In a traditional network environment, security to protect from external intruders is typically provided at the edge of the network. The devices that implement this network edge security are typically known as edge devices. Edge devices are gateways, routers, routing switches, integrated access devices (IADs), multiplexers, and a variety of metropolitan area network (MAN) and wide area network (WAN) access devices that provide entry points into enterprise or service provider core networks. Edge devices also provide connections into carrier and service provider networks.
Various types of security can be implemented on the edge devices, but the inherent characteristics of the network, in that the “gateway” to entry is located at a single point, makes such security relatively straightforward.
The rise of cloud computing, however, has rendered the traditional network architecture somewhat moot. Cloud computing involves sharing of computing infrastructure, such as processing power, memory, etc., typically between users having no relation to one another. In public cloud computing networks, in fact, any user could theoretically be sharing a resource with any other user and may (or may not) have the ability to know who is sharing with whom. Closely tied with cloud computing is the concept of virtualization, which involves the creation of a virtual (rather than actual) version of something, such as a hardware platform, operating system, a storage device or network resources. Cloud computing is often accomplished by creating two or more virtual machines operating on a single actual machine. FIG. 1 is a prior art block diagram illustrating an example of cloud computing. Here, user A 100 operates a virtual machine 102, which is actually operating on shared machine 104 in the cloud. User B 106 operates a virtual machine 108, which is actually also operating on shared machine 104 in the cloud. As can be seen in such an arrangement, there is no edge device protecting virtual machine 102 from virtual machine 108. In short, edge devices are disappearing.
Attackers can launch virtual machines on the same hardware platforms with target virtual machines. By exploiting system vulnerabilities, they can sniff and modify users' network data even if the user's virtual machine does not have a security hole that allows direct access.
What is needed is a solution that aids in the security of networks and network devices without utilizing an edge device.