News Stay informed about the latest enterprise technology news and product updates.

IBM makes push into virtualization security with Phantom

Big Blue said its research teams would contribute to development of technologies and best practices to secure virtual environments.

Security researchers at IBM have been studying ways to protect virtual computing environments and plan to roll out products and services to address the complexities associated with the technology.

There are a lot of smart researchers at IBM that have done interesting work in virtual security, but they've not been on the radar.
Phil Hochmuth,
senior analystYankee Group

In a project code named Phantom, IBM researchers are developing new security technologies to protect the hypervisor and monitor communications between virtual environments. IBM is a member of VMware's VMSafe program, and like many security firms, it plans to use VMware APIs to tap into the hypervisor and produce products designed to harden it.

Big Blue highlighted its virtualization security strategy at RSA Conference 2008 in San Francisco. Virtualization security was a hot topic at the annual security conference with security pros packing conference panel discussions and educational sessions on ways to deal with patching issues, communications monitoring, and network security—many of the same issues that trouble security pros in physical environments.

IBM currently sells protection for host operating systems through its intrusion prevention products, said Joshua Corman, principal security strategist at IBM. Corman said IBM has been conducting research into securing virtual environments for the last two years.

The company also sells virtual form factor for its mail security appliance inside of virtual environments.

Virtualization security:
VMware to release APIs to security vendors under VMsafe: VMware plans to release application program interfaces as part of VMsafe so security vendors could design software interoperable with its virtualization technology.

Altor Networks addresses virtual complexities: With virtualization complexities looming, new software and appliance vendors are emerging to address growing security concerns.

New virtual switch integrates with multiple security vendors: Montego Networks says its HyperSwitch will integrate virtual network policy enforcement and access control into security products from Blue Lane, Catbird, and StillSecure.

"As some of these platforms finalize their APIs, we're lock-step with them," Corman said. "As we get better integration into the platforms themselves for more efficiency and better protection that will come out lock-step as the platforms evolve."

Corman said attackers would eventually find holes in virtual environments to gain access to systems and steal critical information. Despite the security concerns raised by researchers, so far attack vectors on virtual computing environments have been primarily theoretical.

Still, customers considering the technology are going to have to determine the security of the hypervisor and the tools available to harden it, said Phil Hochmuth, a senior analyst at Boston-based Yankee Group.

"There are a lot of smart researchers at IBM that have done interesting work in virtual security, but they've not been on the radar," Hochmuth said.

IBM and Citrix have been working for several years on securing the hypervisor for Citrix XenServer products, said Simon Crosby, chief technology officer of Citrix. Crosby said virtualization technologies should be built into servers, making them more secure. Further research will help address compliance issues and patching complexities associated with virtual environments, he said.

"We collaborate with IBM daily on security in the Xen context," Crosby said. "Right now tracking a virtual machine through its lifecycle is a challenge … therefore finding a VM that is not running and checking that it is in compliance with patching for example is arbitrarily difficult."

Video - IBM Phantom to analyze virtual security: IBM's X-Force security research team and IBM Research are studying ways to protect virtual computing environments. Code named Phantom, the research project has been ongoing and could result in new products and best practices designed to leverage the hypervisor to improve security. In this interview at RSA 2008, Joshua Corman, principal security strategist with IBM's ISS team, explains Project Phantom and how IBM says it could help alleviate some of the risks associated with virtual environments.(8 min)

Dig Deeper on Virtualization security issues and threats

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.