VMware Inc. Tuesday announced new sensitive data discovery capabilities in its vShield product line, designed to...
help companies meet security and compliance requirements.
Data discovery is difficult to perform due to the dynamic nature of VMs, Dean Coza, director of product management at Palo Alto, Calif.-based VMware, said in an interview. At the same time, he said, security and compliance are top-of-mind issues for companies when it comes to the cloud.
The functionality in newly unveiled vShield App 5 with Data Security was developed in conjunction with RSA, the security division of EMC Corp. In addition to its existing internal firewall and VM segmentation capabilities, the product provides companies with the ability to discover and classify sensitive data in virtual machines (VMs) via capabilities built into the hypervisor.
VMs with sensitive data can be segmented into “trust zones” with various levels of isolation, providing the segmentation required for meeting compliance requirements, such as the PCI Data Security Standard. The vShield App 5 with Data Security product comes with more than 80 predefined templates mapped to geographic and industry specific regulations, and companies can use it to scan VMs to locate sensitive data, such as credit card numbers.
The technology incorporates RSA’s DLP engine, allowing enterprises to account for virtualized systems in their data loss prevention strategies, Coza said.
VMware also is working with other security vendors to add intrusion prevention capabilities to the vShield line. The new vShield App 5 will feature a network layer-2 firewall and will be optimized to support a number of security vendors’ IPS products. Coza said VMware is working with Hewlett-Packard Co.’s TippingPoint unit and Sourcefire Inc. to integrate IPS capabilities and, for instance, use IPS data as a trigger to automatically quarantine compromised VMs when appropriate.
VMware’s vShield line, introduced last year, also includes vShield Edge and vShield Endpoint, and is designed to enable integration with third-party security products. Last year, VMware and Trend Micro teamed up to release an agentless antivirus product for VMware; Coza said VMware is working with other antivirus vendors, including McAfee and Sophos.
There has traditionally been a gap between security and virtualization professionals, Coza said, but vShield is helping to bridge that gap by giving security teams tools that are optimized for virtualization. “In the past, they brought obsolete tools to the table,” he said. Without the optimization, Coza added, companies run into problems such as antivirus storm, where implementing security software within each virtual machine on a physical server creates system resource logjams.
The updated vShield product line is part of VMware’s latest cloud infrastructure suite, which it launched Tuesday along with the newest version of its virtualization platform, vSphere 5, at a press event in San Francisco. Many “security functions themselves need to be virtualized,” VMware CEO Paul Maritz said. “We’re working with the industry to do that,” he said, explaining that vShield functions as an envelope for security vendors to provide security functions.
The VMware vShield 5 products, including vShield App 5 with Data Security, will be available in the third quarter and individual products will be licensed per VM starting at $50 per VM. Companies also can buy the vShield products as a bundle for $300 per VM.