VMware releases long-awaited VMsafe security API

By Neil Roiter, Senior Technology Editor, Information Security magazine 21 Apr 2009 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

This means VMsafe-compatible security products, running as protected virtual machines, will be able to safeguard VMs at the host level. For example, a malware attack could be stopped at the host, protecting multiple guests.

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

The API will also give security products greater visibility into the virtual environment, granting them the ability to monitor and filter packets both inside the hypervisor and in a virtual security appliance.

Until now, for the most part, security products such as firewalls and IPS were placed in-line to protect the host, with little or no awareness of the VM guests, their roles and attached policies. Alternatively, some products have been offered as virtual appliances, but with little or no awareness of the virtual network in which the protected VM lives.

VMsafe should give enterprises the ability to manage their virtual networks and servers with the same level of control and visibility available for physical systems, while leveraging VMware-specific capabilities, such as VMotion, which dynamically moves VMs between physical devices as needed, and tracks the retirement, reactivation and creation of guest VMs.

A VMware spokesman was not available for comment on deadline.

"What we're seeing right now is the transition to really exploiting the capabilities of virtualization with VMsafe," Steve Herrod, VMware CTO, said in a recent interview with SearchSecurity.com.

"You'll see a lot of transformation around leveraging VMsafe and moving from just protecting the virtualization layer as if it were a normal machine," Herrod said, "to really exploiting the benefits of introspection and being ready for the mobility that comes with a virtualized data center."

Find out more about vSphere 4 Check out this page on SearchVMware.com with all the info you need about vSphere 4, VMware's newest virtualization product suite.

The VMsafe release comes as part of the latest version of VMWare's data center product, vSphere 4 (previously known as VMware Infrastructure), which it bills as the "first cloud operating system for delivering efficient, flexible and reliable IT as a service."

vSphere is designed to help deploy and manage virtualization rapidly and efficiently for large data centers or virtualized private hosted services, for both service providers and large enterprises that want to adopt a "cloud"-style environment within the organization.

To date, VMware has not publicly linked vSphere to VMsafe, although it has discussed other enterprise-scale security capabilities, such as new large-scale management features that facilitate server security, storage and network settings, automate configuration management and reduce errors due to misconfiguration.

vSphere also features vShield Zones, which enforce application security policies based on logical zones.

The VMsafe release should trigger a flurry of virtualization security products from among the more than two dozen VMsafe security partners, which have been working with VMware through the development and beta programs, many since VMware first announced VMsafe in February 2008.

Host intrusion detection/prevention and application security vendor Third Brigade Inc. stole a march on everyone at the 2009 RSA Conference Monday, announcing VMsafe support with the release of its Deep Security Virtual Appliance.

RSA Conference 2009 For all the latest news, podcasts and more direct from the show floor in San Francisco, visit our RSA Conference 2009 special news coverage page.

The announcement gives customers the option of using the VMsafe-supported product or Third Brigade's existing agent-based product for individual VMs requiring high performance and/or using VMotion in a cloud environment. In large virtual deployments, that means managing a lot of agents.

Tags: Virtualization Security Issues and Threats,  Security Industry Market Trends, Predictions and Forecasts,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Virtualization Security Issues and Threats Cloud computing data security starts with internal strategy, experts say PCI virtualization SIG closer to proposing changes to standard Security challenges with cloud computing services Secure virtual desktop software enables remote client security Security threats to virtual environments less theoretical, more practical At VMworld 2009, companies focus on virtual desktops for security Security fundamentals remain focus of virtualization deployments How to implement virtual firewalls in a complex network infrastructure How to find virtual machines for greater virtualization compliance Quiz: Virtualization and compliance Security Industry Market Trends, Predictions and Forecasts M86 buys Web security gateway vendor Finjan Information Security Decisions 2009: Presentation downloads Bruce Schneier on outsourcing, awareness training Marcus Ranum on cyberwarfare, infosec careers McAfee survey finds faults in midmarket enterprise security Email archiving vendor sues Gartner over Magic Quadrant Information Security magazine October issue PDF Editor's Desk: Security 7 Winners Chronicle Trends That Shape The Industry Information Security magazine Security 7 Award winners Security Squad: Privacy gone awry Security Industry Market Trends, Predictions and Forecasts Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary backscatter body scanning  (SearchSecurity.com) marketecture  (SearchSecurity.com) NCSA  (SearchSecurity.com) Palladium  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary