Altor software checks traffic between VMs

Start-up Altor Networks is launching a new product that it says will provide visibility into the data traffic running between virtual machines (VMs) – which has, until now, been a security blind spot for people managing virtualised servers.

Share

Start-up Altor Networks is launching a new product that it says will provide visibility into the data traffic running between virtual machines (VMs) – which has until now been a security blind spot for people managing virtualised servers.

Despite an increasing number of virtualisation management and security tools, neither market leader VMware or any of its smaller competitors have quite achieved this.

Altor's Virtual Network Security Analyser, a software package to analyse packets travelling between VMs, is unique, according to Mike Montecillo, a security and risk management analyst with Enterprise Management Associates.

While IT managers have been able to get a good look inside individual VMs, they have been blind to what one VM on one physical machine is trying to say to a VM on another physical machine. This presents real malware and compliance risks, security experts have noted.

"Gaining the visibility into virtual networks has been difficult, due to the fact that in most cases organisations are deploying physical appliances to monitor network traffic," Montecillo says.

Those physical security appliances, designed to watch for risks on a physical network such as intrusions, unauthorised internet connections and suspicious traffic on ports, today do not work with VMs, Montecillio notes. Nor can today's firewall products see into traffic between virtual machines.

By contrast, Altor's CEO, Amir Ben-Efraim, says his company's product will be sold as software inside a virtual appliance. "Our goal is to make the virtual network more secure than the physical," he says.

Today the product works with VMware ESX Server, but Altor Networks plans to later support other major players including Citrix/Xen and Microsoft, Ben-Efraim says.

The software will centrally collect data on all packets travelling between VMs and uncover potential risks such as port scans and unusual protocols. The tool also will create what he calls a "baseline on your datacentre behaviour," then analyse traffic going forward, looking for unusual patterns, Ben-Efraim says.

Later this year, Altor Networks plans to release a second product, a virtual network firewall. This firewall, which will support VMware's recently announced VMsafe security standards and products, will allow IT departments to write security policies for individual VMs, Ben-Efraim says.

Will this firewall software be able to communicate with existing firewall products for the physical world? At the outset, no, says Ben-Efraim, but that capability is planned. "We believe you need two levels of granularity," he says. "With time, we will be able to leverage APIs from major security vendors."

Now Read

VMware tightens up virtual machine security

VMware fixes seven virtualisation bugs

"Recommended For You"

Security not a benefit of virtualisation, study finds The 5 virtualisation management tools that matter