Montego Networks spotted on radar
Montego Networks has been flying under radar for the past
year and this week increased its elevation just enough to be seen on the
virtualization industries radar detector. Montego Network’s announcement of securing virtual network
communications between VM’s has everyone buzzing but what has caught most people’s
attention is Montego Network’s technology that enables 3rd party
security vendors to do the same thing (VM to VM). Now, I’m the CTO of Montego Networks, so my
comments here are a bit biased but also first hand. So, when I tell you that it’s been a great announcement,
I truelly feel it has. Everyone I have
spoken with in the analyst and press community thus far has embraced the idea
of security vendors working together to provide a solid solution vs. every
vendor trying to be all things to everybody.
So, what does this really mean and how does it work?
Let’s say you have VM1 (Virtual Machine) and VM2 (Virtual Machine) and they need to be able to
transfer data between each other but only once or twice a week. This means you can’t have them 100%
isolated. Because you have a
communication need between them, it probably makes sense to only open up the channels
(TCP/UDP Ports) that they need to communicate on vs. opening up all
channels. This helps mitigate
exposure. So, let’s say you open up port
6667 and only port 6667 for them to communicate with each other. Well, this is now a bit more secure than the
other option of leaving all ports open but let’s say this is a very very
critical server and you want deep packet inspection done on all of its traffic. The reason you want to do this is because
there is the potential that worms and BOTnet communication could occur over
this port 6667 but the only way to determine that is to do deep packet
inspection. I am using port 6667 as the example because I spoke with someone that had a real live case where one of their Linux VM’s got infected with this BOTnet: http://www.energymech.net/ on port 6667
Now, I could put some sort
of virtual IPS product inline and look at Physical to Virtual communication for
all of the VM’s (VM1, VM2, VM3, VM4, etc.) but I don’t care to take that kind
of performance hit and I also already have a physical IPS handling Physical to
Virtual. What I really needs is IPS
between the VM’s which I haven’t been able to find from any vendor yet and even
if I did find such a solution on the market I don’t care to take the
performance hit of doing IPS between ALL VM’s.
So, now that you understand the challenge, how can Montego
help and what’s this HyperVSecurity thing they talked about in their press
release that allows other vendors to interoperate with them. Well, with Montego’s Policy Based Switching
technology you, the administrator can control what types of VM to VM traffic
you would like to have inspected by a 3rd party security
solution. I would simply set up a policy
that says VM1 to VM2 on port 6667 will have its traffic sent to a StillSecure
virtual IPS product and once a week when that traffic starts to flow it will be
sent over to the IPS product for further inspection. Or if traffic starts to flow outside that
once a week norm, it will still be sent for inspection. This way if some attacker tries to get in on
that port he will have to make sure he can get past the IPS that now is able to
VM to VM IPS.
Pretty cool huh? I
think so.
Now, back to Montego
coming out of stealth mode…
You’ll start to hear and see a lot more innovation coming
out of Montego Networks now that we’ve popped slightly above radar and the
industry knows we are here but is scrambling trying to figure out what exactly
we do, how sustainable will this new startup be and if we really have what we
say we have. I’m certain competing
companies will throw FUD and make all sorts of comments about what we do, how
it performs, etc. etc. and all I can say is to just keep an eye on the after
burners because we are starting to get lift off.
-JP
*** This is a Security Bloggers Network syndicated blog from Security In The Virtual World authored by JOHN PETERSON. Read the original post at: https://vmwaresecurity.typepad.com/security_in_the_virtual_w/2008/03/montego-network.html