Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Network virtualisation will lead to security control changes

Gartner analyst says the future lies in a hybrid physical/virtual security technology

Article comments

Gartner analyst Neil MacDonald's specialty is security, and he not only keeps a close eye on what security vendors are doing, but he's an advocate for change as fundamental network technologies evolve. Virtualisation is having an enormous impact, leading to questions about the role of physical security appliances in a virtual world. MacDonald predicts by 2015, 40% of security controls in the enterprise data center will be virtualised, up from 5% in 2010. In a recent interview, MacDonald talked about the future of security in the virtual world.

To adapt to virtualised networks, some security vendors are coming up with software products they say are specialised for certain environments, such as VMware. But it was surprising to hear McAfee in announcing its latest antivirus software, Management for Optimized Virtual Environments (MOVE) 2.5, which support the VMware vShield security technology, which calls for an agentless approach, complain that the agentless approach is inadequate. They'd like VMware to change their views on agentless for vShield, saying agent-based is better. There seems to be industry tension over that right now. What's this all about?

McAfee came out and said it's not as good as running an agent inside the virtual machine (VM). And there's some truth to this. Buffer overflow protection, memory protection - all the things they do inside, they can't do that with agentless. They lose all behaviour heuristics. They can open the file and close the file. With MOVE 2.5, McAfee adds the agentless process. But McAfee is supporting both agent and agentless, and it's hypervisor-neutral.

So what's the issue with running agent-based antivirus software and virtual machines?

It's called "A/V storms," and it creates new amounts of traffic. Suppose they're all set to kick off at noon. You can set it as the admin, you say "randomise between 12 and 2." It's an answer, but not the best answer. Why do we keep scanning the same image and again? These VMware APIs let you scan it once. Kaspersky is supporting that but Symantec, not yet; they use a different architecture with Symantec Endpoint Protection 12.

VMware's work with these vShield security APIs over the years seems to be a contentious process. VMware now seems inclined to work only with specific security vendors. What do you think about it?

VMware created the first set of APIs on their own without going to the vendors. But they did work directly with Trend Micro. What Trend and VMware have done with their model is innovative. For Trend, it worked out well. They closed a lot of deals. APIs by committee generally don't work well. By focusing on a few vendors, they've been more successful. There are pros and cons to this agentless approach. There's new or offline VM protection with improved resource utilisation. On the "cons" side, it requires a hypervisor extension, it's VMware-only and need licensing, it's Windows only and not really "agentless," and there's only anti-malware scanning. You can't do host-based intrusion prevention or behaviour monitoring.

The vShield APIs give VMware a firewall capability. What's the view now on use of physical and virtual firewalls for security purposes when a network is virtualised?

Today, people use separate interface cards for each workload. You trust VMware to separate memory but for network traffic, you send it out separately to physical firewalls. The next logical step is, why not just virtualise the firewall? The VMware firewall could do that. For basic segmentation, it works fine. Check Point, Juniper and Cisco also have virtual firewalls. The Check Point firewall does IPS, which VMware doesn't do. VMware is partnering on that. In virtualisation, this all means I've taken a security control and sucked it in. And the question is, who's responsible for that? You have to maintain separation of duties. VMware has role-based access to do this. So does HyTrust. We don't necessarily want that all in one person's hands - the network is firewalled by the security administrator, the rest by the VMware administrator. But the future is hybrid, with some firewalls virtualised, some hardware. What's held back Palo Alto Networks is they use a lot of proprietary hardware. The Palo Alto firewall is not virtualised today but it will be.


Share:

More from Techworld

More relevant IT news

Comments




Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *