On the 9/5 Virtualization Security Podcast we discussed Hyper-V Security and were joined by Alex Kibkalo, a former senior architect at Microsoft who works as a Director of Product Management in 5nine Software. 5nine Software has developed the first introspective virtualization security device for Hyper-V and is a very large step forward. Introspective security has been missing from Hyper-V for a number of years, while it was possible to implement, the market has been so small that is was not feasible until now. Which implies Hyper-V is gaining adherents so has a need for better security measures.
On the 8/9 Virtualization Security podcast we continued our discussions on defense in depth with a look at end user computing devices, specifically laptops and end point desktops, with Simon Crosby, CTO of Bromium. While we did also discuss phones and tablets we were focused more on the technology preview that now is Bromium vSentry. Bromium vSentry looks to protect laptops (and others) from unknown and 0-day attacks in a unique hardware assisted way. There is now a new tool in our defense-in-depth toolbox that meets an ever growing need. But what is the need and what is the tool?
The Virtualization Security Podcast on 9/16 was the first in a series of Virtual Desktop Security discussions we will be having. The special guest panelist was Bill McGee from Trend Micro who helped us to understand their implementation of Deep Security 7.5’s Anti-Virus and Anti-Malware (AV collectively) within the virtual desktop.
Trend Micro’s product makes use of enabling technology within vShield Endpoint to provide offloaded AV and Anti-Malware scanning of virtual machines using only one set of rules and one VM to do the actual scanning. Removing the per VM rule set and processing that currently takes place within the VM.
Virtualization Security vendors are starting to seriously investigate the possibilities of the various introspection APIs available to the hypervisors. Introspection APIs allow security groups to now investigate the security of a virtual network, virtual machine, and other components from without. In other words, why rely on an agent within the VM to protect your network, virtual machine, or components. Instead, we can use these APIs to peer into these components from without the system to be tested.
There are now more players in the virtualization security product space. While at RSA Conference 2010 I walked the show floor in search of these vendors to discover what they were doing. While some vendors do not address virtualization security, the vast majority are either looking to do so or actually have a virtualization security product.