Some security appliance vendors now offer security software products within virtual machines, with the goal of...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
making configuration and deployment easier. Can you explain why this seems to be a growing trend, and what are the implications, both good and bad, for enterprise security?
A problem common to all software vendors is ensuring their products are installed and configured correctly and don’t disrupt existing applications and services on the customer’s computer. A virtual security appliance is a pre-built, pre-configured, ready-to-run application solution packaged along with an optimized operating system. This type of operating system is referred to as JeOS (just enough operating system), pronounced “juice.” (The difference between a virtual machine (VM) and a virtual appliance is the appliance comes with a pre-configured OS and application stack, whereas a VM has neither.)
A JeOS contains only the programs and components required to support the specific workload it runs. It occupies a much smaller footprint compared to a general purpose operating system, and therefore has a smaller attack surface. It is also much easier to maintain and manage since fewer updates are required for a slimmed down OS. This smaller attack surface and simplified patch management make virtual appliances more secure than applications installed on top of a regular OS. Vendors can also concentrate solely on developing their product without having to spend time trying to make it work on a variety of system configurations.
There are other advantages, particularly for system administrators of large enterprise systems. Since the software application arrives packaged in a run-to-ready format, pre-installed and pre-configured with its own operating system, it removes many of the problems associated with rolling out an application across many diverse configurations. By simply downloading and powering on the virtual appliance file, the application is instantaneously available.
Maintenance is also easier. Virtual appliances are a unified offering and are supported by patches and service packs provided directly by the software developer. This means an administrator has a single point of contact instead of having to test and manage patches, service packs and upgrades from multiple vendors. There are no compatibility problems, either, as all patches and updates are pre-tested and delivered by the vendor.
The rapid rise in the number of virtual appliances at the VMware virtual appliance market place shows how popular this form of software product is becoming. Any product that is pre-configured and ready-to-run on a slimmed down pre-configured OS has to be good for overall system security.
Dig Deeper on Virtualization Security Issues and Threats
Related Q&A from Michael Cobb
Open source NoSQL MongoDB database faced 30,000 insecure instances. Expert Michael Cobb explains the misconfiguration that led to this, and how to ...continue reading
A new Veracode report offers details on common mobile application security risks. Expert Michael Cobb explains these flaws, and what developers can ...continue reading
Juniper firewall products were found to have two backdoor vulnerabilities. Expert Michael Cobb explains how a cryptographic algorithm and hardcoded ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.