Antimalware protection, compliance and governance functionality, and firewall support for IPv6 are among the technologies for securing the VMware infrastructure that vendors plan to unveil this week at VMworld 2012 in San Francisco.
The more people virtualize, the more bad guys will target what's on those systems.
senior principal analyst, Enterprise Strategy Group Inc.
Columbia, Md.-based Sourcefire Inc. is launching FireAMP Virtual antimalware protection for VMware instances. FireAMP integrates with VMware's vShield Endpoint technology, which offloads antivirus scanning to a virtual appliance to provide agentless endpoint security. The integration is designed to avoid the performance bottlenecks that can happen when multiple virtual machines (VMs) run antivirus scans at the same time, a problem known as AV storms, said Oliver Friedrichs, senior vice president of the cloud technology group at Sourcefire.
FireAMP also features what Sourcefire calls CloudRecall, a technology that monitors and records file activity. The feature essentially provides a "flight record" that organizations can use for forensic analysis if a file is later determined to be malicious, Friedrichs said.
Also on the anti-malware front, Mountain View, Calif.-based Symantec Corp. is leveraging integration with vShield Endpoint to develop new features for its Endpoint Protection product. The company is beta testing a feature that uses Symantec's Shared Insight Cache tool to reduce the number of scans and prevent AV storms, said Piero DePaoli, product marketing director at Symantec. He said the product is agent based in order to provide advanced protection.
"The agent-based solutions are still doing a better job of protection because of all the advanced types of malware versus agentless," he said.
However, Jon Oltsik, senior principal analyst at Milford, Mass.-based Enterprise Strategy Group Inc., said using an agent for endpoint VM security is more about product design than technology benefits.
"Symantec has some extensions to its product that demand the agent, and Sourcefire's doesn't," he said. "There really is no specific advantage to having an agent or not. It's really a function of minimizing the footprint on the virtual machines. … Both companies are doing that."
The recent emergence of new variants of the Crisis Trojan that can infect VMware virtual machines underscores the need to secure VMs, experts said.
"This is the tip of the iceberg," Oltsik said. "The more people virtualize, the more bad guys will target what's on those systems."
Securing VMware: Governance and policy management
On the governance and compliance side, Mountain View, Calif.-based HyTrust Inc. is rolling out a new version of its policy management and access control virtual appliance with a new feature called Secondary Approval. Eric Chiu, HyTrust co-founder and president, said the feature allows companies to implement additional oversight for certain operations such as deleting and copying virtual machines.
Administrators of virtualized data centers can wield a lot of power, Chiu said, so companies need the ability to implement automated workflows that can prevent accidental or malicious use of virtual machines. Enterprise demand for security and compliance in virtualized environments is growing, he added, as companies look to virtualize mission-critical applications.
"Enterprises for the most part have dealt [virtualized] the low-hanging fruit -- the test and dev servers where there is less need for security," Chiu said. "Now they're virtualizing their Tier 1 applications, such as SAP. ... They can't ignore security with those critical applications."
Johnnie Konstantas, director of product marketing for cloud security at Juniper Networks Inc., also sees businesses expanding their use of virtualization from research and development function to critical workloads. Any new data center designs are using virtualization, which "predicates security," she said.
Sunnyvale, Calif.-based Juniper Networks is launching a new version of its vGW Virtual Gateway at VMworld, which provides firewall enforcement and policy administration for IPv6. Large enterprises adopting IPv6 need the ability to define security policies that are "IPv6 aware," Konstantas said.
The updated vGW also includes new management features for large-scale virtual deployments that allow for more customizable security among enterprise departments.
Oltsik said he sees increased demand for virtualization security for the endpoint and an increased need to meet compliance demands, but overall, what's needed more than features and functions are best practices.
In a recent ESG survey of 315 enterprise security professionals in North America, the top area where respondents said they have a shortage of skills within their organizations was cloud and server virtualization security.
"There's a lot of work the industry has to do to bridge that gap," Oltsik said.