The average IT manager doesn’t associate IBM Corp. with virtualization security, but the company is hoping that will soon change, with the release of a new app designed to protect VMware Inc. workloads.
Big Blue unveiled IBM Virtual Server Security for VMware vSphere on Friday, which it said would provide protection for every layer of an organization’s virtual infrastructure. This includes the hypervisor, operating system, network, virtual machines and all the traffic that moves in between these technologies.
Greg Adams, director of product and services management at IBM’s Internet Security Systems group, said the virtual security platform — which integrates VMware’s VMsafe technology — was developed to mitigate the new risks and complexity that come with virtualization as well as growing regulatory and compliance factors.
“Virtualization has introduced new attack vectors,” he said. “You have to protect the very thing that makes these virtual machines appealing, which is the ability to bring machines up and down quickly and seamlessly across hardware.”
IBM is hyping a few major features in the new security platform, including a virtual access control that gives administrators the ability to limit network access for a potentially troublesome VM, and a rootkit detection and prevention capability.
“We use the APIs in VMware and analyze memory to look at the kernel structure,” Adams said, referring to the rootkit detection feature. The platform does this by using a process similar to fingerprint tracing technology.
“We have hundreds of patterns that we use in a fingerprint-like fashion to analyze virtual machine memory for rootkits,” he added.
In addition to these features, IBM Virtual Server Security will also take advantage of VMware’s VMotion technology to monitor vulnerabilities and make sure security policies are enforced on the VMs.
Scott Crawford, a senior analyst with Boulder, Colo.-based Enterprise Management Associates Inc., said IBM’s approach is quite similar to that of vendors such as Altor Networks Inc. and Catbird Networks Inc.
He added that while this sort of protection for virtualized environments is extremely important, many organizations are still overlooking security in this realm. Crawford attributed this to many factors, the most important being the perceived security benefits of virtualization itself, which supports the isolation of VM functionality.
“However, threats against the hypervisor and/or the systems on which virtualization depend upon place the VM itself at risk,” he said. “To be sure, attacks against virtualization technology do exist, but I fear that, until a high-profile incident occurs to raise awareness, the adoption of tools for securing virtualization will continue to lag.”
This is especially troublesome, Crawford added, because enterprises should have the opportunity to deploy virtualization with a much greater awareness of security issues than in the past.
“With virtualization, IT had a clean slate with which to do things differently with a new technology,” he said. “What seems to be the case is that virtualization reflects a much larger trend: the tendency of IT to always focus on the new at the expense of honing maturity in managing a wide range of potential risks, and not just security risks. Think IT service delivery and support, for example.”
IBM said its virtual security app will be available sometime in December.