One of the biggest issues for enterprises considering virtualization is the effect virtual machine deployment could have on their IT security. But with the launch of a new application programming interface, VMware Inc.’s is hoping to address these concerns by enlisting the help of security vendors from around the world.
The VMsafe API will allow vendors to develop security products specifically at the hypervisor level, in order to combat the latest security threats posed by malware, trojans, and keyloggers. At the press time, over 20 security vendors, including McAfee Inc, Symantec Corp. and Checkpoint Software Technologies Ltd., have signed on to build products with the technology.
“With our virtualization technology we have an unprecedented amount of visibility into hardware resources, virtual machine resources and the traffic that goes between them,” said Parag Patel, vice-president of alliances at Palo Alto, Calif.-based VMware. “When fighting against malware threats, you need to compete against the hackers who are always inventing new ways to break security. So we’re trying to take our capabilities and make them available to security vendors and their products.”
One of VMware’s biggest partners in the launch is Santa Clara, Calif.-based McAfee, which demonstrated its use of VMsafe during this week’s VMworld Europe conference.
“We developed a code to leverage the VMsafe API and actually put our McAfee Host Intrusion Protection underneath the operating systems on the virtual machines,” said Jason Yuan, group manager for project management at McAfee. “When we tried to launch a malicious driver, the program alerted us, identified the virus and shut it down before any damage were done.”
Yuan said that in the traditional “Windows” environment, security vendors have not been able to develop monitoring or protection capabilities underneath the operating system. With VMsafe, he said, vendors will be able to provide security protections that were previously not possible in the physical environment.
“We’ve had to fight the “bad guys” at the network level, the application level, even at the kernel level in the operating systems, but the fact remains that we have always been on an even playing field with the hackers,” Yuen said. “This essentially allows us to plug security infrastructure underneath the operating system.”
And it appears VMsafe might even win over security analysts – who have long warned about the dangers virtualization technology can pose to enterprise IT security.
From a security viewpoint, John Sloan, senior research analyst with Info-Tech Research Group, said that because the virtual machines are abstracted from the hardware, virtualization can appear to provide an extra layer of protection.
“On the negative side though, there is the fact that you have a physical machine running a hypervisor full of virtual machines. This brings the added complexity of having to worry about more than one layer of security,” Sloan said.
And because of this, Sloan is hopeful that VMware’s API can be a positive first step for improving virtualization security. With the biggest security headaches around virtualized infrastructure stemming from companies having too many unmanaged virtual machines, Sloan said the API should help address one of the most overlooked areas of virtualization: security management.
“That’s where the security problems come into play when companies replace physical server sprawl with virtual server sprawl,” Sloan said. “Virtualizing all your machines doesn’t do anything to make it easier to manage them from a security standpoint. So, the VMsafe may actually provide a good catch-up in terms of addressing this area at the hypervisor layer.”
David Senf, director of security and software research at IDC Canada, agreed, saying that while sandboxing security measures inside virtual machines is still a must, the fact that vendors can now go underneath the hypervisor should ease the concerns of any enterprise that has been on the fence about virtualization.
“A virtual machine could run firewall software, for example, in a sort of 'software appliance' for additional security, but remember that this only deals with a subset of all potential attacks,” Senf said. “Just because applications are nestled in the seeming safety of a virtual machine does not guarantee security from all threats.”
Senf said that firms need to actively consider additional IT security and policy management issues that come about from desktop and from server virtualization.
icon.
