Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

McAfee IPS Beefs Up Reputation-Based Detection, Adds Virtualization Traffic Visibility: Page 2 of 2

"We're trying to move as much as we can to a virtualized environment for ease of deployment and management," says Ken Owens, technical VP for security and virtualization at Savvis, provider of cloud, managed hosting, network and security services. "But, we realize that things like IPS and Web application firewalls require pretty advanced computational power."

He says the McAfee-Reflex approach is "state of the art" now for directing traffic from the VM layer to the IPS appliance, but he expects eventually to leverage the hosts in clusters to a more powerful solution." Savvis uses Reflex products to manage its virtual environment and is evaluating Network Security Platform because of the new virtualization capabilities.

Except for a handful of specialty vendors such as Reflex, Catbird, HyTrust and Altor Networks
(acquired by Juniper), security products have generally had very limited visibility inside virtual environments. Organizations that are concerned about unintentional movement of protected data can address most problems with good configuration control, says Gartner's Young, but that can become difficult.

"There's pressure to virtualize, but new servers can be spun up, and it's so easy to make changes," he says. "Being able to see the changes that compromise security policy can be really valuable for most complex data centers."

See more on this topic by subscribing to Network Computing Pro Reports Research: WAN Security (subscription required).