Edward Holecky of The Virtualization Practice sat down with Michael Berman, CTO of Catbird and Christopher Hoff of Juniper, in the Cube at VMworld, 2011, to discuss Virtualization Practice.
Holecky points out that virtualization security has been progressing in even steps without much change and asks the panel to discuss what is new and different. Berman announces a VShield OEM agreement, "We're bringing VShield application controls inside our policy orchestration and automation framework. It becomes a particular type of, what I would call, a policy enforcement point for firewall applications." Catbird is working with three additional companies for integration orchestration, vShield App, Sourcefire, and SAINT.
The emergence from adolescent stage of some virtual appliances is pointed out by Hoff, "Customers are saying I'm going to apply the same set of requirements to my virtual security suite as I do to the physical. And, in-fact, it's more than that, I want to manage them with the same policies. I don't want to make a distinction between physical and virtual."
Berman discusses all applications having horizontal scale so in their case they have to think about efficiently and reasonably managing two or three hundred or two or three thousand enforcement points. Keeping in mind, doing so in a reasonable, scalable, efficient way where high availability is just another variable because it involves managing a huge amount of enforcement points.
Hoff claims, "Virtualizing security will not cost you less, ultimatley it will be that NetZero will cost you more because of the operational issues." Berman counters, "The API's are allowing me the deployment in policy automation. So, from a security operator point of view I can take a lot of these things that were very complicated and not only make them easy, I make them go away if I do my job right."
It is considered by Berman that if companies are virtualizing their data center they should virtualize their security. Network and security needs to be completely inter-meshed. Hoff adds, "One of the fundamental things that we didn't really discuss, we kind of eluded to it, is much of the automation we're talking about is actually, kind of, network automation also. Very topology dependent, at least today, and what's interesting is that we see the emergence of protocols being invented to deal with the need to claw back and make, kind of, extend the reach of the virtualized edge. Ultimately, what's happening and what you see in the networking space is networking vendors like Juniper, like Cisco, there's still that disconnect."
Security has to be data-centric, so a lot of data protection has to be in the network. There continues to be gaps in the way data is reached, labeled, classified and protected. Making giant leaps can be difficult for IT, even enterprises, however, ultimately setting a path to fill the gaps by seeing products start to aggressively enter virtualized space is necessary.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
VMworld 2011 | Las Vegas. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For VMworld 2011 | Las Vegas
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for VMworld 2011 | Las Vegas.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
VMworld 2011 | Las Vegas. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to VMworld 2011 | Las Vegas
Please sign in with LinkedIn to continue to VMworld 2011 | Las Vegas. Signing in with LinkedIn ensures a professional environment.
Edward Holecky of The Virtualization Practice sat down with Michael Berman, CTO of Catbird and Christopher Hoff of Juniper, in the Cube at VMworld, 2011, to discuss Virtualization Practice.
Holecky points out that virtualization security has been progressing in even steps without much change and asks the panel to discuss what is new and different. Berman announces a VShield OEM agreement, "We're bringing VShield application controls inside our policy orchestration and automation framework. It becomes a particular type of, what I would call, a policy enforcement point for firewall applications." Catbird is working with three additional companies for integration orchestration, vShield App, Sourcefire, and SAINT.
The emergence from adolescent stage of some virtual appliances is pointed out by Hoff, "Customers are saying I'm going to apply the same set of requirements to my virtual security suite as I do to the physical. And, in-fact, it's more than that, I want to manage them with the same policies. I don't want to make a distinction between physical and virtual."
Berman discusses all applications having horizontal scale so in their case they have to think about efficiently and reasonably managing two or three hundred or two or three thousand enforcement points. Keeping in mind, doing so in a reasonable, scalable, efficient way where high availability is just another variable because it involves managing a huge amount of enforcement points.
Hoff claims, "Virtualizing security will not cost you less, ultimatley it will be that NetZero will cost you more because of the operational issues." Berman counters, "The API's are allowing me the deployment in policy automation. So, from a security operator point of view I can take a lot of these things that were very complicated and not only make them easy, I make them go away if I do my job right."
It is considered by Berman that if companies are virtualizing their data center they should virtualize their security. Network and security needs to be completely inter-meshed. Hoff adds, "One of the fundamental things that we didn't really discuss, we kind of eluded to it, is much of the automation we're talking about is actually, kind of, network automation also. Very topology dependent, at least today, and what's interesting is that we see the emergence of protocols being invented to deal with the need to claw back and make, kind of, extend the reach of the virtualized edge. Ultimately, what's happening and what you see in the networking space is networking vendors like Juniper, like Cisco, there's still that disconnect."
Security has to be data-centric, so a lot of data protection has to be in the network. There continues to be gaps in the way data is reached, labeled, classified and protected. Making giant leaps can be difficult for IT, even enterprises, however, ultimately setting a path to fill the gaps by seeing products start to aggressively enter virtualized space is necessary.
