many resources with the breadth of capabilities that are needed for this type of management of the core network and/or datacenter. There is a need for a new multi-faceted skill set combining server knowledge, virtualization and security expertise to manage the datacenter of tomorrow.

Tarry Singh: What are your future plans? Can you tell us what are you planning for 2008, 2009, 2010? Is reflex working on the RTI (Real Time Infrastructure) readiness?

Hezi Moore: In the future, Reflex Security plans to continue to be the leader in integrated network security for core networks, datacenters and virtual networks by integrating security into the virtual switch to provide security per port. We are also working on additional features that will provide the administrator more visibility in the datacenter and inside the virtual network.

Regarding RTI our plan is to integrate with Vmotion to adapt our system to dynamic infrastructure changes. For example, as Vmotion moves a server from one environment to another environment the security policy that is associated with this server will follow the server to the new environment. The security system should dynamically change to adapt to the new change of the network infrastructure. By providing more visibility into the network infrastructure the security policy can easily adapt to changes that are driven by business events to optimize cost, reduce risk and enable growth.

Comments

  1. I am a customer of Reflex products and according to this post it says there is BOTNET detection in the product. Is this more marketing hype than reality or is there a new version of software that I should download?

    I personally hate reading marketing stories like this because it gets customers very confused on whats really out there in the market. If its available, then great! customers will see value and take advantage of it, but if its not available and coming out in the future, then just tell us! Don't mislead us.

    -Anonymou Reflex Customer

    ReplyDelete

Post a Comment

Popular posts from this blog

Security: VMware Workstation 6 vulnerability

vulnerable software: VMware Workstation 6.0 for Windows, possible some other VMware products as well type of vulnerability: DoS, potential privilege escalation I found a vulnerability in VMware Workstation 6.0 which allows an unprivileged user in the host OS to crash the system and potentially run arbitrary code with kernel privileges. The issue is in the vmstor-60 driver, which is supposed to mount VMware images within the host OS. When sending the IOCTL code FsSetVoleInformation with subcode FsSetFileInformation with a large buffer and underreporting its size to at max 1024 bytes, it will underrun and potentially execute arbitrary code. Security focus

Splunk that!

Saw this advert on Slashdot and went on to look for it and found the tour pretty neat to look at. Check out the demo too! So why would I need it? WHY NOT? I'd say. As an organization grows , new services, new data comes by, new logs start accumulating on the servers and it becomes increasingly difficult to look at all those logs, leave alone that you'd have time to read them and who cares about analysis as the time to look for those log files already makes your day, isn't it? Well a solution like this is a cool option to have your sysadmins/operators look at ONE PLACE and thus you don't have your administrators lurking around in your physical servers and *accidentally* messing up things there. Go ahead and give it a shot by downloading it and testing it. I'll give it a shot myself! Ok so I went ahead and installed it. Do this... [root@tarrydev Software]# ./splunk-Server-1.0.1-linux-installer.bin to install and this (if you screw up) [root@tarrydev Software]# /op