Where’s the traffic? Filtering network traffic in virtualised environments
Ever wondered how intrusion detection solutions and vendors are acting on current virtualisation trends?
The most obvious peril hypervisors pose to virtualized network security is simply that they take that network traffic out of the range of conventional security devices. A packet sniffing appliance can’t see packets that never leave a given physical server. V-Agent solves that problem by residing within the virtualized network. It’s a logical approach to the problem.
V-agent by Catbird is essentially a guest system - “a virtual security appliance” - that attatches itself and runs in the virtual network provided by the host (i.e. VMWare ESX) to virtual machines. V-agent then monitors and filters traffic between other guest system as a traditional IPS. Other functionallities provided by V-agent are NAC-like features for limiting the possibilties of accidently publishing guest systems, and protection of the “hypervisor”.
This is interesting, because virtualisation certainly twists the concept of the “network”. The cloud becomes even cloudier, so to speak. But virtual systems and guest machines are still essentially the same old Windows and Unix systems, and they use the same ways of communications as they always have. What is it to say that traditional solutions won’t work? They might just have to become a bit virtual?