This solution, using the McAfee Network Security Platform, starts with market leader VMware, but will eventually cover the others in the space. And while this Intrusion Prevention solution is the first to be rolled out, the plan is to extend the platform to cover Intel Security’s other virtual infrastructure products.
Intel Security has announced an integrated solution with VMware which deploys the McAfee Network Security Platform (NSP) to better protect east-west traffic within virtual data centres. In addition, Intel Security is releasing a similar solution for OpenStack, and intends to deploy similar solutions for other vendor products. This technology will also become the platform for Intel Security’s virtual infrastructure solutions going forward.
“This is a very important and very strategic announcement for us, and is one of the key tenets of our cloud security solution,” said Vinay Anand, Vice-President of Product Management, Intel Security. “This is a platform for all of our solutions going forward.”
The solution’s focus is on the east-west traffic – between servers – in the virtualized data centre.
“Between 70 and 95 per cent of data centres today are virtualized and they struggle with security because they don’t have the right tools,” Anand said. “Close to 80 per cent of this data centre traffic is east-west. In a physical data centre, everything is fine but in a virtual instance where servers are dynamic and don’t always show up on the same physical host, your ability to protect them becomes a lot more challenging unless you have a dynamic system. Dynamic security that follows the app and the server is very critical.”
The new integrated solution utilizes the McAfee NSP IPS-VM100-VSS, a new version of the McAfee Intrusion Prevention solution specifically designed for interoperability with the VMware NSX network virtualization platform. Its other components include the McAfee Network Security Manager, Intel Security Controller and, of course, VMWare NSX. The Intel Security Controller transparently runs as a broker between the VMware NSX infrastructure and the Intel Security’s McAfee NSP. Together, they enable network IPS protection to be dynamically and automatically provisioned to help protect intra-VM traffic based on defined policies and requirements.
“As each new VM server comes up, we can dynamically apply the right server policy that has been defined,” Anand said.
“We have been working on this for three years with VMware,” Anand stated. “We started with VMware because they are dominant in the data centre. Most of our enterprise customers are VMware customers. We also have a version for OpenStack as well, although we are not making a formal announcement. A roadmap is also in place to cover all virtual infrastructure to be released later on.”
Anand said that customers are just now focusing on improving security within the virtual data centre.
“After the virtual data centre was established, the first phase beyond that was optimizing the data centre to make the most effective use of data center resources,” he said. “Now customers are moving to the next phase, where they look to improve the protection. They have been using the old architecture from the physical world. It does work, but it is suboptimal.”
Enterprises will get the most value out of this solution, Anand said.
“Larger organizations feel the pain sooner than others,” he said. “The solution can certainly scale down, but the smaller the data centre, the fewer problems you will have. It’s not much of a challenge to handle a data centre with two hosts as opposed to 200 or 2000 hosts.”
Rollout to the channel will initially be limited to select partners, but will eventually broaden out.
“We are starting with a small number of partners but that is just a start,” Anand said. “It’s not going to be restricted to a small number of partners. Partner availability will be expanded, but in a phased approach.”
Anand emphasized that the platform being used for this solution will be expanded throughout the company’s virtual infrastructure line.
“We started with our network IPS, which is our leading edge product, but we will start integrating other solutions, such as our next-generation firewall, into the platform,” he said. “This will be a broader platform for all of our solutions going forward.”