Amir Ben-Efraim, CEO, Altor Networks

Introduction

Table of Contents

• What is a Security Thought Leader - Updated November 18th, 2009
  
• Framework for Security Thought Leader Interview - August 26th, 2009
  
• Lance Spitzner, Securing The Human, founder - Updated November 29th, 2012
  
• Bill Pfeifer, Juniper Networks - March 4th, 2011
  
• Chris Pogue, Senior Security Analyst - July 8th, 2010
  
• John Kanen Flowers - May 26th, 2010
  
• Kees Leune, Leune Consultancy, LLC - February 13th, 2010
  
• Joel Yonts, CISO - February 12th, 2010
  
• Maury Shenk, TMT Advisor, Steptoe & Johnson - January 31st, 2010
  
• Chris Wysopal, CTO, Veracode - January 27th, 2010
  
• Amir Ben-Efraim, CEO, Altor Networks - November 25th, 2009
  
• Ed Hammersla, COO, Trusted Computer Solutions - Updated November 19th, 2009
  
• Amit Klein, CTO, Trusteer - September 27th, 2009
  
• An Interview with Ron Gula from Tenable about the role of a vulnerability scanner in protecting sensitive information - Updated August 13th, 2009
  
• A. N. Ananth, CEO, Prism Microsystems, Inc. - August 7th, 2009
  
• Jeremiah Grossman, Founder and CTO of WhiteHat Security - Updated April 24th, 2009
  
• Mike Yaffe, Director of Product Marketing, Core Security Technologies. - April 15th, 2009
  
• Chris Petersen, Chief Technology Officer, LogRhythm - March 13th, 2009
  
• John Pirc, IBM, ISS Product Line & Services Executive: Security and Intelligent Network - February 17th, 2009
  
• Leigh Purdie, InterSect Alliance, co-founder of Snare: Evolution of log analysis - January 28th, 2009
  
• Bill Worley, Chief Technology Officer, Secure64 Software Corporation - December 9th, 2008
  
• Doug Brown, former Manager of Security Resources, University of North Carolina at Chapel Hill - October 30th, 2008
  
• Amrit Williams, Chief Technology Officer, BigFix - June 30th, 2008
  
• Andrew Hay, Q1 Labs - May 13th, 2008
  
• Gene Schultz, CTO of High Tower - April 4th, 2008
  
• Tomasz Kojm, original author of ClamAV - April 3rd, 2008
  
• Bill Johnson, CEO TDI - April 2nd, 2008
  
• Gene Kim, Tripwire - March 14th, 2008
  
• Kevin Kenan, Managing Director, K2 Digital Defense - March 14th, 2008
  
• Leigh Purdie, InterSect Alliance, co-founder of Snare - March 7th, 2008
  
• Marty Roesch, Sourcefire CEO and Snort creator - February 26th, 2008
  
• Dr. Anton Chuvakin, Chief Logging Evangelist with LogLogic - January 28th, 2008
  
• Kishore Kumar, CEO of Pari Networks - Updated January 28th, 2008
  
• Interview with Dr. Robert Arn, CTO of Itiva - November 1st, 2007
  
• Interview with Charles Edge - September 15th, 2007
  
• Ivan Arce, CTO of Core Security Technologies - Updated May 6th, 2009
  
• Mike Weider, CTO for Watchfire - Updated July 23rd, 2007
  
• Interview with authors of The Art of Software Security Assessment - Updated July 9th, 2007
  
• Ryan Barnett, Director of Application Security Training at Breach Security, Inc. - June 29th, 2007
  
• Dinis Cruz, Director of Advanced Technology, Ounce Labs - June 11th, 2007
  
• Brian Chess, Chief Scientist for Fortify Software - June 9th, 2007
  
• Caleb Sima, CTO for SPI Dynamics - Updated May 29th, 2007
  
• An Interview with David Hoelzer, author of DAD, a log aggregator - May 1st, 2007
  

Amir Ben-Efraim, CEO, Altor Networks

November 25th, 2009
By Stephen Northcutt

Amir Ben-Efraim, CEO and co-founder of Altor Networks has agreed to be interviewed for the Security Thought Leadership project. Their booth at RSA2009 piqued my interest because they deal with one of my favorite subjects, Defense-in-Depth, but specifically in the virtual environment. We certainly thank him for his time.

Amir, can you please give us the basic background information, do you have a short BIO we can post?



Thanks, Amir. And, if readers want to learn more about your work, are there URLs of papers or presentations you have written that are available on the web?

Certainly, here are three links:
Infoworld Interview with Altor Networks CEO http://vmblog.com/archive/2008/03/15/infoworld-interview-with-altor-networks-ceo-amir-ben-efraim.aspx

Making Sense of Virtualization Security – Vmware Expert Session http://www.vmworld.com/community/experts/altor

Closing The Doors That Virtual Sprawl Leaves Open – NYT interviews Amir Ben-Efraim http://www.nytimes.com/2008/04/09/technology/techspecial/09virtual.html


And, still in the vein of sharing knowledge, tell us where we can find some papers on the Internet that you consider a "must read":

When Virtual is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments
http://www.stanford.edu/~talg/papers/HOTOS05/virtual-harder-hotos05.pdf

VMware VMsafe Security Technology
http://www.vmware.com/technology/security/vmsafe.html

Tactical Guidelines for Evaluating Virtualization Security Solutions
http://www.gartner.com/DisplayDocument?id=858914


Now let's hear about you, how did you become interested in the field of information security?

After graduating business school in the mid-90s, I started helping businesses set up database driven websites to share information with their customers. Several companies asked me about the security of their websites. As I researched the topic, I learned about network-based worms. This piqued my interest in network security, which led to me joining Check Point Software who was pioneering stateful firewalls at that time.


Please, tell us about some of the security products you worked on at Check Point Software?

Check Point Software’s FireWall-1, VPN-1, Internet Security Systems (ISS), now IBM, RealSecure IDS for FireWall-1, ZoneLabs Integrity – all leading products in their respective markets.

FireWall-1 was the world’s first shrink-wrapped software firewall. It led the market in the late 90s, at one point reaching over 60% market share before being challenged by Cisco’s PIX.

RealSecure was one of the world’s first intrusion detection systems. The integration with Check Point’s FireWall-1, the product in my charge, offered the first of its kind implementation of integrated firewall and intrusion detection.


What product are you working on today at Altor Networks, and what makes that product unique; we'd love to hear your sales pitch!

My company develops and sells the world’s first purpose built firewall for virtualization. Unlike alternatives, our stateful firewall is delivered as a kernel module in the virtualization operating system or hypervisor. This lets us bring customers virtual network protection that is the most secure while achieving the lowest impact on hypervisor performance. Customers preserve the full flexibility and capacity of their virtual networks. Other security products can’t really make that claim. They might deliver security but it is at the price of the diminished virtualization and increased management complexity. They don’t “understand” virtualization, if you will. We’ve done some patent pending work to ensure that this isn’t a band-aid but rather key infrastructure.


And, looking forward, what do you think the security products in your space will look like in two years, what will they be able to do?

I think the trend is toward anticipation of risks and proactive mitigation. Take Altor, for instance. Our hypervisor firewall sees all traffic flowing between virtual machines. We know a lot about the applications and protocols and a lot about the security posture of the hypervisor and the virtual resources running on it. Right now we block or allow protocols and we can also detect intrusions. But the reports we generate contain a great deal more actionable detail that today we merely display. We could go further and make reliable inferences about potential risks so that we can guide virtual network administrators on how to construct security policies. I think that is a trend a lot of security technologies will follow. That is, leverage experience and tribal knowledge in building and implementing security to give highly prescriptive information for security optimization.


Please share your impression of the defensive information community. Are we making progress against the bad guys or are we losing ground?

Well, it stands to reason that the ingenuity that begets productive technologies also has its malicious and exploitative manifestations. I suspect that the mouse and mousetrap evolution will always be just that, a story with no end. What we can do is become more vigilant and disciplined about how we adopt new technology. Take virtualization for instance. There is an obvious rush to adopt it because of the enormous cost savings. The implementation of virtual networks has far outpaced any efforts at securing and protecting them. So, what you have now is a situation where almost half of all enterprises have virtualized servers and the vast majority of those run some sort of risk from malicious traffic or improper access control. This is ripe territory for the “bad guys”, and I’m certain they’ll eventually strike as they’ve always done in the past. There is significant ground to be gained in this area in the form of standards and referenced architectures that mandate virtualization security. It’s happening now, in fact.


Would you be willing to share your thoughts concerning the most dangerous threats we will be facing in the next year to eighteen months?

Everywhere you turn these days, the buzz is of clouds and cloud computing. We are talking now about networks that almost entirely blur boundaries and perimeters. There’s no question that there are attack vectors on the horizon that will capitalize on the shared architecture construct to not only gain unauthorized access but to obfuscate the source of the malicious activity. It is more important than ever to segment resources and keep detailed logs because cloud-based attacks are inevitable.


What is your biggest source of frustration as a member of the defensive information community?

It seems that the industry has lost some focus on staying ahead of emerging threats. As the bad guys have gotten more sophisticated and work for financial gain instead of fame, fewer widespread attacks are hitting the headlines. I recall that after SQL-Slammer, everyone rushed to purchase security solutions, but the damage was already done.

Compliance seems to be the prime driver of security implementations these days, but most regulations are out of date and were written to deal with yesterday’s attacks. Take virtualization for example – none of the major compliance requirements make any reference to it despite wide spread adoption and unique security concerns associated with it.

Security professionals need a voice beyond compliance – which frankly does not represent cutting-edge thinking when it comes to tackling the very sophisticated threats out there today.


One of the traditions of the thought leadership project is to give our interview candidates a bully pulpit, a chance to share what is on their mind, what makes their heart burn even if it is totally unrelated to the rest of the interview. Please share the core message you want people to know.

Virtualization and by extension cloud computing are ushering in a whole new way to provision, enable and sell applications, systems and services. The basic premise is to untether the components that make business flow from cables, hardware and physical location so that delivery can be high performance and on demand.

This is creating enormous opportunities for firms but also risks to information of a magnitude we’ve not experienced to date. This entirely new “network” we’re calling a virtual ecosystem and in some cases a cloud needs a custom built approach to segment it and secure it. The old ways are simply not relevant here.


Can you tell us something about yourself, what do you do when you are not in front of a computer?

I love to travel with my family. It’s nice to step away from the computer screen and visit some far-away part of the world. Along with an opportunity to see interesting sites and spend quality time together, it always provides a grounding experience to see people from different cultures go about their everyday lives. Our work in the IT industry, especially in start-ups, tends to be fast-paced and all consuming – so taking occasional breaks is nice counter-balance to the work life.

<< Thought Leader Home