Virtual security switch technology launched by Montego Networks

Just before the start of the 2008 RSA Conference, Co-Founders Bob Darabant (CEO) and John Peterson (CTO) announced the launch of Montego Networks, a new company whose Montego HyperSwitch technology is described as an innovative virtual security networking solution that delivers policy enforcement, access control, and secure switching for virtual networks. With everything happening around the announcement, I was

Just before the start of the 2008 RSA Conference, Co-Founders Bob Darabant (CEO) and John Peterson (CTO) announced the launch of Montego Networks, a new company whose Montego HyperSwitch technology is described as an innovative virtual security networking solution that delivers policy enforcement, access control, and secure switching for virtual networks.

With everything happening around the announcement, I was still able to catch up with John Peterson so that I could find out more information about his latest venture.

Q: How did Montego Networks get its start? What brought your company into this virtualization space?

A: The founders of Montego Networks recently came from Reflex Security which is providing solutions in the virtual security space. After spending much time talking to customers about their security challenges in the virtual world our CEO (former EVP of Sales and Marketing at Reflex) and myself, CTO (Former Chief Product Officer at Reflex) saw an opportunity to solve a different, more pressing problem than what Reflex was trying to solve. Thus we decided to step out on our own to build a product / company. We chose the name Montego Networks because Montego Bay Jamaica, one of my favorite spots in the Caribbean, coveys an image of relaxation and ease of mind. Everything in Jamaica is said to be not a problem ("No Problem Man"). So, given that securing networks is always challenging and often stressful - we wanted to build a company that delivers solutions that were easy to use and helped removed some of the stress associated with security.

Q: As virtualization continues to expand in the datacenter, what are some of the challenges that people can expect to face, and how does Montego Networks hope to answer those challenges?

A: "Virtual server sprawl" means more resources to protect and more resources that have the potential to communicate with each other outside of security guidelines. Montego Networks offers products that allow virtual servers to be isolated from each other and allowed to communicate with each other - only if security policy has been defined. Early on, customers would put like types of servers/applications in the same trust domain but now customers are putting a mixture of virtual servers in the same trust domain. This development is driving an emerging need for virtual server isolation. The Challenge? How to do this in the environment (ie. In the vswitch) and how do you do this in a way not to cause major negative impacts on network performance.

Montego solves these challenges by offering a high performing solution that allows security controls between virtual machines. We've married security and networking to accomplish this - and do so through our Montego HyperSwitch product which is the world's first "virtual security switch". Montego not only has security technologies such as Firewalls, but we also have networking technologies such as server load balancing, QoS, Network Discovery, 802.1D Spanning Tree, 802.1Q VLANs, etc.

Q: A number of solutions recently appeared on the market, and others have been around for some time now, each trying to address security and virtual networking.
What makes you stand out? Or how does Montego differ?

A: Montego Networks only sees a new company called Altor Networks as a competitor. Their messaging is very similar to ours although we believe they will not have a product until late summer 2008. We don't see other competitors in the market and feel there are good reasons for them to want to partner with Montego. When people think of "security in the virtual environment" they think that everyone is in the same bucket and compete with each other. While we may compete for the same mindshare, we all offer very different solutions that address very different problems. For example, Blue Lane provides Patch Management, Montego provides Firewalling and Reflex Security provides IPS. All three technologies are needed and do not compete. Its like saying Trend Micro competes against NetScreen. Montego Networks will be able to partner with those types of companies because we believe we are an enabler for security within the virtual environment. We are able to extend our capabilities of VM to VM inspection to our partners. Today Blue Lane, Reflex and others are not providing VM to VM security. Through Montego's "Policy Based Switching" capability we can have either of those solutions hang off of our solution and send traffic to their inspection engines on a VM to VM basis. This also improves performance for those applications because now no longer are they forced to inspect 100% of the traffic like an inline device but maybe only 10% of the traffic because the user can now define policy around what he wants to have inspected by those 3rd party applications. For example, a network manager might want to set a policy that defines that only Virtual Server #1 will be inspected by Blue Lane (because it is a more critical asset).

Q: Can you tell us more about your HyperSwitch technology?

A: The HyperSwitch technology delivers an integration of security and switching - to provide a secure environment for resources managed by the HyperVisor (Virtual Servers and Virtual Desktops). The technology intercepts traffic from the vSwitch (the name used in the case of VMWare) and matches the traffic against its security policies and if allowed to flow we will deliver the traffic back to the vSwitch so that it can be delivered to its final destination. We basically grab the packets, inspect it and then switch it back. The security policies that can be put on the packets are by way of our multi-firewall and 3rd party inspection approach. We have a Layer 2 Firewall, L3-L4 Firewall, Identity Firewall, and Content Firewall. Outside of that we can forward traffic to 3rd party security applications such as Blue Lane, Catbird, StillSecure, Reflex and others. All of this is VM to VM which no one else on the market offers today (Altor just released claims to their ability to do this and although we believe they will some day, they do not today).

Q: What virtualization platforms do you currently support? And what are your plans for additional platform coverage?

A: Our initial release supports VMWare today - however the product technically works in Citrix, Virtual Iron, and other XEN based environments. We also plan to support Microsoft when they release. The reason we have not announced official support is mostly due to product testing, documentation and readiness vs. technical challenges. We plan to be heterogeneous.

For more information about the company and its product, you can listen to their podcast on their home page, or watch their product preview video.

Again, I'd like to thank John Peterson, Chief Technology Officer and Co-Founder of Montego Networks, for taking time out to speak with me.

Related: