Can you get there by stitching together best-of-breed stuff?
I don't think you can because, by its very nature, best-of-breeds do one thing well. So therefore it's a point solution. So therefore I have to constantly be translating between each one of those instead of looking at a unified security solution that does what it's supposed to do as soon as a virtual machine is spun up. Right? IP addresses are really a bad way of binding security information to a web server running the credit card app-15 . It's a really bad way to do it because it's so abstract.
It's like using your telephone address book backwards. "I want to call Bob. Oh, he's in 831. Oh, his exchange is 478. OK. Oh, there's Bob. Call Bob." No. I call Bob. I don't even know Bob's number anymore. But when I'm doing network security, if I can't bind the event to a specific virtual machine logically associated with an app through a policy container like a TrustZone, I don't have a consolidated view. I've just got a bunch of events that I have to constantly correlate between.
But there have been so many efforts over the years to make all the security tools work better together. Why does your approach stand a better chance?
I think the lynchpin that makes it possible today is this idea that for the entire lifecycle of a workload I can, through the virtual infrastructure, know network-based attributes that are relevant to my security controls in a way that I've never been able to do before. When I ping an IP address I can tell whether it's up or down. If I want to verify that it's still connected to an application that it was a week ago, that's actually a harder problem. But when I'm looking at it from the virtual infrastructure I know that it's VM-25 App-3 every time. And I know its IP address, which switch it's on, that it's protected by a firewall, and I know it was scanned. As a matter of fact, the scanner changes the IP address when the IP address changes to make sure that it scans the correct asset. You can't do that with the point solutions.
Sign up for MIS Asia eNewsletters.