IT giant introduced service-defined firewall
It will find application in data centers and the cloud.
/ photo Christiaan Colen CC BY-SA
What is this technology
VMware introduced a new firewall that protects the network at the application level.
The infrastructure of modern companies is built on thousands of services integrated into a common network. This expands the vector of potential hacker attacks. Classic firewalls can protect against external attacks, but they are powerless if the attacker has already penetrated the network.
Information security experts at Carbon Black say that in 59% of cases, attackers do not stop at hacking a single server. They look for vulnerabilities in devices connected with it and "move" across the network, trying to gain access to more data.
The new firewall uses machine learning algorithms to determine abnormal activity in the network and, in case of danger, notifies the administrator.
How it works
The firewall consists of two components: the NSX platform and the AppDefense threat detection system.
The AppDefense system is responsible for building the behavioral model of all applications running on the network. Special machine learning algorithms analyze the operation of services and form a “white list” of the actions they perform. Information from the VMware database is also used to compile it. It is formed on the basis of telemetry provided by the company's customers.
This list plays the role of so-called adaptive security policies, based on which the firewall determines anomalies in the network. The system monitors the operation of applications and, upon detection of deviations in their behavior, sends a notification to the data center operator. VMware vSphere tools are used to monitor activity; therefore, the new firewall does not require the installation of specialized software on each host.
As for the NSX Data Center , it is a platform for managing software-defined networks in the data center. Its task is to connect the components of the firewall into a single system and reduce the cost of its maintenance. In particular, the system allows you to extend the same security policies to different cloud environments.
You can look at the firewall in action atVMware YouTube channel video .
/ photo USDA PD
The solution is not tied to the architecture and hardware of the target system. Therefore, it can be deployed on a multi-cloud infrastructure. For example, representatives of the IlliniCloud company, which provides cloud services to government agencies, say that the NSX system helps them balance the load on the network and acts as a firewall in three geographically remote data centers.
IDC representatives say the number of companies working with multi-cloud infrastructure is steadily increasing. Therefore, solutions that simplify management and protect a distributed infrastructure (such as NSX and a firewall built on its basis) will only gain popularity among customers.
Among the disadvantages of the new firewall, experts highlight the need to deploy software-defined networks. Not all companies and data centers have such an opportunity. In addition, it is not yet known how a service-defined firewall will affect service performance and network bandwidth.
VMware also tested its product only against the most common types of hacks (for example, phishing). It is not clear how the system will work in more complex cases like a process injection attack. At the same time, the new firewall cannot take measures on its own to protect the network - it can only send notifications to the administrator.
Palo Alto Networks and Cisco are also developing next-generation firewalls that protect the entire network infrastructure. This level of protection is achieved through deep traffic analysis, intrusion prevention (IPS) and private network virtualization (VPN) systems.
The first company created a platform that provides security for the network environment through several specialized firewalls. Each of them protects a dedicated environment - there are solutions for mobile networks, the cloud and virtual machines.
The second IT giant offershardware and software tools that analyze and filter traffic at the level of protocols and application functions. In these tools, you can configure security policies and use the integrated database of vulnerabilities and threats for specific applications.
In the future, more companies are expected to offer service level firewalls that protect networks.
What we write about in the First Corporate IaaS Blog:
- VCloud Director 8.20 Distributed Firewall: Solution Features
- SAP HANA and Software Defined Data Center: A Case Study
- vCloud Director: how to create a secure connection between two organizations
And in our Telegram channel: