Case Study Highlights
- Seculert - a cloud based breach detection service - needed a platform that they could use to deploy Zscaler®’s VMware based log collection virtual machine to collect logs in the same geo as their customers. They needed a solution which could scale on demand, while securely connecting the log collection service to Seculert’s cloud.
- Seculert chose Ravello’s nested virtualization platform to run Zscaler’s log collection virtual machine on AWS. With Ravello, Seculert has been able to integrate its solution with Zscaler’s, on-board new customers in a cost-effective manner while improving efficiency of its solution.
Seculert’s automated breach detection platform protects global enterprises from the effects of targeted malware infections. Their platform complements traditional breach prevention systems by providing precise and accurate malware infection data. Seculert doesn’t require any hardware or software, agents, and no changes to current security workflow processes are needed. More than 100 Fortune 2K companies have deployed Seculert to detect malware activity on their networks.
Log Analysis - Key to Malware detection
Seculert relies on HTTP/HTTPS traffic log analysis to identify the malware attacks in progress. While on-premises traffic analysis can reveal the malware activity, its effectiveness is limited by scarce resources and limited data that can be parsed and stored by the in-line appliances. To overcome this challenge, Seculert leverages capabilities of the cloud to perform the automated log analysis quickly and effectively.
Many Seculert customers deploy Zscaler - a SaaS internet security platform - to compliment Seculert’s malware protection offering. Zscaler provides a comprehensive security offering that ranges from advanced web security to cloud application visibility, to SSL inspection. In fact, for this subset of customers, Seculert uses Zscaler’s ‘nanologs’ as an input to its big data analytics for malware detection. Zscaler exposes access to its nanologs through Nanolog Streaming Service™ (NSS) - a VMware virtual machine that Seculert deploys for each of its customers.
To integrate well with Zscaler, Seculert had some very special needs:
- Zero change deployment - Seculert needed an easy way to be able to run the VMware based NSS virtual machine on the public cloud without making any changes to the VM
- Scale on-demand - They also needed to be able to run as many instances of the NSS as the number of customers that used Zscaler increased (1 instance is required for each customer)
- Local log collection - Seculert wanted the logs to be collected and processed in the same geographical region as customer’s - to reduce the network latency
- Secure connectivity - Seculert wanted an encrypted connectivity between the NSS instances and Seculert cloud to ensure that the logs were transferred in a secure manner
Challenges Encountered with other Solutions
IBefore using Ravello, Seculert had explored using VMware ESXi deployed in their private data center to host NSS and collect logs. However, this approach required all the logs to be streamed to their data center in Israel increasing the latency. Further, this needed CapEx investments in their own Data Center as the number of customers increased. Since the actual log analysis was taking place in the cloud, this approach didn’t align with both their technical and business model.
Ravello - a match for Seculert’s needs
When Seculert tried Ravello’s nested virtualization platform to host NSS VMs, they found it to be a great match to their needs. Here is how Ravello delivered on Seculert’s needs.
|Zero change deployment||Ravello’s High performance nested hypervisor (HVX) and Software Defined Networking (SDN) ensured that VMware based NSS VMs could run on AWS without any modifications.|
|Scale on-demand||With Ravello, Seculert is able to spin up as many NSS VMs as the number of customers running Zscaler increases. Since Ravello runs on AWS and Google Cloud (Tier 1 cloud providers), there is never any shortage of capacity, quota, and overage concerns.|
|Local log collection||Since Ravello runs on AWS and Google Cloud that are available in multiple regions, Seculert is able to perform log collection in regions local to their customer base and ZScaler’s Nanolog servers.|
|Secure connectivity||In addition to NSS, Seculert deployed its Log Collection Virtual Appliance to upload the logs to Seculert over an encrypted channel.|
With Ravello’s technology, Seculert has been able to run NSS - a VMware VM - unmodified on AWS.
Results with Ravello
Since moving to Ravello’s nested virtualization platform, Seculert has benefited in several ways. The easy setup and tight integration with Ravello’s environment has helped Seculert on-board many new customers that use Zscaler with almost no overhead. In addition, the reduced latency from the local log collection has helped Seculert provide value to their customer quicker - improving the overall solution efficiency.
Zscaler® is a registered trademark and Zscaler NanoLog Streaming Service™ is a common law trademark of Zscaler Inc.