As networks expand, it becomes increasingly difficult to manage and maintain network policies for the different machines of the network. Various security applications are used to provide security for a network, including firewalls, antivirus and malware detection, etc.
Firewalls are used to enforce network security policies by monitoring and controlling network traffic. Many firewalls filter the network traffic based on various characteristics of the network traffic (e.g., port information, source/destination address information, etc.). Some firewalls perform deep packet inspection to further analyze the contents of the network traffic to identify applications or protocols used by the network traffic (e.g., Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), Domain Name System (DNS), etc.). However, packet inspection requires significant processing resources that can increase network latency.
In virtualized networks in particular, security and authorization for network requests to and from the guest machines becomes increasingly complex and difficult. Virtual hosting networks often have multiple entry points to the network, increasing the need for security and authorization at each of the end machines. In some cases, virtualized environments rely on firewall rules defined in a network policy to protect networks from malicious traffic.
In some cases, network policies are defined based on contexts for various network requests made in the network. Context-based authorization, such as an identity firewall, allows an administrator in a network to allow or disallow connections based on the context (e.g., the identity of a user and/or application) of the request, rather than simply based on ports and addresses of the packets. The identity firewall allows connections and communications between end machines in the network to be monitored and managed based on the identities of the users and/or applications. For example, in some cases, connections from a particular machine to a server may be allowed from certain applications or by certain users, while not from others.
One of the challenges in today's hosting system networks is providing efficient and secure context-based authorization for virtual machines operating on host machines in a network. In many cases, the hosting system networks lack sufficient information to make allow/block enforcement decisions for the network requests. In some siutations, a malicious application can break the security policies of a network by generating network events as though they are being performed by a genuine user or application.