Redwood City, Calif-July 20, 2009-Altor Networks, provider of best-in-class virtualization and cloud security solutions, today announced that Comprehensive Health Services (CHS) is using the Altor VF virtual firewall in a mission-critical production environment to ensure compliance in their virtualized environment. Compliance with stringent data privacy laws governing healthcare, government and financial institutions are mandatory and specific to how information such as social security numbers and health information must be protected.

"Safeguards that shield sensitive data and critical applications on the physical LANs do exist within the virtual environment but are cumbersome and not always topologically feasible to implement," said Ryan Trost, Director of Security and Privacy Officer at CHS. "HIPAA's recent expansion of ARRA and HITECH restrictions explicitly defines data breach requirements and violations costs and has executives ultra-sensitive to compliance issues and ensuring secure confidential medical information remains protected."

CHS has developed an extensive, sophisticated IT structure with 130 servers to manage database intensive applications which support outsourced worksite health programs, national medical exams and medical readiness teams. Virtualization is being implemented to reduce costs and develop a more scalable, resilient, and manageable computing environment.

"Virtualization made sense for business continuity and from a cost benefit analysis, but security was lacking in the virtual environment," said Mr. Trost. "Protecting virtual environments can be difficult given technologies like VMotion and prime attack targets like the hypervisor.  We needed something that was purpose built."

As an expert in IT security and author of "Practical Intrusion Analysis", Mr. Trost points out that "co-mingling IT systems with different data classification levels [sensitive and non-sensitive] needs to be architected extremely carefully to avoid misuse of resources."

An increasingly large share of network traffic is occurring between virtual machines (VMs) within a virtualization server on the virtual network, yet VM and network administrators have minimal ability to see or control inter-VM communication. By default, every VM on the host can communicate directly with every other VM through a simple virtual switch, without any inter-VM traffic monitoring or policy-based inspection and filtering. Inter-VM traffic on a host does not touch the physical network; it is invisible to traditional networking monitoring tools and unprotected by physical network security devices. As a result, VMs are highly vulnerable to attack.

"Although VMWare (NASDAQ: VMW) has several built-in security measures to protect itself, it is preferred to have a secondary monitoring technology in place to ensure that all VMs are fully protected. The Altor solution provided a defense-in-depth methodology to govern ingress and egress traffic to our core applications and lock down the VM traffic, akin to the strategy that security analysts audit system administrators" said Mr. Trost.

CHS has real time visibility and rule-based control of packet flow into and out of each VM, without the bottleneck of traffic loops through the physical network. In particular, they can now secure the live migrations that are critical to their virtualized systems.

By installing a virtual firewall agent on each VMware ESX server, CHS' security team can now develop and manage enforceable firewall policies at the global, group, and individual VM level. CHS uses the Altor Reporting Module to get information delivered to them about the virtual machine communication behaviors at regular intervals.

"We did extensive research on virtual firewalls and found Altor VF provided the best solution to secure our virtualized environment," said Mr. Trost. "We have visibility and granular control over the virtual network traffic, dramatically improving the security of our virtual servers."

CHS can now pinpoint virtual security compromises and easily create role-based security policies. For the first time, security policies can be continuously enforced on individual virtual machines, simplifying deployment and on-going security management of the virtual infrastructure while reducing the dangers of security breaches.

"Hierarchical policies scale better, which is very important given our growing use of virtualization," said Mr. Trost. "I like that the firewall assigns a default policy as soon as a VM is provisioned."

Altor VF provides the visibility, the administrative efficiency, and the security that CHS needs today. With the Altor VF, CHS administrators can troubleshoot and resolve application availability issues faster. A tabbed dashboard displays the source, destination, port, and protocol of all VM communications at a glance. Graphical displays of traffic over time make it easy for CHS to spot anomalies and the use of any unapproved protocols.

About Altor Networks
Altor Networks is pioneering best-in-class virtualization security solutions to secure production-oriented virtualized data centers and internal clouds. The company's initial product line includes the industry's first-ever purpose-built virtual firewall with integrated intrusion detection, a software security appliance that runs in a virtualized environment. Data center administrators can pinpoint a broad range of virtual network security compromises and easily create roles-based security policies. Security policies can be continuously enforced on individual virtual machines, even as they move throughout the virtualized data center. Founded by security and networking experts from Check Point Software, Cisco, NetApp and Oracle, Altor Networks is funded by Accel Partners and Foundation Capital and is headquartered in Redwood City, California. For more information, visit www.altornetworks.com.