IT giant introduced service-detectable firewall

It will find application in data centers and the cloud.

/ photo Christiaan Colen CC BY-SA

What is this technology

VMware introduced a new firewall that protects the network at the application level.

The infrastructure of modern companies is built on thousands of services combined into a common network. This expands the vector of potential hacker attacks. Classic firewalls are able to protect against attacks from the outside, but they are powerless if the attacker has already penetrated the network.

Specialists in information security from Carbon Black say that in 59% of cases, attackers do not stop hacking a single server. They are looking for vulnerabilities in their associated devices and are “moving” around the network in an effort to gain access to more data.
')
The new firewall uses machine learning algorithms to determine the anomalous activity in the network and informs the administrator in case of danger.

How it works

A firewall consists of two components: the NSX platform and the AppDefense threat detection system.

The AppDefense system is responsible for building the behavioral model of all applications running on the network. Special machine learning algorithms analyze the work of services and form a "white list" of the actions they perform. To compile it, information from the VMware database is also used. It is based on the telemetry provided by the company's customers.

This list plays the role of so-called adaptive security policies, on the basis of which the firewall determines network anomalies. The system monitors the operation of applications and when it detects deviations in their behavior, sends a notification to the data center operator. VMware vSphere is used to monitor activity, so the new firewall does not require installation of specialized software on each host.

As for the NSX Data Center , it is a platform for managing software-defined networks in the data center. Its task is to link the firewall components into a single system and reduce the cost of its maintenance. In particular, the system allows you to extend the same security policies to different cloud environments.

You can view the firewall in a video on a VMware YouTube channel .


/ USDA PD Photo

Opinions

The solution is not tied to the architecture and hardware of the target system. Therefore, it can be deployed on a multi-cloud infrastructure. For example, representatives of IlliniCloud, which provides cloud services to government agencies, say that the NSX system helps them to balance the load on the network and serves as a firewall in three geographically distant data centers.

IDC representatives say that the number of companies working with multi-cloud infrastructure is steadily increasing. Therefore, solutions that simplify management and protect distributed infrastructure (such as the NSX and the firewall built on its basis) will only gain popularity among customers.

Among the drawbacks of the new firewall, experts highlight the need to deploy software-defined networks. Not all companies and data centers have this opportunity. In addition, it is not yet known how a service-defined firewall will affect service performance and network bandwidth.

VMware also tested its product against only the most common types of hacks (for example, phishing). It is not clear how the system will work in more complex cases, like a process injection attack. At the same time, the new firewall cannot take measures to protect the network on its own - it can only send notifications to the administrator.

Similar solutions

Palo Alto Networks and Cisco are also developing a new generation of firewalls that protect the network infrastructure around the perimeter. This level of protection is achieved through advanced traffic analysis, intrusion prevention (IPS) and private network virtualization (VPN) systems.

The first company created a platform that ensures the security of the network environment through several specialized firewalls. Each of them protects a dedicated environment - there are solutions for mobile networks, the cloud and virtual machines.

The second IT giant offers hardware and software tools that analyze and filter traffic at the protocol level and application functions. In such tools, you can configure security policies and use the integrated database of vulnerabilities and threats for specific applications.

In the future, more companies are expected to offer firewalls that protect networks at the service level.

---

What we write about in the First blog about corporate IaaS:

• Distributed firewall in vCloud Director 8.20: solution features
• SAP HANA and software-defined data center: practical case
• vCloud Director: how to create a secure connection between two organizations

And in our Telegram channel:

• Cloud storage - what are they?
• Three ways to deploy an ERP system
• Data protection in the cloud: unusual scenarios