Skip to main content

Security Virtualization: Bluelane's VP Interviewed; Virtualization security discussed



I have had numerous discussions with Greg in the past two year or so. Greg does a lot of evalgelization around security. Since we had never spoken we spoke a few days back. I was in the train heading back home after the Virtualization event in Belgium. Here's a summarized version of our chat!


Hi Greg, tell us a bit about yourself and your role at Blue Lane?

I'm the VP Marketing at Blue Lane Technologies. We're down the street from Apple's original Cupertino headquarters. I've been at Blue Lane for about two years. Before joining Blue Lane I held exec marketing positions at Juniper Networks, Redline Networks, IntruVert and ShoreTel. The basic strategy behind my career since 2000 has been joining companies that I felt were introducing timely, breakthrough technologies (with "A" player exec teams)that would be game changers: VoIP; IPS; App delivery (AFE); and now layer 7 server and VM security.

Tell us a bit about Blue Lane? When was it started and why?

The Blue Lane team took a very novel approach to security. While most network security vendors were focusing on desktop security and exploit signature pattern matching detection/blocking, the Blue Lane team focused on servers and application and protocol intelligence. That is, they developed a solution that actually understood the flows that passed through it and was able to neutralize malicious traffic targeting known software vulnerabilities- without disrupting the traffic or server sessions. The Blue Lane team saw this current world of sophisticated attacks against servers coming years before anyone else. As a result, while the traditional deep packet, low layer solutions of 2002 struggle today with the explosion of sophisticated, financially-motivated attacks and zero day vectors, Blue Lane delivers on the promise of comprehensive server protection without signatures, tuning, false alarms, reboots, etc. Server and database security is enhanced with minimal implications for availability and operations teams. I came to Blue Lane because I was attracted to the value proposition of an IPS that had incredible accuracy, minimal traffic impacts and no false positives. I was conditioned by the netsec industry's marketing hype that accurate detection and correction was impossible. Then I learned about Blue Lane.

We have had several discussions about security around virtualization, tell our readers briefly "What is security around virtualization? Hypervisor security vs VM security"?

From my perspective there are two sometimes competing visions of what is needed for virtsec (virtualization security). One is a larger than life, mythical "hypervisor attack" that is able to take control of all VMs by exploiting hypervisor code. The other is really based on the pragmatic realization of the dynamics of virtualization (like mobility, state changes and flexibility) and what impact they will have on thousands of existing vulnerabilities resident on the hypervisor. Let's explore each one for a moment and readers can draw their own conclusions. The hypervisor is very modern code with a very narrow attack surface. With VMware's recent acquisitions it's very likely that they will address any vulnerabilities that do appear very quickly and easily, relative to the rest of the world of software (now a guest on a hypervisor)created when no one cared about security. The real exposure from the standpoint of attack likelihood is the very wide and fluid attack surfaces of percolating, shifting VMs on the hypervisor. There are thousands of existing VM vulnerabilities and enough proven attacks in the wild capable of evading perimeter defense solutions that securing the VMs should be the first prerogative of any production deployment.

The why so much talk about hypervisor attacks?

For starters, the impact of a hypervisor hijack could be very destructive. No doubt about it. But I think the real source of the hype are vendors with netsec appliances that don't have flow intelligence... they want to tap the virtsec market but aren't yet prepared to re-architect for the application and protocol intelligence required to protect the VMs. The classic deep packet, signature IPS vendors will continue to distract the market until they're ready. That's a smart move for the short term in some respects, but in the long term they need to help educate the market. Secure virtualization is in everyone's best interest.

Security seems like a luxurious option when buying virtualization, why is that?


It probably was years ago especially in devtest environments that were not hacktivist targets. With production virtualization however there are now public-facing VMs and critical security requirements. Of course, VM security can run about 10% of the cost of a VMware deployment. That's pretty reasonable luxury, even for devtest. There are other factors beyond cost also worth thinking about. The older perimeter IPS solutions will require more maintenance and produce more false alarms. That's not an exciting prospect for protecting a fluid virtualized infrastructure. You get a little bit of security for a lot of things on your network and tie up resources managing noise. Again, that's why I like Blue Lane's very elegant, clean architecture (especially when it comes to fluid virtualized environments). You want app and protocol flow intelligence to protect increasingly vulnerable VMs. You don't want endless tuning, alarms, etc. as your team makes changes.


What kind of security threats are we expecting around virtualization?

If you think about virtualized infrastructures running arrays of operating systems and applications that are in a steady state of flux you can easily envision large, fluid attack surfaces that change faster than the traditional netsec appliances put in place to protect them. That's a substantial shift with both strategic and tactical security considerations. Because VMs can move and interact with each other, even with firewalling, there are inter-VM flow risks that also need to be addressed. Then I would leave hypervisor attack risks and patching to VMware for the most part. They are making significant strides in hypervisor security and it's clearly an area of importance for them. I think they are way ahead of the other players when it comes to understanding the security dynamics of virtualization.

What makes Virtual Shield a better product against its competitors?


The core architecture is more advanced, more protocol and application intelligent than anything else out there. The result: very high effectiveness against attacks with minimal operational consequences (no tuning, no false alarms); minimal footprint and latency; no need for dedicated hardware; VirtualCenter integration; and specialized protection against zero day attack vectors and sophisticated attacks (like polymorphic worms/bots, SQL injection and cross-site scripting). I think these are some of the reasons we won a Best of Interop and a Best of VMworld.

Do you also sell your product as a Hardware-agnostic Software Appliance?


We sell our software on two form factors: 1) an optimized appliance (ServerShield); and 2) a VMware Infrastructure 3 plug-in (VirtualShield).

How are your sales doing?


Last two quarters saw 50% revenue growth Q2Q. We're hiring. :)

Do you have any expansion plans?


Yes. As revenues continue to scale we have plenty of innovations in our pipeline that will continue to fuel our success in server and VM protection. We'll be at VMworld Europe in Nice and Interop in Vegas in coming months. As you might expect, we're very bullish on both our server and VM security business.


What else can we expect from Bluelane in the coming months?

We'll continue to excel when it comes to protection against attacks that have vexed traditional architectures. We're going to continue to deliver more real innovation when it comes to server and VM security. We have the most powerful, advanced architecture in the market and will continue to drive game-shifting innovation by focusing on our core attributes (including accuracy, availability and performance) while minimizing the operational requirements and impacts of security.

Comments

Popular posts from this blog

Security: VMware Workstation 6 vulnerability

vulnerable software: VMware Workstation 6.0 for Windows, possible some other VMware products as well type of vulnerability: DoS, potential privilege escalation I found a vulnerability in VMware Workstation 6.0 which allows an unprivileged user in the host OS to crash the system and potentially run arbitrary code with kernel privileges. The issue is in the vmstor-60 driver, which is supposed to mount VMware images within the host OS. When sending the IOCTL code FsSetVoleInformation with subcode FsSetFileInformation with a large buffer and underreporting its size to at max 1024 bytes, it will underrun and potentially execute arbitrary code. Security focus

Splunk that!

Saw this advert on Slashdot and went on to look for it and found the tour pretty neat to look at. Check out the demo too! So why would I need it? WHY NOT? I'd say. As an organization grows , new services, new data comes by, new logs start accumulating on the servers and it becomes increasingly difficult to look at all those logs, leave alone that you'd have time to read them and who cares about analysis as the time to look for those log files already makes your day, isn't it? Well a solution like this is a cool option to have your sysadmins/operators look at ONE PLACE and thus you don't have your administrators lurking around in your physical servers and *accidentally* messing up things there. Go ahead and give it a shot by downloading it and testing it. I'll give it a shot myself! Ok so I went ahead and installed it. Do this... [root@tarrydev Software]# ./splunk-Server-1.0.1-linux-installer.bin to install and this (if you screw up) [root@tarrydev Software]# /op...