Altor’s thinking that way and claims to be able to make a virtual environment more secure than a physical one by putting the security at the network level, specifically on the virtual (software) switch.
That way, it says, you can lock down policies for each virtual machine with maybe 8%-10% latency, which it claims is a fraction of the performance costs you pay if you try to apply physical security to VMs, and would break if you tried to make it dynamic.
With traditional physical security, if you were trying to communicate, Altor says, between the front-end and back-end you would either have to break security or sacrifice some of the virtualization.
Altor, which was co-founded by the former head of business development at Check Point Software Amir Ben-Efraim, has started with a Virtual Network Security Analyzer that passively plugs into the switch and shows you what’s going on inside the so-called virtual network that most people don’t even know is there, it says.
After it spooks them with that revelation, it’s proposing to field a protective firewall this summer that can be used with the typical security limitations.
The analyzer runs $500 per physical server but you need the $1,500 management console to see into it. When the Virtual Network Firewall gets here this summer the whole megillah should go for about 15% of what your VMware installation costs, according to senior director of business development Poornima DeBolle.
The company also has some full-function freeware to be used as trialware that’s good only for one physical server. It won’t consolidate across multiple servers.
Altor is currently leveraging VMware’s channels. It is also partnering with Citrix.