In the End-to-End Virtualization Security Whitepaper we review various aspects of server security with an eye to determining how the products would work together to create a secure virtual environment. While some of these tools are cross-platform, the vast majority of them are geared specifically to VMware vSphere.
In this post we will look at Server Security, and we will follow-up with another post about Desktop Security? Are these very different? I believe so, desktops have daily, second by second user interactions. For desktops, one of the most important aspects is look and feel such as response time for actions. So things need to be as fast as possible. With Servers however, user interactions are limited and therefore have slightly different performance and security requirements. What may be acceptable for a server may not be acceptable for a desktop. So what do the tools provide for servers?Server Tools include the vast majority of vendors within the Virtualization Security space. There are some new minor players, such as Beyond Trust. There are still gaps in the virtualization security story such as Log Analysis. If these tools do log analysis they are looking for ways of bettering their Role Based Access Control (RBAC) and perform audit tracking analysis, but they do not look for outright security issues. For server security we also must consider Anti-Virus (A/V), Anti-Rootkit (A/R), Intrusion Detection or Protection systems (IDS/IPS), as well as Compliance and hardening amongst the others mentioned previously.
1 Split Brained between all different management tools
2 Via vGhetto Security Health Script
3 IDS via Altor; IPS via Juniper IDS/IPS integration
4 ESX Service Console Only
5 via Sourcefire
6 partial, looking for some audit information, not specifically security issues
7 via X-Force
8 via Tipping Point
Is there anyone tool you should buy to ensure you have a secure virtual environment? Not yet. The Catbird/Hytrust Combination is very intriguing as the gaps in end-to-end virtualization security start to close but do the combination does not yet provide a single 1 stop shop for virtualization security needs. Tools are either missing unified Role Based Access Controls (RBAC), Anti-Virus, Anti-Rootkit, log analysis, or compliance/auditing capabilities. You still need a combination of tools to provide end-to-end virtualization security.
It should be noted that VMware’s introduction of the beta vShield Edge and vShield Application firewalls has the potential to change this landscape by quite a bit as well. Nearly all products combine a firewall with their products, as we discussed in If the Virtualization Security Products had no Firewall?, many of these products would change dramatically in functionality. The question is still out on who will perform integration testing between VMware’s firewalls and the third party tool implementations that depend upon their firewall modules to provide all the extra functionality.
I believe some third party should perform such testing, not necessarily the vendor’s themselves as this will insure the same testing for all products.
This year’s VMworld 2010 will speak quite about about virtualization security, I look forward to seeing all the announcements that will be made. VMworld 2010 is shaping up to include much more about virtualization security than past conferences.
Update 1: Modified Table to include Altor’s Compliance Module.