The security industry is largely "bankrupt" and vendors "lie," Crosby declares, warning "anything that asserts it can detect an attacker is fatally flawed." He claim a A better approach to virtual machine security is going to be done through CPU-based protection and "hardware isolation" that make use of built-in Intel and ARM chip security functions in a novel way. Bromium's vSentry virtualization security works like a VM within a VM to isolate and then "throw away" attack code targeting Windows.
Whether newer ideas such as these catch fire remains to be seen.
SDN, an upcoming technology, doesn't mean physical switches are going to go away, says Gartner's Young, noting this still immature form of networking will mean new ways to orchestrate applications and automate service chaining through controllers. The problem, however, is that it will certainly impact what is done with firewalls today and at this point there really doesn't appear to be a solid security model for SDN. "Current SDN security mechanisms are effectively non-existent," Young said.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: emessmer@nww.com.
Read more about wide area network in Network World's Wide Area Network section.
This story, "How cloud, virtualization and SDN will complicate future firewall security" was originally published by Network World.