StoneBlog.stonesoft.com

Last week, Network World published an intriguing story on How Much Should You Spend on IT Security (http://www.networkworld.com/news/2010/092210-how-much-should-you-spend.html?hpg1=bn). According to Gartner, enterprise security spending breaks down into the following categories: 37% personnel, 25% software, 20% hardware, 10% outsourcing and 9% consulting. It’s clear that if companies want to drive significant reductions in IT security spending, they must focus on personnel and software. But, how?

The problem is that traditional technologies – especially in the network security sector – are designed to extract as many resources as possible from the enterprise. First of all, a secure network requires separate investments in firewalls, IPS and other network devices, as well as a host of log management, reporting, high availability and other tools. Furthermore, there are few options for managing all of these devices and functions in a centralized manner. That means more manpower needed to configure, update and support the network. Now – let’s throw in the fact that most enterprises are now juggling physical and virtual network security infrastructure. It’s downright overwhelming, both strategically and fiscally.

The answer is simple: the only way that vendors can really deliver on their promise to reduce network security costs is to deliver comprehensive security solutions that centralize network management. No more unnecessary bolt-on purchases – management, reporting and availability should be built directly into the solution. Finally, vendors must make it easy for companies to manage their complex networks from a single place. That includes their physical and virtual network, as well as all of the different devices on the network regardless of vendor. The paradigm for network security products is shifting, led in part by Stonesoft.

How do you think today’s companies can most easily reduce security costs without decreasing security effectiveness?

written by SideKick - 621 views

I was digging latest security related article this morning and found this interesting contribution on Burton Group blog.

In my opinion the presence of these type of posts shows that maybe (and I really say maybe) virtualization market is becoming finally ready for moving from server consolidation (aka big virtualization wave phase 1) to network segments virtualization.

And while cloud computing is rapidly growing in hype and offering, we should not forget the immense benefits that network virtualization offers to companies in terms of savings, manageability and flexibility.

Naturally, large advantages and benefits go with careful evaluation and analysis of risks involved in network virtualization adoption.

Stonesoft has been one of the first companies to talk about and offer a centrally managed virtualized solution to implements a rock solid, highly available, fully compatible network defense system allowing traditional efficient network security methods and techniques to be implemented throughout virtualized datacenter.

StoneGate Virtual Appliance Firewall, IPS and the upcoming SSL VPN, together with StoneGate Management Center for centralized management at minimized cost of administration represent now more than ever a perfect solution for the corporate virtualized datacenter, no matter if this is in the cloud or corporate wide… or both.

Virtualized Network Security. Simplified.

written by RoarinPenguin - 922 views

…to experience StoneGate at best in your virtual infrastructure!

After the large success of previous version, here’s the update featuring:

• StoneGate Management Center version 5.04
• StoneGate Firewall/VPN version 5.04
• StoneGate IPS version 5.0.2
• StoneGate SSL VPN version 1.3.2

in a ready-made configuration according to following schema:

The system includes virtual machine compatible with the newest version of VMware virtualization systems (Virtual Machines version 7) like vSphere, VMware Server 2.0.x and VMware workstation 6.5 and later.

You can find more details and download links here.

Network Security. Virtualized

written by RoarinPenguin - 1,561 views \\ tags: svdk, virtual demo kit, virtual playground, Virtualization

vSphere or VMware ESX 4.0 introduced a number of interesting features, among which the possibility to upgrade your virtual hardware to version 7 from version 4 (that was default in previous ESX 3.x world).

This upgrade, achieved right clicking on the virtual machine in VI Client and select “Upgrade Virtual Hardware”, will inject cool steroids in your virtual machine (but makes it also not backward compatible with VI 3.x anymore).

A positive side effect of such steroids is the ability to increase the number of NICs in your VM as shown below.

Continue reading »

written by RoarinPenguin - 1,592 views \\ tags: ESX 4, stonegate, virtual appliance, Virtualization, vsphere

It’s often said that those “who can’t do, teach.” Or a similar metaphor says that the “cobbler’s kids have poor shoes.” In other words, even in network security, those who attempt to teach and preach network security often aren’t good at their own. Stonesoft has a key component to its StoneGate platform, which enables simple implementation of security for both physical and virtual systems. But where does our virtualization experience come from, and do we practice it ourselves?

There’s no better example to demonstrate our experience with virtualization and virtual security than by employing our StoneGate virtual firewall/VPN, intrusion detection and prevention systems and SSL VPN in VMware’s vSphere 4. Our Americas headquarters in Atlanta, Georgia in the United States hosts demo.stonegate.com, a premier system architected and engineered to allow prospects, customers and partners to experience the full capabilities of StoneGate through virtualization technology. It also allows us to develop, test, and hone our skills in virtualization and virtual security. The architecture uses our virtual appliances, and virtual servers to simulate a full set of Internet traffic, multi-link VPNs, server load balancing, clustering, StoneGate Management Center high availability, IPS sensor in-line clustering, IPS analyzer redundancy, end-user domains, role-based administration and more.

Recently, we upgraded the systems to VMware’s vSphere 4, and so I couldn’t help but take a few pictures of the actual hardware to put a physical appearance to the virtual world that demo.stonegate.com represents. Below you can see the equipment that drives the system, including two vSphere servers, an iSCSI storage system, and some physical appliances bridged into the virtual world. The system also has some other physical hardware integrated to demonstrate the new third-party monitoring. If you’re interested in learning more about our virtual appliances and how they can secure your data, please visit us at www.stonesoft.com. If you’re interested in a demonstration of demo.stonegate.com and the StoneGate platform, contact your sales team. Although the system is currently running the release code of 5.0, in the future we will again set up beta.stonegate.com to try out upcoming releases as well.

So yes, we do practice what we preach. In the end, virtualization can help organizations realize many benefits, including cost savings, simplification, and more. Stonesoft can help ensure that those benefits can be realized in a secure fashion. That’s just another way that Stonesoft means Network Security. Simplified.

written by markb - 1,243 views \\ tags: demo, management

As you might have heard, Sun has recently released version 2.2 of its desktop virtualization solution: VirtualBox.

My curiosity was stimulated by the claimed support for the OVF standard, since this is the format we used in Stonesoft to create StoneGate Virtual Appliances when we went for VMWare certification.

Therefore today I tried to import a StoneGate Firewall/VPN Virtual Appliance made for VMware ESX in a fresh installation of VirtualBox on top of a Windows 2003 Server machine.

Result: it worked like a charm!

Although I haven’t tested extensively (like pushing a policy, processing traffic, etc.), installation and initial contact with a StoneGate Management Center worked smoothly.

This is of course not enough to ensure endorsement and official support from Stonesoft, but the purpose of my post is just to show you some screenshots about a successful test (in case you plan to run for a demo or test environment StoneGate Firewall/VPN Virtual Appliance within Sun VirtualBox 2.2).

Continue reading »

written by RoarinPenguin - 6,976 views \\ tags: stonegate firewall, test, virtualbox

Virtual environments are easy to manage in many ways. However, the easiness will bring up some threats that do not exist in physical environments as such. For example, it is not that simple task to take an internal server out from one rack, move it to another rack dedicated for the public Web servers, and plug it into the same DMZ network segment with them. At least you have time to think what you are doing while going through all those steps. Also, such an operation will not go unnoticed by others working in the same machine room with you. In a virtual environment, a server can be destroyed or moved to a wrong network segment within few seconds (by a mistake or in purpose) while your colleagues are working in the same room with their workstations.

As long as human being is involved in the administration processes, there is no way to prevent this kind of mistakes to happen. But the question is how you can detect and possibly minimize the effects of the mistakes.

Continue reading »

written by pentti - 1,290 views \\ tags: security management, security threat, Virtualization

I’ve been there, back home now, just want to share some thoughts with you.

First, VMware CEO Paul Maritz talked about the vCloud and officially announced the new name for the upcoming VI4: vSphere.

Second, they announced lots of cool’n’sexy things, making people feeling like they’re Back to the Future (like they did last year).

Third, for first time they started speaking seriously about security by stating the concern that security in virtualization projects should and must not be an afterthought.

IMHO, security was bit of left aside last year, when VMware started a foggy VMSafe initiative just to generate hype but with no real focus on it, leaving people with some psychological doubts in starting serious virtual datacenter projects.

As said in a previous post, customers so far have mainly consolidated servers without going really in datacenter virtualization, mainly fearing that one way or another the virtual networking infrastructure could be seriously compromised, hacked or exploited.
We have seen this concern even this year, when people visiting our booth was asking what they could do to implement virtualization security in a) a fashion they know and b) in a manageable way.
Especially considering that since

• virtual datacenter does not happen in a day or two and
• complete virtualization is hard to achieve,

networks are likely to be “hybrid” (physical and virtualized) for a while…

They have been pleased in seeing the pragmatic approach of Stonesoft concerning virtualization security:

• today, you can immediately implement security as part of your virtualization project, transposing “traditional network segmentation” model into virtualized environment with StoneGate Firewall and IPS Virtual Appliances
• Stonesoft is actively following virtualized security evolution (like VMSafe initiative) to eventually leverage technological benefits it might generate
• today we deliver smooth and consistent unified management of both physical and virtualized security engines, thanks to the power of SMC (StoneGate Management Center), minimizing cost of administration and impact on resources

What about you? Been at VMWorld? Concerned about virtualization security? What do you think of our approach? We’d like to hear from you…

written by RoarinPenguin - 1,370 views \\ tags: Security, Virtualization, vmworld 2009

Greetings from our little nice booth sur la Côte d’Azur!

We are waiting for you to visit us, talk about Virtualization Security and show you our powerful yet simple solutions to secure your virtual information flow.

See you there… at booth 76!

written by RoarinPenguin - 1,036 views \\ tags: cannes, Virtualization, vmware, vmworld

The most common motivation for a virtualization project is cost saving coming from server consolidation. Like the term indicates, the server consolidation is typically managed by server administrators, who may be a separate group of people from the IT security team. This may lead into a situation that the security is not an integral part of the design.

When the security is an afterthought, the solution may become more complex than necessary. And because simplicity is one of the main security principles, the complex solution will further decrease the security by increasing possibilities for configuration mistakes. Like Gartner’s report shows, more than 99% of security breaches are caused by misconfigurations [1]. Maintaining an unnecessarily complex environment will inevitably lead into additional misconfigurations, i.e.  into additional security breaches.

Continue reading »

written by pentti - 6,192 views \\ tags: security threat, Virtualization