« Fluidity, integrity and security | Main | Wired Scenes -- Netsec and Virtualization »

Security 3.0 and the Perimeter Myth

Greg Ness regarding the myth of security at the perimeter.  Continuing the story about how we really need to concern ourselves with VirtSec and  "the soft middle", and not just the perimeter.

Security 3.0 and the Perimeter Myth | AlwaysOn

Over the last few weeks I’ve been talking to analysts and security pros about virtualization, security and the evolution of netsec to virtsec. Last week I was in Los Angeles on a virtualization panel at the InformationWeek Virtualization Summit and then in NYC on a MISTI panel on virtsec.

As a result of several discussions, I’ve come to the conclusion that for many organizations their network really doesn’t have a perimeter, at least in the classic sense of defense. The idea of a strategic point of defense that protects what is inside has become a legacy myth, an anachronism from the early days of netsec and fame-seeking hackers.



In the short term the netsec hardware
vendors MUST announce a virtsec product in 2008. Being late to the
party will cost them substantial vision and revenue growth points. As I
commented before, these 2008 virtsec announcements will likely be vapor
ware because of the substantial difficulties in moving from signature
processing (usually ASIC) “architecture crunch” to massive hypervisor
footprints. Maybe these products will be broken into multiple parts in
order to lessen the load on individual servers and avoid massive
processing burdens. Maybe they’ll find a creative way to exploit the
hypervisor layer from afar? Either way, they are in a world of
computational disadvantage until they understand the nature and
weaknesses of the applications they are defending. ...

Powered by ScribeFire.

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
All HTML will be escaped. Hyperlinks will be created for URLs automatically.