Q&A with Jonathan Gohstand of PacketMotion

Jonathan Gohstand (Profile)
Wednesday, May 18th 2011

VSM: I have read that PacketMotion has recently introduced a new solution for securing data in virtualized environments. Can you provide us with a brief overview?

JG: Sure. PacketMotion’s PacketSentry solution provides broad support for compliance and audit reporting and security controls in a single offering. It delivers identity-based visibility, auditing and control, and auditing of user activity on the internal network, without agents or in-line appliances.

What’s new, and where this gets interesting now for your readers, is that PacketMotion’s PacketSentry Virtual Probe extends the award-winning PacketSentry solution into the virtual data center. The PacketSentry Virtual Probe provides complete visibility, audit and control in the VMware virtual data center, including within virtual servers on VMware hosts. Application, database and file servers can be located proactively, and all activity audited at a granular level. Identity-based virtual firewalling supports segmentation and protection of sensitive virtual hosts. The solution can be used to implement a wide range of typical compliance and audit control activities: Access controls, administrator activity and change management, detection of abnormal data access patterns, and much more. The solution also supports proper separation of duties by giving security, compliance and network teams a platform for audit and control in the virtual data center.

VSM: What are the most significant threats to organizations’ private data stored in virtual and cloud data centers?

JG: The proliferation of virtualization in the data center has created significant threats around audit and security. The lack of visibility into virtual servers makes it challenging to identify virtual hosts that should be audited or secured. As a result, critical applications and databases lack audit controls on data access and administrator activity, and are not segmented from the rest of the environment. This presents a tremendous risk. Failed audits, system or data compromise and loss of reputation are all possible given the lack of controls in the virtual data center.

VSM: Why is it so difficult to secure data and meet audit and compliance control requirements in a virtual environment?

JG: There are a number of reasons why it’s tough. Perhaps the biggest problem is that virtualization makes it trivial to spin up new databases, application servers, and other critical assets. New systems are being created all the time, and most of the time security of the new system is an afterthought. Second, Security and Audit teams have invested in solutions that assume that all communication to key servers passes over the network and can therefore be audited from the network. This is not the case in the virtual environment. Finally, many organizations are moving key resources into the cloud in Infrastructure or Platform as a Service (IaaS/PaaS) offerings, but doing so without a clear and consistent security strategy in place as part of the contract with the service provider.