Stonesoft Guards Against External And Intrahost Threats

I spoke with Stonesoft on Wednesday regarding the company's new security solutions for VMware. Intrahost protection, anyone? Stonesoft, a Finnish network security shop founded in '90, has been working with virtualization issues since 2002 when it released a firewall product for IBM mainframe environments. It has built a solid customer base on high availability, clustered security solutions, and multilink routers.

Yesterday at Cannes the company announced it had joined the VMware Technology Alliance Program.

Of more direct interest to all of us ... Stonesoft also announced the availability of its StoneGate Firewall/VPN and intrusion protection systems for VMware.

StoneGate has been protecting physical networks, x86 servers, and Big Iron for a while now. With this release the company is extending its security reach into virtualized space with intrahost-capable firewall and IPS offerings.

This is very cool stuff; one management console and rule set can be applied across an enterprise, including monitoring activity between VMs inside an ESX host. StoneGate offers inspection of IP traffic on internal, virtualized networks, with support for VMotioning and other VM hijinks thanks to a flexible "define object alias" firewall setting that allows rule sets to be tied to named servers as well as static addresses.StoneGate customers tend to be midmarket companies with five or more locations, though the customer list runs the range from single-site shops to multinationals like Xerox. Pricing for StoneGate begins around $2,400 and reaches into the low six figures. Rough estimates on a new configuration monitoring physical and virtualized platforms would start around $25K.

Stonesoft has seen 40% revenue increase year to year and a 120% increase in new customers over the last 12 months. The folks I spoke with are pretty happy about the new formal relationship with VMware, hoping to see their numbers continue to grow. Senior VP Paul Johnson and Mark Boltz, a senior architect and security expert, brought up the customer complaint of tech fatigue, where customers are stuck in a constant hardware refresh because of obsolescence and/or a full rebuy due to a size or performance plateau. All of the company's StoneGate products are designed to scale via clustering as customer needs increase. Need more oomph for your SSL VPN? Buy another box and join it to the cluster. Stonesoft has clients with multiple generations of gear "ganged" together, humming along, keeping everything safe.

Those existing clients can now add a virtual appliance to the mix to protect ESX guests; I can easily see new customers lining up for an ESX-only solution to guard VMs. Stonesoft has to be hoping those folks will branch out to protect the rest of the shop.

I know we're all flush with VMworld excitement, but perhaps ... some other well-known virt platforms will be added to Stonesoft's partner list in the near future. Time will tell.