Register now for SANS Cyber Defense Initiative 2016 and save $400.

Thought Leaders

Table of Contents


Amir Ben-Efraim, CEO, Altor Networks

Stephen Northcutt - November 25th, 2009

Amir Ben-Efraim, CEO and co-founder of Altor Networks has agreed to be interviewed for the Security Thought Leadership project. Their booth at RSA2009 piqued my interest because they deal with one of my favorite subjects, Defense-in-Depth, but specifically in the virtual environment. We certainly thank him for his time.

Amir, can you please give us the basic background information, do you have a short BIO we can post?

Amir has over 18 years of experience in high-tech management, including marketing, business development and software engineering. Most recently, Amir was head of business development at Check Point Software where he led the company’s global BD efforts, including partnerships, OEMs, corporate strategy and M&A considerations. Previously, Amir was co-founder and senior vice president of marketing at Blue Wireless, a vendor of personalization software for telecommunication carriers. Prior to Blue Wireless, Amir led marketing initiatives at Netro Corporation, and simulation projects as lead software engineer at Amdahl Computers. Amir holds an M.B.A. from UCLA, an M.S. in Electrical Engineering from Stanford University and a B.S. in Electrical Engineering from UC Berkeley.


Thanks, Amir. And, if readers want to learn more about your work, are there URLs of papers or presentations you have written that are available on the web?

Certainly, here are three links:
Infoworld Interview with Altor Networks CEO http://vmblog.com/archive/2008/03/15/infoworld-interview-with-altor-networks-ceo-amir-ben-efraim.aspx

Making Sense of Virtualization Security – Vmware Expert Session http://www.vmworld.com/community/experts/altor

Closing The Doors That Virtual Sprawl Leaves Open – NYT interviews Amir Ben-Efraim http://www.nytimes.com/2008/04/09/technology/techspecial/09virtual.html


And, still in the vein of sharing knowledge, tell us where we can find some papers on the Internet that you consider a "must read":


When Virtual is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments
http://www.stanford.edu/~talg/papers/HOTOS05/virtual-harder-hotos05.pdf

VMware VMsafe Security Technology
http://www.vmware.com/technology/security/vmsafe.html

Tactical Guidelines for Evaluating Virtualization Security Solutions
http://www.gartner.com/DisplayDocument?id=858914


Now let's hear about you, how did you become interested in the field of information security?

After graduating business school in the mid-90s, I started helping businesses set up database driven websites to share information with their customers. Several companies asked me about the security of their websites. As I researched the topic, I learned about network-based worms. This piqued my interest in network security, which led to me joining Check Point Software who was pioneering stateful firewalls at that time.


Please, tell us about some of the security products you worked on at Check Point Software?

Check Point Software’s FireWall-1, VPN-1, Internet Security Systems (ISS), now IBM, RealSecure IDS for FireWall-1, ZoneLabs Integrity – all leading products in their respective markets.

FireWall-1 was the world’s first shrink-wrapped software firewall. It led the market in the late 90s, at one point reaching over 60% market share before being challenged by Cisco’s PIX.

RealSecure was one of the world’s first intrusion detection systems. The integration with Check Point’s FireWall-1, the product in my charge, offered the first of its kind implementation of integrated firewall and intrusion detection.


What product are you working on today at Altor Networks, and what makes that product unique; we'd love to hear your sales pitch!

My company develops and sells the world’s first purpose built firewall for virtualization. Unlike alternatives, our stateful firewall is delivered as a kernel module in the virtualization operating system or hypervisor. This lets us bring customers virtual network protection that is the most secure while achieving the lowest impact on hypervisor performance. Customers preserve the full flexibility and capacity of their virtual networks. Other security products can’t really make that claim. They might deliver security but it is at the price of the diminished virtualization and increased management complexity. They don’t “understand” virtualization, if you will. We’ve done some patent pending work to ensure that this isn’t a band-aid but rather key infrastructure.


And, looking forward, what do you think the security products in your space will look like in two years, what will they be able to do?

I think the trend is toward anticipation of risks and proactive mitigation. Take Altor, for instance. Our hypervisor firewall sees all traffic flowing between virtual machines. We know a lot about the applications and protocols and a lot about the security posture of the hypervisor and the virtual resources running on it. Right now we block or allow protocols and we can also detect intrusions. But the reports we generate contain a great deal more actionable detail that today we merely display. We could go further and make reliable inferences about potential risks so that we can guide virtual network administrators on how to construct security policies. I think that is a trend a lot of security technologies will follow. That is, leverage experience and tribal knowledge in building and implementing security to give highly prescriptive information for security optimization.


Please share your impression of the defensive information community. Are we making progress against the bad guys or are we losing ground?

Well, it stands to reason that the ingenuity that begets productive technologies also has its malicious and exploitative manifestations. I suspect that the mouse and mousetrap evolution will always be just that, a story with no end. What we can do is become more vigilant and disciplined about how we adopt new technology. Take virtualization for instance. There is an obvious rush to adopt it because of the enormous cost savings. The implementation of virtual networks has far outpaced any efforts at securing and protecting them. So, what you have now is a situation where almost half of all enterprises have virtualized servers and the vast majority of those run some sort of risk from malicious traffic or improper access control. This is ripe territory for the “bad guys”, and I’m certain they’ll eventually strike as they’ve always done in the past. There is significant ground to be gained in this area in the form of standards and referenced architectures that mandate virtualization security. It’s happening now, in fact.


Would you be willing to share your thoughts concerning the most dangerous threats we will be facing in the next year to eighteen months?

Everywhere you turn these days, the buzz is of clouds and cloud computing. We are talking now about networks that almost entirely blur boundaries and perimeters. There’s no question that there are attack vectors on the horizon that will capitalize on the shared architecture construct to not only gain unauthorized access but to obfuscate the source of the malicious activity. It is more important than ever to segment resources and keep detailed logs because cloud-based attacks are inevitable.


What is your biggest source of frustration as a member of the defensive information community?

It seems that the industry has lost some focus on staying ahead of emerging threats. As the bad guys have gotten more sophisticated and work for financial gain instead of fame, fewer widespread attacks are hitting the headlines. I recall that after SQL-Slammer, everyone rushed to purchase security solutions, but the damage was already done.

Compliance seems to be the prime driver of security implementations these days, but most regulations are out of date and were written to deal with yesterday’s attacks. Take virtualization for example – none of the major compliance requirements make any reference to it despite wide spread adoption and unique security concerns associated with it.

Security professionals need a voice beyond compliance – which frankly does not represent cutting-edge thinking when it comes to tackling the very sophisticated threats out there today.


One of the traditions of the thought leadership project is to give our interview candidates a bully pulpit, a chance to share what is on their mind, what makes their heart burn even if it is totally unrelated to the rest of the interview. Please share the core message you want people to know.

Virtualization and by extension cloud computing are ushering in a whole new way to provision, enable and sell applications, systems and services. The basic premise is to untether the components that make business flow from cables, hardware and physical location so that delivery can be high performance and on demand.

This is creating enormous opportunities for firms but also risks to information of a magnitude we’ve not experienced to date. This entirely new “network” we’re calling a virtual ecosystem and in some cases a cloud needs a custom built approach to segment it and secure it. The old ways are simply not relevant here.


Can you tell us something about yourself, what do you do when you are not in front of a computer?

I love to travel with my family. It’s nice to step away from the computer screen and visit some far-away part of the world. Along with an opportunity to see interesting sites and spend quality time together, it always provides a grounding experience to see people from different cultures go about their everyday lives. Our work in the IT industry, especially in start-ups, tends to be fast-paced and all consuming – so taking occasional breaks is nice counter-balance to the work life.