VMware and Palo Alto team to more quickly secure virtual resources

In connection with its NSX network virtualization software effort, VMware is teaming with Palo Alto Networks to jointly develop a virtualized network-generation firewall (NGFW) tightly integrated with VMware's platform.

VMware and Palo Alto Networks say their goal is to increase the security and efficiency of the virtualization process by adapting the Palo Alto VM-based NGFW, the VM-300-HV, to work under the management and security framework envisioned under NSX. The NSX software enables a way to set up an automated network control and security policy, including distributed firewalling, with a security policy oriented toward applications.

Palo Alto and VMware say they are collaborating on an NSX-tailored version of Palo Alto's VM-300-HV, so that the designated manager for the virtual machines in the data center can "spin up what he wants," but "the security guy can define the policy," says Danelle Au, Palo Alto's director of solutions marketing. This is seen as especially useful in cloud deployments.

Introduced last August, NSX is a data-plane software layer added to VMware's ESX virtual-machine (VM) software for automating network control and security policy in VMware-centric data centers. VMware has let it be known it's working with several security vendors that want their third-party anti-malware, vulnerability management or intrusion-prevention products to work within the NSX-designed controls framework. But VMware's partnership with Palo Alto Networks represents VMware's first close strategic NSX  alliance, according to both companies.

[Background:VMware spotlights NSX security tool for deploying security software and services]

Palo Alto already markets a VM-based next-generation firewall. But Au acknowledges there can be issues associated with using NGFW for applications running in a virtualized environment.

"While VMs can be spun up in minutes, it takes weeks or months to deploy the security for the applications, either on the VM hypervisor or as physical firewalls," Au acknowledges. She said establishing security policies for dynamic workloads can take considerable time and remains a somewhat manual process.

Chris King, vice president of product marketing in the network and security business unit at VMware, says NSX provides a way to generate a kind of risk-assignment "container" for VM jobs so that wherever the workload goes in a dynamic environment, its rules for risk and security configuration go with it and are automatically applied. NSX also offers a way to create "traffic-steering rules" and NSX is viewed as a way to add a kind of software-defined switching to VMware-based networks.

There will be challenges in attempting to smoothly blend the capabilities of the Palo Alto NGFW -- a complex application-aware firewall that can establish identity-based controls and intrusion prevention -- with VMware's NSX, the new networking and security layer.

Au and King indicated the goal is to have the security policies for the Palo Alto VM-based NGFW first provisioned by the Palo Alto manage console called Panorama. The traffic steering rules for the network would be provisioned by VMware's NSX management console. There's a joint integration being developed in which both company's management products would by necessity have to share some information, including "context" and machine inventory.

King says the two companies have been working together for some time and are well along in their goal, with beta testing already beginning, and general availability expected sometime around the first half of 2014. While this is the first strategic partnership around NSX, VMware wouldn't say whether it would be the last.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: emessmer@nww.com

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags palo alto networksFirewall & UTMsecurityWide Area NetworkVMware

More about IDGNSXPalo Alto NetworksTwitter

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place