Virtualization security remains a work in progress

RUnning security apps on hypervisor-based architecture is still very much a work in progress.

While adoption of server virtualization is proceeding at a gallop, the effort to refine virtualization security reached only a slow trot in 2009.

Roughly 18% of server workloads have been virtualized, and research firm Gartner expects that number to climb to 28% in 2010 and almost 50% by 2012. But adapting traditional firewall, intrusion detection, antimalware and other types of security and monitoring software to run optimally in this radically changed hypervisor-based architecture is still very much a work in progress.

One development that occurred this year is the release of VMware's security APIs.

After talking up the idea since February 2008, VMware in April 2009 finally released its VMsafe APIs intended to help security vendors build products to work with its platform. But some vendors say these APIs present performance issues.

"We're not using the VMware APIs today due to performance," says Richard Park, senior product manager at Sourcefire, which in early December shipped its first virtualized sensor and management console for VMware ESX and vSphere4.

Sourcefire's traditional physical appliances are network sensors that can do both intrusion-detection monitoring and intrusion-prevention blocking. But at this point, the Virtual 3D Sensor and Virtual Defense Center will only provide monitoring visibility into VMware's ESX hosts, not blocking of attacks.

"The only way to block traffic today is to put the sensor between two VMware switches," Park says. Sourcefire is still examining exactly how to fully support that. For customers today with VMware-based virtualized servers, "the demand is for monitoring," Park claims.

Park says Sourcefire is eager to see a robust set of VMware VMsafe APIs and that VMware has recognized there are performance issues and is revising its APIs.

At the Gartner ITExpo in October, Gartner Vice President Neil MacDonald publicly excoriated some security vendors for not moving more rapidly to come up with software-based virtual appliances, insinuating they would rather stick to their old ways of selling expensive hardware boxes. (See related story, Gartner on cloud security: "Our nightmare scenario is here now".)

Enterprise customers are rapidly virtualizing their IT environments and often unwittingly creating less-secure results even as they reap the many benefits of virtualization, MacDonald says. Roping off virtualized servers with virtual LANs alone -- a common practice -- "is not sufficient for security separation," MacDonald says. "It's become the default because it's built into VMware with its virtual switch. Our position is it isn't strong enough."

MacDonald says virtualization is causing some "business-model disruption" in security and praised the efforts of some vendors, including Trend Micro, to leap in with new offerings to take on the virtualization challenge. Using the VMware VMSafe APIs is one approach which is still new, he noted.

Trend Micro's Core Protection for Virtual Machines, antimalware software that was designed for use with VMware, was released in the third quarter. Trend's Deep Security 7 for firewall, intrusion detection/prevention, integrity monitoring and log management for VMware ESX shipped in November.

According to Bill McGee, senior director of product marketing at Trend Micro, both products make some use of tools in VMsafe. But he adds that while VMsafe is an important step, it needs to be improved.

"VMware is making improvements in the area of performance for bandwidth and significant workloads," McGee says, especially by changing the approach they use for "sending packets around in the system."

Virtualization is bringing change and "we're seeing the pressure, and the opportunity, for security vendors to optimize security," McGee says. VMware has been among the most aggressive of the virtualization software vendors to open up their technology to optimize security functions, he says, while so far the actions of Citrix and Microsoft seem "more limited" in this area.

For its part, VMware says it's glad to see a number of vendors, including Altor Networks, Reflex, ISS IBM and Trend Micro, adopting the VMsafe technology.

While not speaking to specific comments about performance, VMware's director of alliances Jitesh Chanchani says, "VMsafe is an integral part of our security strategy. In terms of improvements, this is an ongoing investment for us."

The APIs are a positive development, he points out, because they "provide fine-grained visibility into virtual-machine resources," such as the introspection ability to examine what's going on the VMware platform.

Meanwhile, industry watchers continue to address the question of whether adopting a virtualization platform brings more risk.

According to Forrester Research, adding hypervisor technology (Citrix Xen, VMware vSphere and Microsoft Hyper-V) "does add some marginal risk to IT environments, because it layers additional software on top of existing operating systems. All software, no matter how thin, contains hidden design mistakes and inadvertent coding flaws."

Mistakes are going to be made and there will be attacks against virtual servers, the firm states in a report titled "Fear of a Hijacked Planet." These can include an attacker who successfully compromises a virtual machine going after hosts, subversion of hypervisors, and live migration impersonation.

"On the user side, enterprises are collectively a bit confused. IT security staffs, in particular, have more questions than answers," says Forrester analyst Andrew Jacquith. IT teams are asking questions such as "Is the hypervisor secure? Is the IT ops team doing something they shouldn't? What visibility do we have to the virtual machines?"

According to Jacquith, one disappointment remains VMware's Live Migration feature for configuring VMs so that they automatically migrate from one farm host to another, for purposes of fault tolerance and business continuity. "That's all good, except that the VM itself moves over the network in the clear, which makes a man-in-the-middle attack possible," Jacquith notes. But he's optimistic improvements are coming in that arena, too.

On the plus side, Jacquith points out, the VMsafe program, along with more options from vendors for offline patching and update capabilities, means there's been progress in security virtualization this year.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securityvirtualisation

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ellen Messmer

Network World
Show Comments



Victorinox Werks Professional Executive 17 Laptop Case

Learn more >



Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?