Juniper vGW Virtual Gateway Gets Security, UTM Upgrade

Juniper is updating its vGW Virtual Gateway platform with security management, continuous monitoring and antivirus features specifically designed for virtual environments.

Juniper Networks has rolled out antivirus and other security measures specifically to protect virtual machines in its virtual gateway platform.

The new vGW Virtual Gateway offers virtualization-specific antivirus protections and continuous monitoring against malware and external intruders. Juniper, which made the announcement Aug. 29 at the start of the VMworld conference in Las Vegas, is planning to offer the security updates early in the fourth quarter of this year.

Organizations are concerned about the impact having scanning and monitoring technologies, such as antivirus products, will have on the performance of each individual virtual machine within the physical server. Multiple antivirus scans happening at the same time can consume the server's resources and slow down its responsiveness, affecting all the other VMs hosted on the server.

However, Johnnie Konstantas, director of cloud security marketing at Juniper Networks, told eWEEK that the new security and monitoring features the company offers do not "impede" virtualized workload performance.

"Bottom line, it's all about performance," Konstantas said.

vGW Virtual Gateway is based on technology that Juniper acquired as part of its purchase of Altor Networks in December 2010. At the RSA Security conference in February, Juniper made the first update to the new platform with version 4.5 to bring it in line with the rest of the Juniper portfolio.

This new release marks the most extensive update since the acquisition.

The antivirus signatures used by Juniper in its vGW Virtual Gateway are provided by Sophos, Konstantas said. The antivirus scans virtual machines for resident malware and other programs designed to hide inside files, and it quarantines the infected files or the whole VM as necessary after detecting malware. Administrators can choose to run scans on-demand during off-peak hours or when the virtual servers are offline. They can also use the on-access option, which deploys an agent to scan the files.

Configuration errors make the systems vulnerable to compromise in the first place. The vGW manages security in virtual machine environments by continuously monitoring for changes within the VM's disk images to ensure security policies are not being violated, Konstantas said. The vGW 5.0 also integrates with Juniper's SRX security appliances to monitor VM security configurations.

Considering that most security and compliance issues within an organization are the result of systems being configured incorrectly, incorporating configuration management was a natural step for Juniper, Konstantas said.

The new vGW Virtual Gateway works more like a universal threat management system designed for the virtual environment. It provides integrated firewall protection, intrusion detection, compliance monitoring and security management along with antivirus protection, Konstantas said.

Systems that check for configuration changes on physical servers won't work for virtual environments, Konstantas said. Organizations need a layer of dedicated security management software for virtual machines to ensure all the security and configuration issues are resolved immediately.

Juniper charges $700 per CPU on the physical host, Konstantas said. It doesn't matter how few or how many virtual machines are hosted on the server as the pricing would remain the same. This would help organizations scale up without suddenly seeing their security costs jump, he said.