HP Networking
Discover how the new HP Networking combines the technologies and alliances of 3Com, ProCurve and TippingPoint into the next networking leader.

Cisco Virtual Security Gateway (VSG): different doesn’t necessarily mean better

By Sanjay Raja, Product Marketing, Virtualization Security

 

IMG_7557-Edit.jpgWith security such a big concern for customers migrating to virtualized datacenters, I thought I’d look at what’s out there beyond your standard virtual security appliance, which tends to promise a lot, but deliver little.
 

I was especially intrigued by Cisco’s Virtualization Security solutions, since they appear to differ from the standard virtual appliance approach. Unfortunately, for customers using the product, different doesn’t mean better.


Cisco has a product called the Virtual Security Gateway (VSG) for the Nexus 1000V Series. It is a virtual firewall that lets you enforce policy and segmentation virtual environments. All associated security profiles are configured to include trust-zone definitions and access control lists (ACLs) or rules. They also support VM mobility when properly configured. If there’s one thing the company is good at, it is those good-old ACLs developed back in the early 90s!


What’s most glaring is that the company offers a virtual firewall that works with VMware, but there’s no integration with VMware’s vShield. vShield is part of VMware’s vSphere and offers virtual firewall capabilities similarly to VSG. I thought the two companies were partners
?

 

HP TippingPoint already offers these capabilities, in addition to security policies that move with VMs. And guess what? We have our own virtual firewall, but thought customers would also want the option to work with VMware more closely. That’s why we work with vShield and have a co-development agreement with VMware for next-generation security for virtualized environments. Is a firewall the best that Cisco can do?

7-25-2011 12-16-27 PM.jpg


I’m confused as to how this solution is marketed to provide the same security as your physical data center. I’m pretty sure that most enterprise data centers, whether physical or virtual, have at minimum intrusion prevention systems (IPS). In fact, I thought most IT departments were already looking at a range of security measures, including:

  • web application protections
  • application identification and control, and even
  • reputation services

Many of these technologies are being deployed because of mandatory compliance initiatives, like PCI. Wouldn’t I be taking a step backwards if I moved my critical assets into a VM running just a firewall?


The bottom line on physical and virtual security


You need to perform the same level of inspection in physical and virtual environments. But we all know that Cisco’s IPS technology is way behind in performance and security effectiveness. The company has a 4Gbps solution at best. And it’s well documented that they don’t find vulnerabilities proactively, especially when compared to HP TippingPoint’s DVLabs. This probably explains why they don’t offer anything but a virtual firewall. I think they’d rather sell more UCS. Oh wait, they aren’t really doing much of that either. But I digress…

 

Questions to ask when migrating to a virtualized data center


So, when moving from the physical to the virtual world, and then to the cloud, remember to ask the following questions about next-generation data center security:

 

  • 7-25-2011 12-39-28 PM.jpgHow do I maintain the same level of security and compliance between physical and virtual environments?
  • How do I maintain performance without sacrificing security?
  • How do I maintain the same visibility, management and separation of roles when securing virtual environments?
  • Am I getting the level of security services, research intelligence and proactive protection for securing my critical assets?

 

 

>> Learn more about HP Secure Virtual Framework here

>> Learn more about HP TIppingPoint's network security solutions here 

>> Who's Got Your Back? Redefining investment protection.
>> Before replacing existing Cisco switches & routers with more of the same Pause and consider this

>> Learn more about HP Networking products and solutions for the Instant-On Enterprise

 

 

           7-28-2011 2-08-39 PM.jpg

 

 

 

 

 

 

 

 

 

 

 

 

Comments
Gary Kinghorn(anon) | ‎07-27-2011 07:29 PM

Having left the HP Tipping Point product marketing group close to a year ago for Cisco, I felt compelled to clear a number of the factual inaccuracies in your post:

http://blogs.cisco.com/datacenter/vsg-vive-la-difference-a-tutorial-for-hp/

SecurityGuy(anon) | ‎07-27-2011 08:18 PM

 

 

"If there’s one thing the company is good at, it is those good-old ACLs developed back in the early 90s!"

 

If there's one thing Cisco is good at, it delivering those good-old IP packets developed back in the mid 70s!

Joe Schmoe(anon) | ‎07-27-2011 08:42 PM

Wow.  Very wrong and misinformed.  HP has lost tremendous market share in x86 blade systems.  Cisco has gained 20% market share in 2 years of UCS existence. Now the #2 vendor in the US for x86 blades. 

 

Open mouth...insert foot.

 

 

Sanjay Raja(anon) | ‎07-28-2011 07:44 AM

Hi Gary,

 

Looks like you’re staying in the thick of it at Cisco.  As I’m sure you’ve experienced, a lot can change in a year, especially in the securtiy industry.

 

I agree with your comment about competition…healthy competition is great, especially when it is a win for the customer.

 

Best regards,

 

Sanjay



 

 

 

IT Support Guy(anon) | ‎01-05-2012 11:58 PM

Thank you for the great article. It will be interesting to see where HP and Cisco takes us in 2012!

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the community guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation