On the 9/5 Virtualization Security Podcast we discussed Hyper-V Security and were joined by Alex Kibkalo, a former senior architect at Microsoft who works as a Director of Product Management in 5nine Software. 5nine Software has developed the first introspective virtualization security device for Hyper-V. Introspective security has been missing from Hyper-V for a number of years, while it was possible to implement, the market has been so small that is was not feasible until now. Which implies Hyper-V is gaining adherents so has a need for better security measures.
Articles Tagged with anti-virus
On the 8/9 Virtualization Security podcast, we continued our discussions on defense in depth with a look at end-user computing devices, specifically laptops and endpoint desktops, with Simon Crosby, CTO of Bromium. While we also discussed phones and tablets, we were focused more on the technology preview that now is Bromium vSentry. Bromium vSentry looks to protect laptops (and other machines) from unknown and zero-day attacks in a unique hardware-assisted way. There is now a new tool in our defense in depth toolbox that meets an ever-growing need. But what is the need, and what is the tool?
The Virtualization Security Podcast on 9/16 was the first in a series of Virtual Desktop Security discussions we will be having. The special guest panelist was Bill McGee from Trend Micro who helped us to understand their implementation of Deep Security 7.5’s Anti-Virus and Anti-Malware (AV collectively) within the virtual desktop.
Trend Micro’s product makes use of enabling technology within vShield Endpoint to provide offloaded AV and Anti-Malware scanning of virtual machines using only one set of rules and one VM to do the actual scanning. Removing the per VM rule set and processing that currently takes place within the VM.
Virtualization Security vendors are starting to seriously investigate the possibilities of the various introspection APIs available to the hypervisors. Introspection APIs allow security groups to now investigate the security of a virtual network, virtual machine, and other components from without. In other words, why rely on an agent within the VM to protect your network, virtual machine, or components. Instead, we can use these APIs to peer into these components from without the system to be tested.
Why is this important?
Introspection is important due to the fact that one the first things attackers do is disable, bypass, or otherwise render harmless any security agents that live within the virtual machine under attack. Thereby making it difficult to track. You would think, the management tools for these agents can see that the agent may not be running, but intelligent attackers will keep the agent running, but they will be below its radar. The agent is rendered harmless to the attacker.
There are now more players in the virtualization security product space. While at RSA Conference 2010 I walked the show floor in search of these vendors to discover what they were doing. While some vendors do not address virtualization security, the vast majority are either looking to do so or actually have a virtualization security product.
The products fall into three categories: