This years Innovation Sandbox at RSA Conference was won by a little known company to virtualization and cloud security vendors, its name is Invincea. However, it makes use of virtualization to aid in security. This years finalists once more included HyTrust for the inclusion of what appears to be complete UCS support within the HyTrust Appliance, Symplified which provides a unified identity within a cloud, CipherCloud which encrypts bits of your data before uploading, but not enough encryption to mess with sort and other algorithms. Plus other non-cloud like products: Entersect (non-repudiation in the form of PKI), Gazzang (MySQL Encryption), Incapsula (collaborative security to browsers), Pawaa (embed security metadata with files), Quaresso (secure browsing without browser/OS mods), and Silver Tail (mitigation).
Last year’s finalists also had the same reach of products but many more pure virtualization security vendors with Altor picking up the win. What is interesting about the field and indeed all of RSA Conference 2011, is that 2010 looked like a blip on the radar more than anything else. Why? Because nothing on the show floor was really about the Cloud or virtualization but it was always a ready conversation. Last year, everything was about Cloud and Virtualization but no one could define anything or tell me how their products fit except for the virtualization security vendors. The Innovation Sandbox provides a very good feel for the RSA Conference show floor.
Safe browsing is important, but the approach Invincea took has been around since virtualization began and has been in use since then as a security measure. That is taking the browser and packaging it within a VM. In this case, one that runs within VMware VMplayer. How is this even remotely innovative? I have personally been doing this since 2004. It is now 7 years later and this is now considered innovative? Since Invincea SHIPs a pre-installed image of just enough Microsoft Windows to run IE or just enough Linux to run Firefox, how does Invincea work within your current licensing scheme, alas how is it even a viable solution given Microsoft’s comments outlined within Virtualizing Internet Explorer: Microsoft Takes The Ball and Goes Home. If Microsoft will not support a virtualized IE, how will Invincea deal with this? Or is support once more in the hands of your own entire organization?
Furthermore, as discussed once on the VMware Communities forum, even using another VM to browse does not alleviate the parent machine of the VM from attack? How you say, because it is a hosted environment. It is trivially easy for malware to know it is running within a VM and then to do something else, or what is more interesting is that the packets are WITHIN the host before you can even decide if they malware or not. The conversation ended up with the VM being required to use a device not seen or interpreted by the host directly such as a USB Networking device using USB passthru support. But that only works if you are not using Desktop as a Service (DaaS) or an existing virtual desktop environment.
In these later cases, you need to ensure who or what can see the traffic that could contain malware as the malware may not actually be designed for anything but to attack those components. If the VMplayer image is looked at for any reason within the main VM, malware could spread. As outlined within the VMware Communities thread, there is no 100% safe way to contain malware. It will require good browser hygiene, non-curious people, and other security measures. Unfortunately, the containerizing of browsers has never been the best way to secure browsers all it does is move the problem not solve the problem.