Stonesoft Security in Virtual Environments

As I mentioned in the post, Virtualization and security, quite a number of suppliers focused on security in virtualized environments have come forward to speak with me in the past month. Stonesoft is one of those companies. Mark Boltz, Senior Solutions Architect, and Greg Mead, Solutions Architect, both of Stonesoft, and I spoke about the topic recently.

Who is Stonesoft?

If you're not familiar with Stonesoft, they're been providing a network security platform, known as the StoneGate Platform, since 2002. As of today, it is comprised of the following products.

• StoneGate Firewall/VPN, an enterprise-level firewall
• StoneGate IPS, an intrusion protection system
• StoneGate SSL/VPN, software providing secure socket layer protection for remote access to applications
• StoneGate Management Center, a centrally management system that helps organizations manage the StoneGate family of products

Many of these products are available in the form of a server appliance or software that can run in a virtual machine. Stonesoft recently became a member of the VMware technology alliance.

What does StoneGate do?

StoneGate's approach to security revolves around the concept of controlling the network communications among physical and virtual systems. Their approach allows an organization's network to be broken up into separate security zones without having to actually reconfigure each of the systems. The network security layer does all of the work.

Where does Stonesoft fit in an organization's security architecture?

Stonesoft would put forward the idea that if the network is properly secured, that organizations would need to worry less about security of individual systems or applications. This would, in their view, simplify the environment significantly. After all, the tools that are securing the network don't have to care if the systems on the network are mainframes, midrange systems running UNIX, or industry standard systems running Windows, Linux, UNIX, NetWare or Mac OS.

Snapshot Analysis

While Stonesoft's message is very appealing, it is not a complete security solution all by itself. Security software to protect individual client systems and server systems are still needed. For example, securing the network back in the corporate offices won't prevent remote staff members from downloading software that introduces a virus or worm into their own laptops.Their approach, on the other hand, would protect the network when an infected machine comes back from the field and is connected to the office network.

Protecting the network is an important part of an overall security architecture and those in the process of designing such an architecture ought to see a demonstration of Stonesoft's products.