Some security appliance vendors now offer security software products within virtual machines, with the goal of...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
making configuration and deployment easier. Can you explain why this seems to be a growing trend, and what are the implications, both good and bad, for enterprise security?
A problem common to all software vendors is ensuring their products are installed and configured correctly and don’t disrupt existing applications and services on the customer’s computer. A virtual security appliance is a pre-built, pre-configured, ready-to-run application solution packaged along with an optimized operating system. This type of operating system is referred to as JeOS (just enough operating system), pronounced “juice.” (The difference between a virtual machine (VM) and a virtual appliance is the appliance comes with a pre-configured OS and application stack, whereas a VM has neither.)
A JeOS contains only the programs and components required to support the specific workload it runs. It occupies a much smaller footprint compared to a general purpose operating system, and therefore has a smaller attack surface. It is also much easier to maintain and manage since fewer updates are required for a slimmed down OS. This smaller attack surface and simplified patch management make virtual appliances more secure than applications installed on top of a regular OS. Vendors can also concentrate solely on developing their product without having to spend time trying to make it work on a variety of system configurations.
There are other advantages, particularly for system administrators of large enterprise systems. Since the software application arrives packaged in a run-to-ready format, pre-installed and pre-configured with its own operating system, it removes many of the problems associated with rolling out an application across many diverse configurations. By simply downloading and powering on the virtual appliance file, the application is instantaneously available.
Maintenance is also easier. Virtual appliances are a unified offering and are supported by patches and service packs provided directly by the software developer. This means an administrator has a single point of contact instead of having to test and manage patches, service packs and upgrades from multiple vendors. There are no compatibility problems, either, as all patches and updates are pre-tested and delivered by the vendor.
The rapid rise in the number of virtual appliances at the VMware virtual appliance market place shows how popular this form of software product is becoming. Any product that is pre-configured and ready-to-run on a slimmed down pre-configured OS has to be good for overall system security.
Dig Deeper on Virtualization Security Issues and Threats
Related Q&A from Michael Cobb
Address bar spoofing attacks can be detrimental to an organization. Expert Michael Cobb details several vulnerabilities and explains how to defend ...continue reading
Facebook added OpenPGP encryption to its messaging services to help improve messaging safety. Expert Michael Cobb explains the benefits of the ...continue reading
The updated Chrome extension policy allows users and developers to only install extensions from the Chrome Web Store. Learn how this affects security...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.