Interview with BlueLane Technologies on VirtualShield

http://www.bluelane.com

The security patching process in the physical world was challenging enough, whether it was the server that didn’t come back because the disk needed replaced first, the bluescreen as the patch disagreed with something, or worse the application being dependent on that port that Microsoft just closed. Move this to the virtual world and I remember one engineer saying it approached game over stage, by this he meant, it could easily take just as long to patch 25 virtual servers as it could to patch 100 or 200 physical ones. Why? The virtual servers could be powered down, they could be moved ESX servers, they could be decommissioned, or they might be the box we image from, all things which could make for an emotional server engineer.

VirtualShield is set to resolve these problems by managing the process more effectively and using the technology that is already there to limit your risk. I was delighted to interview Greg Ness, the Vice President of Marketing from Blue Lane Technologies, to ask him some questions that I had, hopefully I covered everything in the interview, in the meantime, over to Greg (answers indented).

As I understand it VirtualShield is locking down the network to prevent the vulnerability at the network/socket layer? Is there a reason for this and not software/operating system level?

VirtualShield actually protects at the “hypervisor layer” so technically it is at the software level. However, a key distinction here is that the hypervisor actually recreates the network inside the virtual plane. Once the physical server with the hypervisor receives network packets, that information is passed on to virtual servers, over a virtual network, utilizing virtual switches and virtual network interface cards. The VirtualShield is inserted within this virtual network stream to utilize Blue Lane’s intellectual property: protecting servers by accurately decoding application protocols and applying appropriate inline corrections on the fly.

This is an ideal place to address virtual server vulnerabilities. First of all, this location provides the equivalent of a “zone defense”. From this vantage point it’s possible to protect any number of virtual servers without any change in our posture. Secondly, VirtualShield can protect any number of heterogeneous platforms (e.g. Microsoft, Linux, etc.). Thirdly, operating in the network stream means there’s no agent required to run on individual virtual servers. As a result, management overhead and resource consumption are both minimized. You also don’t have to worry about our product introducing any incompatibilities or requiring any “virtual power cycling” that could impact availability.

Can I undo specific fixes/vulnerabilities to a server if it were to break an application?

Absolutely. In the real world of applying software fixes, this would called a “roll back”. It would require uninstalling the patch or reprovisioning the server with an earlier image. VirtualShield allows you to back a fix out with a click of a mouse. The benefit of scale works in both directions, too. You can apply a fix for hundreds of servers instantly. And likewise, you can back it out for hundreds of servers instantly.

So do I need a physical management server to install the Manager on?

The VirtualShield Manager runs on VMware ESX. You can deploy it on the same hypervisor alongside a VirtualShield or it can run elsewhere in the network. One single instance of the manager can easily manage all the VirtualShield instances for most customer deployments.

The fact sheet I read through briefly suggested that a manager could look after 100 machines, are there any plans to scale that up?

We have tested the product to ensure that a single VirtualShield Manager is capable of orchestrating up to 100 VirtualShields. We felt as though this was a good test for the market because this scales to any customer with 100 ESX hypervisors running. Although we’ve not tested beyond this number, it’s conceivable that companies could push the envelope here. One of the advantages of running the VirtualShield Manager as a guest on ESX is that the customer can scale the resources as need be.

Does the manager report on vulnerabilities it thinks my servers are vulnerable too? Can it perform a remote scan in effect for compliance?

While not technically a vulnerability scanner, VirtualShield can be used for compliance initiatives. We have had customers use our products as a compensating control for machines that cannot patch quickly. Additionally, we are partners with Qualys, one of the leading vulnerability assessment products on the market. That integration allows a security administrator to quickly assess which vulnerabilities on his network have already been addressed by Blue Lane.

What kind of response have you been getting after announcing the product?

We’ve been very pleased with the interest we’ve received thus far. You can see the press results at: http://www.bluelane.com/news/.

Have their been any specific success stories of interest?

We received orders when we were in beta, so we knew we were onto something. We are seeing a sustained increase in traffic to our site and much higher than expected downloads of the Nemertes Issue Paper on Securing Virtual Infrastructures offered on our home page. So as of day 4 of our launch we’re pretty excited.

How easy is the install?

The deployment is incredibly straightforward. So much so, in fact, that the product is available by download, accompanied by a Quick Start guide that allows users to get up and running within a couple hours.

How does the subscription work?

The subscription is annual. If you buy the entry-level bundle from us for $599, you get one license for one VirtualShield (for one physical server running ESX Server 3, up to two processors), one VirtualShield Manager, and one year of online support, software updates and new protection capabilities (e.g. inline patches). One year later, the annual subscription renewal cost is $599.

Is there a set fee per virtual server, and is it priced per virtual cpu or per session?

No, you can run unlimited virtual servers behind VirtualShield. You only pay Blue Lane for each VirtualShield, and only one VirtualShield is required on each hypervisor.

Is there a cost for the manager?

The manager is included for free in our product bundles.

Are there site discounts for large enterprises?

Blue Lane will take volume into consideration for very large, enterprise orders.

6 Responses to “Interview with BlueLane Technologies on VirtualShield”

1. Greg Ness says:

   March 23, 2007 at 19:56

   Martin:

   Greg Shields just posted a very conversational podcast interview that is very complimentary to this interview: http://www.realtime-windowsserver.com/podcast/2007/03/an_interview_with_greg_ness_ja.htm

   Similarly I will reference this interview on his blog for those looking for more info. There are some additional comments about polymorphic worms that your visitors might find interesting.

   Sincerely,
   Greg

2. martin says:

   March 23, 2007 at 21:09

   Great Greg, thanks, check it out, very cool.

3. Greg Ness says:

   March 26, 2007 at 18:39

   Martin:

   Allwyn Sequeira, Blue Lane’s SVP of Product Operations will be speaking at Interop on Security and Virtualization (Tuesday May 22 at 11:30AM). We may podcast the panel if there is enough blog interest.

   http://www.interop.com/lasvegas/education/virtualization.php

4. martin says:

   March 26, 2007 at 19:28

   Sounds great, I’d love to hear the panel, if you do podcast it, let me know and I’ll update the post.

   Regards

   Martin

5. Greg Ness says:

   April 10, 2007 at 01:26

   http://virtual-jay.blogspot.com/2007/04/blue-lane-intrusion-prevention-system.html

   From Jay Rogers blog on virtualization…

   “I have been testing both the Virtual and Physical solutions Blue Lane provides, and I have been very impressed. We put in in place on some very “dirty” segments and now we know what is attacking our systems. Also eases some of the burden of Microsoft’s patch tuesday!”

   Thanks again,
   Greg

6. martin says:

   May 13, 2009 at 10:30

   Sounds great, I'd love to hear the panel, if you do podcast it, let me know and I'll update the post.

   Regards

   Martin

This site uses Akismet to reduce spam. Learn how your comment data is processed.