Skyport Systems – Is SkySecure right for everyone?

skyportsystems

At Networking Field Day 11 I had the privilege of visiting Skyport Systems in Mountain View, CA and hearing first hand about their product offering, SkySecure. At first I thought Doug Gourlay was talking about some next-gen firewall until I realized that the solution itself included the X86 virtualization.

Let’s start with the definition from the Skyport Systems website:

The SkySecure System is designed to host critical and exposed application workloads that are the highest priority for the business to protect. The solution is an implementation of hyper-secured infrastructure that integrates compute, security, virtualization and policy in a pre-configured, managed infrastructure platform. The components listed below operate as a single turn-key system inclusive of all necessary software and hardware. This allows the system to maintain a secure configuration throughout its existence by providing embedded, layered, and compartmentalized security starting at the point of manufacture and verified continually throughout its existence.

SkySecureArchitectureLet me boil that down, if just for me. In short SkySecure is a near turn-key ultra secure virtualization platform (based on Xen) relying on  hardware based security IO co-processors and Trusted Hardware Platform (TPM) chips to validate the integrity of the system. It provides network microsegmentation along with per-VM firewall and DMZ capabilities among it’s many features.

One of the most alluring features to me with experience in Healthcare and Retail industries is the clientless footprint of the solution on the actual guest VM. There’s literally nothing to install onto the Windows or Linux guest VM, no management agent, no firewall or proxy agent, nothing. With fairly stringent regulations around HIPAA and PCI compliance the ability to secure a system from the rest of the network without touching the system itself is very useful indeed. This is especially useful when looking at ShieldWeb

The presentation included a memorable quote from a comment made to a Brian Krebs story titled, Target Hackers Broke in Via HVAC Company. The quote, “If you think technology can fix security, you don’t understand technology and you don’t understand security.”, really defines the challenges facing IT with respect to security. In my opinion security is always a delicate balance between completely open and completely locked down. The users would like it completely open while the security professionals and auditors would like it completely locked down. It’s important to strike an even balance and I would argue that Skyport Systems has a solution that can help provide that balance.

In the age of whitebox servers, SkySecure is a highly specialized solution that includes hardware, software and management components that can be leveraged to secure extremely critical applications and highly sensitive systems.

As a disclaimer I received no compensation for my attendance of Networking Field Day 11 from Gestalt IT or any of the sponsors. Gestalt IT did provide for my travel arrangements, hotel accommodations and meals while in Santa Clara, CA.

Cheers!

{ 0 comments }

How much security is enough?

Hundred Bill Corners

We had a lively round table debate about "how much security is enough?" during Networking Field Day 11. It's certainly not a pure networking question which some in the room debated is no longer, or perhaps has never been, the network engineer's responsibility, but a large number of networking professionals these days are still charged with keeping the digital landscape clear of threats within their employers networks. The argument put forth was essentially that it is cheaper for companies to take the data breach hit than feed the ever growing IT security budgets because there are no penalties or little downsides for the […] Read More

{ 3 comments }

Networking Field Day 11 wraps up as Jonas arrives

NFD-Logo-400x398

It's been a very busy but exciting week here in San Jose, CA attending Networking Field Day 11. We had presentations from Skyport Systems, NetScout (formerly Fluke), Big Switch, Silver Peak, Dell, Cisco and Citrix. The folks over at Gestalt IT brought together a who's who list of technology and networking professionals, and I was honored to be included among them. The discussions covered a wide breadth of topics and technology. Over the next few weeks I hope to find the time to post some of my thoughts and perspective on each of the presentations. It was great to meet Brandon, […] Read More

{ 1 comment }

CrashPlan for Home v4.5.2 – not backed up

crashplan

As you can imagine there are a large number of computers in my house and like most households we've had more than our fair share of hard drive failures so backing up our files (and pictures) has become an important task. About 18 months ago I setup CrashPlan (now called CrashPlan for Home) to backup my desktop computer and my wife's to a third hard drive connected to my primary desktop. It's been working great for the past 18 months or so until this morning when I received two emails from Code42, the makers of CrashPlan, advising that neither computer had […] Read More

{ 2 comments }

Network Troubleshooting and Wireshark

wireshark-logo-thumb.png

In a recent troubleshooting session with an Avaya IP Office system we had to perform packet traces from both an Avaya IP Office server using tcpdump and from an Avaya IP Office gateway using a port mirror on an Avaya 3500 series switch. The topology was a pretty simple flat network with only 2 switches and 2 VLANs (data and voice). The vendor had asked for some packet traces from both the Avaya IP Office gateway and from the Avaya IP Office server. We were able to obtain the data the next step was to analyze the data... how to make sense of […] Read More

{ 0 comments }