Firewalls and the Virtual Network: Trouble Controlling the Blaze?
The late 1980s saw the rise of Internet firewall technology as a way to separate "trusted" internal networks from the wilds of potentially hazardous online sites. But while firewalls offered substantive protection for personal desktops and local offices using a single server stack, the rise of virtual and cloud environments gave hackers a new way in. The use of the wall came under fire. Was it outdated? Past its prime? Some companies don't agree, and are developing new ways to secure systems and deter would-be intruders.
Security firm Palo Alto Networks, for example, is wading into very specific firewall territory with its newest offering, one designed to work specifically with VMware products and virtual machines (VMs). According to an article at Computerworld, the company's VM-series of products aims to fill the gap left by physical firewalls: between VM-to-VM intra-host traffic flows. The VM-100, 200, and 300 versions of Palo Alto's software allow IT admins to specify exactly which workloads can talk to each other, but require careful measurement when it comes to determining proper utilization.
Ideally, the application-level VM-series will act as part of a whole, in concert with established physical firewalls to provide near-total coverage, but the company also has plans to launch a cloud-based malware detection component. This subscription service will notify users of potential problems. Although it can't remediate them, it points to the other direction security companies must take: general purpose firewall products.
Aside from stealing company data and corporate secrets from big business, hackers can do serious damage if they decide to go after infrastructure. It's the potential problems with power grids that interests Michigan Technological University's Chee-Wooi Ten; he's developing a way to protect electric substations from unwanted intrusion based on a product from Israel-based Waterfall Security Solutions. A recent Michigan Tech article discusses the Unidirectional Security Gateway, which is a effectively a semi-permiable firewall: Information can only flow one direction. Unlike traditional firewalls that rely on rules, conditions, and lists of blacklisted apps to make their decisions, the Gateway does away with it all, letting information flow away but not back to the source.
Already, Waterfall employs this technology in Europe, Asia, and Israel. Ten hopes modifications to the project--he has a $24,000 budget and $210,000 worth of equipment to work with--will improve the energy industry at large by increasing efficiency, reliability, and security. If nothing else, it's certainly thinking outside the box.
And for midsize IT admins, that's the key for new firewall technology. Specific offerings like Palo Alto's VM-series provide ways to shore up the defenses of virtual machines, while more generally applicable solutions like the Unidirectional project and Ten's improvements give hope for broad-scope impact across multiple sectors. While many solutions won't be marketed directly to a midsize business crowd, owing to the needs of government agencies and potential windfall from enterprise, that doesn't mean they aren't effective tools. Admins may need, instead, to look beyond the physical firewall they already have to the virtual firewall they need.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.