While there have been no reports of widespread attacks on virtual machine hypervisors, it doesn’t mean that IT organizations need to pay less attention to virtualization security.
That’s one of the major themes emanating from RSA Conference 2011 in San Francisco this week with VMware lending its support to the virtualization security efforts of Hewlett-Packard, while Juniper Networks touted the virtualization security benefits of its recent acquisition of Altor Networks.
In the case of HP and VMware, the two companies pledged to work together on next-generation intrusion prevention systems that will be applied to virtual machines running both on premise and in the cloud.
While virtual machines benefit from the existing security infrastructure applied to physical servers and networks, the advent of technologies such as vMotion makes it clear that virtual machines are going to dynamically move around the network. Venu Aravamudan, senior director of product marketing for VMware’s Server Business Unit, says that as these virtual machines move about the network, IT organizations will need to make sure that the security policies that have been applied to these virtual machines travel with them.
According to Michael Callahan, director of worldwide security product and solution marketing for HP’s TippingPoint products, the two companies plan to work together to give TippingPoint products much greater visibility into the overall VMware environment. Specifically, the two companies are working on integrating TippingPoint IPS products with vShield and VMware vCloud Director. The two companies are also jointly marketing the vController IPS from HP with VMware vShield App and Edge security products.
Juniper Networks, meanwhile, announced that its vGW virtual gateway is now integrated with the company’s SRX Series Services Gateway, which serves to bridge the two worlds of virtual and physical security, said Peter Lunk, Juniper director of product marketing for high-end security systems.
The core issue that Juniper is trying to address, says Lunk, is the loss of visibility that security products such as firewalls experience when dealing with virtual servers. By integrating the Altor virtualization security technology with Juniper security products, visibility into those environments is provided in a way that leverages a customer’s existing investments in physical security products.
No matter the approach, it’s pretty clear that virtualization security is becoming a bigger IT concern as more mission-critical applications wind up being deployed on top of virtual servers. And while there may be a tendency to overlook virtualization security issues in the absence of an immediate threat, the fact remains that anything left unguarded is going to eventually attract the wrong kind of attention.