In the final part of our blog series, we spend time with the head of our threat security engineering team, Zhiping Liu, to learn about the gaps she sees in traditional security solutions to protect the modern data center, why she joined vArmour, and her guilty pleasure television show.
Welcome to vArmour, Zhiping! We are excited to have you. As a pivotal member of our threat security innovation team, what are the biggest limitations of today’s solutions for threat prevention and mitigation?
Current security solutions fall into two main types: host-based or firewall. Host-based products are able to look at viruses inside files or memory disks, tied to that specific host. Traditional perimeter or application firewalls look at network traffic using the concept of inside vs. outside. Firewalls can only enforce security when traffic crosses the perimeter – either coming inbound or traveling outbound. For example, there is the idea that when servers reside in a company, it is easy to say what’s outside – it’s anything that’s outside the server – so as long as you don’t let information pass through your firewall that is on the server, you’re good.
But, today, computing resources are getting cheaper as they are outsourced, so many companies are migrating from their own individual servers to private or public clouds. And in these environments, there is no way you can draw a boundary from inside to outside – which is the limitation of host-based or perimeter security models in not seeing malicious traffic that never crosses a network boundary, but travels across instead. This industry shift to cloud computing is leaving the old generation of security behind, and a new generation has arrived that solves this problem in an entirely different way. The only way to do this right is through a distributed systems approach.
Cloud environments certainly have changed the nature of workloads and we have to learn to secure them in new ways. You’re a security industry veteran so what has been your “ah-hah” moment on this issue and its importance?
In my last year at Palo Alto Networks, I was working on developing their next-generation security solution that was built on a cloud architecture. That exposed me to the cloud field, and opened a window so that I could see that, oh, this is the real world – everyone is using cloud now - and I realized that the security opportunity for this area is huge. And when I was developing the product within this cloud environment, suddenly I moved from security solution provider to security solution user. And I thought, how can I secure my own public cloud application in this new world using traditional firewalls that only sit at the perimeter? That was when I realized that I really want to work in this field – so I can help myself as an end-user, like all other customers of cloud architectures.
So is that part of the reason you joined vArmour, to focus on solving problems in this field?
Absolutely. vArmour is in the best position to solve application security in cloud architectures – with a distributed systems approach. We don’t label ourselves as a firewall company – we are a data center security company, built from the ground-up for the cloud. When people talk about cloud, they mean large-scale architectures to support much bigger applications – not those that can run on a single server that they can secure at the perimeter.
You can’t scale cloud security with appliances – and many firewall companies still build appliances and focus resources there, or try to retrofit existing physical appliance models into virtual ones. At vArmour, our distributed security approach is based all in software – we don’t build hardware, so we focus on the technology that keeps evolving, and are able to keep up with the new generation of cloud security.
Our dedication to cloud security is certainly one benefit of vArmour but we also get some other awesome perks… like the private concert we hosted with rock band Royal Blood. Zhiping, who would be your dream music act for a VIP show?
Well, it’s not exactly a band but I follow the Chinese television show, “I Am a Singer”. It’s similar to American Idol – it’s a 10-week long singing competition. I have zero talent on the music front, so each time I’m singing along with the show, my son says, “Mom, can you be quiet? I want to hear the talented people sing.” At vArmour, we let all of the talented people sing (including me) and it is creating a great company that is solving a big problem.