Startup NetCitadel aims to orchestrate security management controls in virtualized nets

Startup NetCitadel today launched with a product called OneControl intended to automate what might otherwise be manual research and changes related to configuring firewalls, switches or other gear when virtual-machine (VM) workloads are spun up or down in enterprise data centers or cloud environments.

"We're helping enterprises go from manual processing that's time-consuming to show automated responses to network events," says Mike Horn, co-founder and CEO of NetCitadel, about the purpose of the OneControl virtual appliance. Used in data centers, it can automate determinations about firewall, router and switch settings based on the preferred corporate security policy relative to VM-based workloads, eliminating the need for an administrator to manually research it.

[ NEWCOMERS: 13 security startups to watch in 2013 ]

Horn says OneControl can be installed to work with the various VM platforms, including VMware, Xen and Hyper-V. In a VMware-based environment, it can work with VMware's vDirector and vCloud APIs "to map the intelligence of the virtual device," says Horn, noting OneControl keeps track of the VM resource pool and related information such as IP addresses to determine what changes might need to be made to network firewalls, switches or routers to conform to security policy.

Available for about $25,000, the product competes against similar security-policy management and orchestration offerings from Cisco and Juniper. The idea is when VM workloads are moved around, OneControl can immediately advise on changes that need to be made to gear that today includes certain Cisco and Juniper routers, switches, firewalls and security gateways. A typical question it's designed to answer is, "If vMotion happens inside a network, how does that impact firewall devices?" says Horn. In the future, NetCitadel plans to bring intelligence about other gear, such as load balancers, into the equation as well.

OneControl can be deployed in either the enterprise network or cloud services, though the main testing so far has been toward supporting the Amazon AWS cloud, says Horn.

OneControl has been in early adoption for about five months at Kenettek, the Broken Arrow, Okla.-based managed services and data center provider which serves the oil and gas industry, among others. Almost the entire Kenettek data center is virtualized, says Ken Dobbins, service manager there, noting that OneControl is saving a huge amount of time in configuring services in routers and firewalls when new VM server clusters are spun up or otherwise changed for customers.

OneControl immediately provides security-policy directions to the Kenettek help desk staff rather than requiring they research how the VM-based change will impact security policy-based configurations related to firewalls and routers. This not only saves a huge amount of time, but it's turning out that it also saving on VMware licensing charges which are now based on "committed RAM per hour," says Dobbins. In the energy sector where data related to SCADA controls is collected during certain peak hours, it makes a difference, he points out.

NetCitadel, based in Mountain View, was founded in 2010 by Horn with Theron Tock, CTO, and Vadim Kurland. The company has received an undisclosed amount of funding from New Enterprise Associates.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email:

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags Configuration / maintenancesecurityciscohardware systemsjuniperIT SecurityData CenterVMwareNetCitadelvirtualization

More about Amazon Web ServicesCiscoIDGJuniperMountain ViewVMware Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts