Data Center Security based on Micro-segmentation
“Protect traffic between VMs up to application level”
Data centers are typically protected using perimeter security technologies such as firewalls and IDS/IPS. These products focus north-south traffic, in and out of the data center. While they are very effective protecting the perimeter, they are not built for securing east-west traffic within the data center. This is becoming an issue since east-west traffic could represent 5x the amount of north-south traffic, due to an increasing number of communicating web, application, and database servers. This means that if a malware penetrates the outer security perimeter, it can launch further attacks inside a vulnerable data center.
Strengthening the solution with Qosmos
Micro-segmentation divides the data center into smaller zones which can be protected separately. The advantage is that in case of a breach, the damage can quickly be contained to a small number of compromised devices. This new approach requires a real-time association between applications and security policies. Therefore, east-west traffic between VMs must be analyzed in real-time, up to the Layer 7 application.
Using your own development resources or with the assistance of Qosmos Professional Services, Qosmos ixEngine can be integrated inside the hypervisor and extend vSwitch visibility from Layer 1-4 all the way up to Layer 7. The vSwitch strengthens access control rules between VMs based on application traffic.
- Ready-to-use Layer 7 visibility for developers of data center security products
- Continuously updated protocols and applications
- Natively integrated with new virtualized architectures and frameworks (e.g. ODL Group-Based Policy)
- Enables automated provisioning and move/add/change of policies + quarantine of infected VMs