Story image

WatchGuard on virtualisation...

10 Apr 2014

Many of WatchGuard’s customers use virtual editions of our security products but usage is most common among our managed service provider clients.

Virtualisation is the simplest and most effective way to achieve the elasticity and flexibility required for private and public clouds.

Traditionally, network security has been designed as a ‘one appliance, one application’ model and designed with physical networking in mind.

Firewalls and UTM appliances are leveraged in network designs based on the fundamental notions of:

• Perimeter enforcement – protecting the “inside” from the “outside” – with network architectures that are built on this separation

• All traffic flows over physical networks, so security can be implemented by interposing physical devices on the wire

With virtualisation, those fundamental assumptions may not be true:

• Network architectures blur the definition of the “perimeter” with private resources spanning locations using VPNs

• Multiple organisations and applications within a business, and multiple businesses hosted by a service provider, can be on the same side of a physical perimeter

• Compliance and privacy requirements make it necessary to offer security and auditability between entities within the same virtual infrastructure

• Mobile users can easily bring malware into a shared infrastructure

• For service providers, the ability to offer full protection is even more critical when multiple customers are hosted on the same server farm – or even on the same server

• Physical appliances cannot offer in-line protection in a dynamic virtual infrastructure

• High-availability and live motion capabilities can mean that applications do not always run on the same physical servers

• Traffic can pass over virtual-only networks within a server, making it impossible to interpose a physical device

Tackling Security Challenges

UTM combines several layers of security into a single appliance. WatchGuard architecture consists of different security layers working cooperatively with one another to dynamically detect, block and report on malicious traffic while passing benign traffic through as efficiently as possible.

Each layer performs different security functions. Zero day protection is a consistent theme throughout the different layers - which means that WatchGuard protects businesses from new, unknown threats. WatchGuard offers all this through a virtual appliance.

Management is MUCH harder in the Virtual World

It’s very easy to instantly spin up new VMs but this flexibility represents a management and reporting challenge. Security policies must be assigned by VM, zone or both, rather than by the traditional location or network connection. WatchGuard solves this problem two ways.

First, we automate configuration deployment. Every new instance automatically connects to a management server and downloads its own unique and specialised configuration.

Secondly, we’ve created world class data visualisation tools. WatchGuard Dimension instantly turns raw network data into actionable security intelligence.

Together it’s a knock out combination AND we are the only UTM Firewall vendor that bundles both services free of charge as a value add!

By Pat Devlin, regional director Australia and New Zealand, WatchGuard Technologies

Edge computing market to provide ‘lucrative opportunities’
The market is set to skyrocket in the coming years, paving the way for emerging market players.
Opinion: 3 ways cloud & colocation providers can use renewables
Schneider Electric’s John Powers discusses the renewable revolution that is underway and how providers can jump on board.
Former CBRE data centre head joins EkkoSense board
Data centre expert Mark Acton will be strengthening the board as a non-executive director.
$50b modular data centre market driven by edge computing
Findings from a new research report have been released by Global Market Insights that show a burgeoning market.
Telia Carrier launches new PoP in SUPERNAP Italia data centre
Today Telia Carrier announced a new Cloud Connect PoP in the SUPERNAP Italia data centre near Milan, Italy.
Verizon makes major step towards Multi-Access Edge Compute
In a trial environment in California, the wireless provider achieved full virtualisation of baseband functions.
Interview: Edge computing - the force powering hyperconverged infrastructure
Scale Computing CEO Jeff Ready talks offerings, plans for the future, and a look as edge computing as the next tech innovation.
Symantec, Ixia combine efforts to secure hybrid networks
Ixia’s CloudLens and Symantec Security Analytics now feature complete integration, which allows Symantec customers to gain real-time visibility into their hybrid cloud environments.