Altor Networks Automates VM Security Policy Enforcement

Virtualization security vendor Altor Networks has added automated security policy enforcement and expanded compliance capabilities to its hypervisor-based firewall/IDS/security management product. Altor 4.0 lets enterprises define policies based on criteria such as group memberships, applications and services, VLANs, and zones through the new policy user interface. So, for example, a policy can state that a new VM has to run a particular version of Windows, a specific antivirus product, and designated applications and services. Compliance monitors report on the aggregate state of compliance in the virtualized network.

This new functionality comes on top of existing features, such as the ability to track VMs as they are created, migrated, cloned or decommissioned, and to monitor all traffic between VMs. The Altor software can also determine detailed information about each VM it monitors, including applications and services running, OS version, patch levels, protocols, bandwidth use, top talkers, top receivers and memory consumption.

Nick Portolese, infrastructure and portfolio manager at research giant The Nielsen Company, was among the early users of Altor at Telephia (acquired by Nielsen in 2007), which tracked consumer mobile phone use. Portolese says Telephia moved heavily into virtualization because of capacity limits and power and cooling costs. But his network engineer soon identified issues.

"We had all these switch ports spanning multiple VLANs," he says, "and if you put a sniffer or any sort of network monitoring tool at the physical switch layer, you can't make heads or tails of the origin or destination of traffic or what it's doing. It's really confusing." Portolese said the company considered deploying tools at the physical layer to have some network access control and monitor traffic. "Then we came across Altor, and were intrigued about the ability to understand and audit and set up machine groups so we could isolate particular applications," he says. Altor can also enforce separation of duties as to which VMs can be administered and what groupings they have, and can quarantine a VM that doesn't match a predefined profile.

While enterprises are embracing virtualization to consolidate servers and gain operational flexibility, they pay a price around compliance, security and policy enforcement. "It's fairly difficult to be regulatory compliant in a virtualization environment," says Chenxi Wang, Forrester Research analyst. "You no longer have a lot of the visibility you had before. Anything you can do at the hypervisor layer that increases visibility and control is a really good thing." Altor is one of only a handful of virtualization-specific security vendors, along with companies including Catbird Networks and HyTrust. Products such as Altor are still something of a niche market says Wang, but that may change. "Cloud providers are definitely a target, and enterprises who do private clouds might be interested," she says. Altor pricing starts at $1,500 per CPU.