VMware Buys Shavlik

VMware has acquired one more company: Shavlik. This acquisition did not come as much of a surprise to me but is an interesting purchase for VMware.  There are quite a few Security as a Service vendors that would make sense for VMware to purchase and Shavlik is one of them. The difference between the other vendors and Shavlik is that VMware has a existing track record with Shavlik as Shavlik is integral in two of VMware’s existing products: VMware Go and VMware Update Manager. Shavlik provides a very important patch management system for these existing products and is one line of defense in the security space. Are there other plans for Shavlik? Or this is a way to lock in one set of tools?

I begin to wonder why the Shavlik purchase, as Shavlik is already integrated into two very important and well used VMware products. Is this just a case of VMware wanting to own all components in its critical vSphere space, or is this about the future? I think it is a mix of the two, but more about the future. We know that Paul Maritz stated vSphere is the least interesting of VMware’s products and direction, not least important but least interesting. vSphere needs to “just work” much like your car engine “just works”. So we should look up the stack for VMware’s reasons for purchasing Shavlik.

Up the stack clearly shows us vShield per Figure 1 (from the Paul Maritz keynote at EMCworld 2011). vSphere is well understood, but vShield is just starting to be understood by the community.

EMCworld 2011, Paul Maritz

Figure 1: EMCworld 2011, Paul Maritz

Is vShield an enabler or competitor in the industry? I think it is a mix of both, and adding vulnerability scanning into vShield for use by vCloud Director makes quite a bit of sense. There needs to be a VMware Update Manager and Vulnerability scanning style tool available to vCloud Director. Shavlik, given VMware’s current track record, is a good choice for such a tool. VMware could either directly place such a tool into vCloud Director for complete lock in, or could be an enabler and add the tool into vShield with an API that could be used by third parties to augment what Shavlik already does with new features, patch sources, and vulnerability scanning criteria.

If you remember, vShield is based on Blue Lane’s technology, which had an option to do inline patching of network traffic, perhaps with the Shavlik purchase there will now be a way for vShield to maintain the patch levels of all VMs (offline and online) directly, either by doing vulnerability scans making using of the vShield Endpoint mechanisms to determine in real time if patch needs to be applied, and applying it automatically, or by staging patches for future time frame. In some way, vulnerability scanning seems likely to now be a part of vShield, with the results minimally being fed into VMware Update Manager or to vCloud Director.

In either case, the Shavlik purchase will add to the vShield capabilities. One can only hope that VMware will provide an API into any such tool for use by third parties.

The full press release can be found here.

Edward Haletky (364 Posts)

Edward L. Haletky, aka Texiwill, is the author of VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment as well as VMware ESX and ESXi in the Enterprise: Planning Deployment of Virtualization Servers, 2nd Edition. Edward owns AstroArch Consulting, Inc., providing virtualization, security, network consulting and development and The Virtualization Practice where he is also an Analyst. Edward is the Moderator and Host of the Virtualization Security Podcast as well as a guru and moderator for the VMware Communities Forums, providing answers to security and configuration questions. Edward is working on new books on Virtualization. [All Papers/Publications...]

Connect with Edward Haletky:

Tags: , , , ,

2 Responses to VMware Buys Shavlik

  1. Fabio Marri
    May 17, 2011 at 9:37 AM

    Hi There,

    Now the fact that Vmware joint Rapid7 board makes even more sense, vulnerability scanning and threat management are the bread and butter of that company.

    When Sourcefire will eventually provide full IPS blocking capabilities we will have in the Vshield product family a robust and cutting edge alternative to traditinal security vendors.

    Will Vmware OEM a User Behaviour Analysis technology or full SIEM capalibities to be even more competitive in the Security/GRC market ?

  2. May 18, 2011 at 12:21 AM

    Hello Fabio,

    I think they will look to RSA Envision and Archer for those capabilities, since this is what these tools already do and are already part of the EMC family.

    Best regards,
    Edward

Leave a Reply

Your email address will not be published. Required fields are marked *

Please Share

Featured Solutions