IT security vendor Symantec Corp. and Intel Corp. are collaborating to bring the benefits of virtualization technology to desktop security, executives from the two companies announced at the Intel Developer Forum in San Francisco.
Symantec will release, next year, a new intrusion prevention system (IPS) called Virtual Security Solution, which is installed on a virtual machine running on PCs with Intel vPro technology.
Computers equipped with vPro technology, and loaded with Intel’s Core 2 Duo processor, use hypervisor to create a virtual machine running alongside the host operating system, explained Leo Cohen, vice-president and fellow at Symantec’s security technology group.
"Think about it as an IPS network appliance," he said. "Then using Intel’s vPro technology, we have created a virtual appliance completely isolated within the same machine; it’s an isolated partition created by hypervisor that separates memory and other system resources to allow that security solution to function within that machine."
By taking the intrusion prevention system and running it on a virtualized environment, security controls become independent of the operating environment and less vulnerable to targeted attacks aimed at weakening or disabling security controls in an operating system, said Cohen.
Virtualized IPS acts as a filter scanning network traffic for known vulnerabilities and virus signatures and blocks them from the virtual machine level before they reach the physical operating environment, he said.
Typically, security software such as Symantec’s anti-virus product resides in the host operating system on the desktop. The security controls’ ability to protect the desktop system depends on the strength of the operating system hosting it, the Symantec executive said.
The Virtual Security Solution will enable IT to keep vital security processes isolated from potential problems with the main operating system, giving IT managers better control of endpoint security.
Malicious disabling or reconfiguring of security safeguards are becoming more prevalent among targeted attacks, said Gregory Bryant, general manager, digital office platform at Intel.
Dubbed "wave-based" attacks, these offences are conducted in two stages, explained Bryant: the first wave focuses on finding and disabling the system’s security controls; the second wave does the actual damage on a weakened machine.
A recent survey of Canadian IT security managers and personnel revealed that between 63 per cent and 79 per cent are concerned about the disabling or misconfiguring of security systems by hackers and Trojans, by employees or by operating system and application patches. The survey was conducted by Applied Research West Inc. for Symantec.
icon.
