for Cloud Data Centers
Hillstone Micro-Segmentation Solution
Advanced Visibility & Security for the Cloud
Cloud-enabled data centers require a new security strategy to address the challenges of multitenancy and multicloud infrastructures, as well as software-defined networks (SDN) and network functions virtualization. These constructs deliver both mobility and elasticity for workloads, which in turn brings increased east-west traffic among both physical and virtual shared resources. The net challenge of these trends is how to insert security functions deep into a shared, virtualized, dynamic, and elastic environment.
Micro-Segmentation for the Cloud Data Center
Micro-segmentation has become the panacea for securing cloud-based data centers. This technology allows security admins to segment the data center into distinct areas, then define and deliver security policies for each segment – down to a VM, workload, tenant, user or other division.
A micro-segmentation solution must be as virtual, flexible and elastic as the infrastructure it serves. It needs to be and able to insert itself deeply into the virtual environment to protect data transfers and virtual resources as they deploy, grow, shrink and migrate within the data center. It must also be hypervisor-aware and tightly integrated with virtual and cloud management and orchestration platforms.
Hillstone CloudHive — Advanced Micro-Segmentation
Hillstone CloudHive is designed from the ground up for the rigorous demands of cloud data centers. Through advanced micro-segmentation and a standard cloud orchestration API, CloudHive integrates its visibility and security capabilities deeply and seamlessly into the virtual environment.
All north-south and east-west traffic is monitored to detect, isolate and eliminate malware, potential data breaches and other security issues before they can propagate across VMs and other virtualized resources. CloudHive automatically scales virtual security resources exactly wherever and whenever needed, binding and securing VMs as they are deployed, moved or migrated within the cloud data center.
Flexibility and Comprehensive Security
The CloudHive architecture separates security functionality into four different planes to flexibly distribute and scale security services with minimal impact to performance. Resources and connections are mapped to provide comprehensive views to IT teams, and tight integration with cloud management platforms (such as VMware vCenter and OpenStack) ensures multicloud visibility and allows security resources to expand or contract as needed.
A full complement of security defenses quickly identifies advanced threats and attacks throughout the cloud and virtual environment. These protections include:
- Next-generation firewall, including Layer 7 VM and port-based access control across the entire environment.
- Intrusion prevention, with protocol anomaly, rate-based, custom attack signatures and DoS attack detection and prevention.
- Anti-virus based on signature and flow-based identification, including compressed file scanning.
- URL filtering for web page access control, with real-time update of the URL signature database.
- Attack defense, including port scans, anti-DoS/DDoS, flooding, and other attacks.
Through CloudHive’s distributed security architecture, cloud data center administrators gain several important benefits, including easy scalability and mobility, comprehensive visibility, comprehensive multifunction L2-7 security, and low total cost of ownership. CloudHive’s unprecedented cloud asset and traffic visibility can help reduce the data center threat surface to near-zero.
Hillstone CloudHive delivers robust, dynamic, effective, scalable, efficient and non-intrusive security for cloud data centers.