Skip to main content

Security Virtualization: Bluelane's VP Interviewed; Virtualization security discussed

I have had numerous discussions with Greg in the past two year or so. Greg does a lot of evalgelization around security. Since we had never spoken we spoke a few days back. I was in the train heading back home after the Virtualization event in Belgium. Here's a summarized version of our chat!

Hi Greg, tell us a bit about yourself and your role at Blue Lane?

I'm the VP Marketing at Blue Lane Technologies. We're down the street from Apple's original Cupertino headquarters. I've been at Blue Lane for about two years. Before joining Blue Lane I held exec marketing positions at Juniper Networks, Redline Networks, IntruVert and ShoreTel. The basic strategy behind my career since 2000 has been joining companies that I felt were introducing timely, breakthrough technologies (with "A" player exec teams)that would be game changers: VoIP; IPS; App delivery (AFE); and now layer 7 server and VM security.

Tell us a bit about Blue Lane? When was it started and why?

The Blue Lane team took a very novel approach to security. While most network security vendors were focusing on desktop security and exploit signature pattern matching detection/blocking, the Blue Lane team focused on servers and application and protocol intelligence. That is, they developed a solution that actually understood the flows that passed through it and was able to neutralize malicious traffic targeting known software vulnerabilities- without disrupting the traffic or server sessions. The Blue Lane team saw this current world of sophisticated attacks against servers coming years before anyone else. As a result, while the traditional deep packet, low layer solutions of 2002 struggle today with the explosion of sophisticated, financially-motivated attacks and zero day vectors, Blue Lane delivers on the promise of comprehensive server protection without signatures, tuning, false alarms, reboots, etc. Server and database security is enhanced with minimal implications for availability and operations teams. I came to Blue Lane because I was attracted to the value proposition of an IPS that had incredible accuracy, minimal traffic impacts and no false positives. I was conditioned by the netsec industry's marketing hype that accurate detection and correction was impossible. Then I learned about Blue Lane.

We have had several discussions about security around virtualization, tell our readers briefly "What is security around virtualization? Hypervisor security vs VM security"?

From my perspective there are two sometimes competing visions of what is needed for virtsec (virtualization security). One is a larger than life, mythical "hypervisor attack" that is able to take control of all VMs by exploiting hypervisor code. The other is really based on the pragmatic realization of the dynamics of virtualization (like mobility, state changes and flexibility) and what impact they will have on thousands of existing vulnerabilities resident on the hypervisor. Let's explore each one for a moment and readers can draw their own conclusions. The hypervisor is very modern code with a very narrow attack surface. With VMware's recent acquisitions it's very likely that they will address any vulnerabilities that do appear very quickly and easily, relative to the rest of the world of software (now a guest on a hypervisor)created when no one cared about security. The real exposure from the standpoint of attack likelihood is the very wide and fluid attack surfaces of percolating, shifting VMs on the hypervisor. There are thousands of existing VM vulnerabilities and enough proven attacks in the wild capable of evading perimeter defense solutions that securing the VMs should be the first prerogative of any production deployment.

The why so much talk about hypervisor attacks?

For starters, the impact of a hypervisor hijack could be very destructive. No doubt about it. But I think the real source of the hype are vendors with netsec appliances that don't have flow intelligence... they want to tap the virtsec market but aren't yet prepared to re-architect for the application and protocol intelligence required to protect the VMs. The classic deep packet, signature IPS vendors will continue to distract the market until they're ready. That's a smart move for the short term in some respects, but in the long term they need to help educate the market. Secure virtualization is in everyone's best interest.

Security seems like a luxurious option when buying virtualization, why is that?

It probably was years ago especially in devtest environments that were not hacktivist targets. With production virtualization however there are now public-facing VMs and critical security requirements. Of course, VM security can run about 10% of the cost of a VMware deployment. That's pretty reasonable luxury, even for devtest. There are other factors beyond cost also worth thinking about. The older perimeter IPS solutions will require more maintenance and produce more false alarms. That's not an exciting prospect for protecting a fluid virtualized infrastructure. You get a little bit of security for a lot of things on your network and tie up resources managing noise. Again, that's why I like Blue Lane's very elegant, clean architecture (especially when it comes to fluid virtualized environments). You want app and protocol flow intelligence to protect increasingly vulnerable VMs. You don't want endless tuning, alarms, etc. as your team makes changes.

What kind of security threats are we expecting around virtualization?

If you think about virtualized infrastructures running arrays of operating systems and applications that are in a steady state of flux you can easily envision large, fluid attack surfaces that change faster than the traditional netsec appliances put in place to protect them. That's a substantial shift with both strategic and tactical security considerations. Because VMs can move and interact with each other, even with firewalling, there are inter-VM flow risks that also need to be addressed. Then I would leave hypervisor attack risks and patching to VMware for the most part. They are making significant strides in hypervisor security and it's clearly an area of importance for them. I think they are way ahead of the other players when it comes to understanding the security dynamics of virtualization.

What makes Virtual Shield a better product against its competitors?

The core architecture is more advanced, more protocol and application intelligent than anything else out there. The result: very high effectiveness against attacks with minimal operational consequences (no tuning, no false alarms); minimal footprint and latency; no need for dedicated hardware; VirtualCenter integration; and specialized protection against zero day attack vectors and sophisticated attacks (like polymorphic worms/bots, SQL injection and cross-site scripting). I think these are some of the reasons we won a Best of Interop and a Best of VMworld.

Do you also sell your product as a Hardware-agnostic Software Appliance?

We sell our software on two form factors: 1) an optimized appliance (ServerShield); and 2) a VMware Infrastructure 3 plug-in (VirtualShield).

How are your sales doing?

Last two quarters saw 50% revenue growth Q2Q. We're hiring. :)

Do you have any expansion plans?

Yes. As revenues continue to scale we have plenty of innovations in our pipeline that will continue to fuel our success in server and VM protection. We'll be at VMworld Europe in Nice and Interop in Vegas in coming months. As you might expect, we're very bullish on both our server and VM security business.

What else can we expect from Bluelane in the coming months?

We'll continue to excel when it comes to protection against attacks that have vexed traditional architectures. We're going to continue to deliver more real innovation when it comes to server and VM security. We have the most powerful, advanced architecture in the market and will continue to drive game-shifting innovation by focusing on our core attributes (including accuracy, availability and performance) while minimizing the operational requirements and impacts of security.


Popular posts from this blog

Redhot Future Of IT Part I :Marketing yourself as IT professional

I had promised about the "RedHot IT Future Series" and so we discuss here how you should market yourself EFFECTIVELY as an IT professional in this new (and dangerous) web age! Web is the place where you're a hero today and villain tomorrow. While there are lots of professionals who are active on the web, not all are enjoying a good reputation as they got "personal" with others and got into a cockfight. The passive IT professional has nothing to lose but nothing to gain at all!

I know "marketing" might seem as a greasy term but the idea is to have the truth about you out there. You know you're a good person and your family knows that you're really smart person but the rest of the world doesn't!

So the question is how do I market myself on the web as a true "nouveau IT professional". A guy who companies will be tempted to pick up the phone as say "Hey, we wanna talk with you. Can you fly over to Palo Alto (or Guatemala or Johan…

Redhot Future Of IT Part 2 :Virtualized Workplaces

Click on the title to hear what I have to say, alternatively click here to listen to what I have to say here.

So what is a virtualized workplace? Does it mean it does not exist? That it's virtual? Well in a certain way YES. This is where the future of our workplace is going to be. Well it is already a reality in some countries.

OK lets start by asking ourselves these questions:
Do you really bond with your colleagues? (think Team cohesiveness)
Do you spend great amount of hours talking about great things that you will do together? (think collaboration)
Do you really feel that you give 100% at work? (think effectiveness)
What do you really miss at your desk? (think personalization)
Is your desk comfortable enough? (Again think optimizing personalization, OK you have done your best to make it your place)Does it really matter to your employer that you are there for him/her? (think commitment)
Or do you get micromanaged over petty issues? (think mismanagement)
Do you see your employees perfor…

A Collection of Threnodies : Part 1

Whale Fall

Dress me up in my new threads
clasp my greasy palms
grease my hair
I'm ready for the fall

Watch at all the decadence
watching the avalanche
I'm slipping down
losing my buoyancy

What's become of us
where have we come
this far, this close
close to the doors

I hear them, sublimal chants
I'm on the run
I race through the human sea
I am the king!

I'm the slave
to my own undoings
I'm the jester in my courtyard
We jest as we run

We're strolling on that thin rope
we grope as we rope
we're true heros
we're the survivors

we're the scavengers
we're the friends
we're the lovers
we're the unbred

Soon awaiting the fall
we're lurking on us
we're osedaxing us
we're soon going to be done
we'll soon be arrested

*osedax(bone devourer, newly discovered marine genus) feeds on a fallen(sunken) whale carcass(which is also called a whale fall). Read more here