While adoption of server virtualization is proceeding at a gallop, the effort to refine virtualization security reached only a slow trot in 2009.
Roughly 18% of server workloads have been virtualized, and research firm Gartner expects that number to climb to 28% in 2010 and almost 50% by 2012. But adapting traditional firewall, intrusion detection, antimalware and other types of security and monitoring software to run optimally in this radically changed hypervisor-based architecture is still very much a work in progress.
One development that occurred this year is the release of VMware's security APIs.
After talking up the idea since February 2008, VMware in April 2009 finally released its VMsafe APIs intended to help security vendors build products to work with its platform. But some vendors say these APIs present performance issues.
“We're not using the VMware APIs today due to performance,” says Richard Park, senior product manager at Sourcefire, which in early December shipped its first virtualized sensor and management console for VMware ESX and vSphere4.
Sourcefire's traditional physical appliances are network sensors that can do both intrusion-detection monitoring and intrusion-prevention blocking. But at this point, the Virtual 3D Sensor and Virtual Defense Center will only provide monitoring visibility into VMware's ESX hosts, not blocking of attacks.
“The only way to block traffic today is to put the sensor between two VMware switches,” Park says. Sourcefire is still examining exactly how to fully support that. For customers today with VMware-based virtualized servers, “the demand is for monitoring,” Park claims.
Park says Sourcefire is eager to see a robust set of VMware VMsafe APIs and that VMware has recognized there are performance issues and is revising its APIs.
At the Gartner ITExpo in October, Gartner Vice President Neil MacDonald publicly excoriated some security vendors for not moving more rapidly to come up with software-based virtual appliances, insinuating they would rather stick to their old ways of selling expensive hardware boxes. (See related story, Gartner on cloud security: “Our nightmare scenario is here now”.)
Enterprise customers are rapidly virtualizing their IT environments and often unwittingly creating less-secure results even as they reap the many benefits of virtualization, MacDonald says. Roping off virtualized servers with virtual LANs alone — a common practice — “is not sufficient for security separation,” MacDonald says. “It's become the default because it's built into VMware with its virtual switch. Our position is it isn't strong enough.”
MacDonald says virtualization is causing some “business-model disruption” in security and praised the efforts of some vendors, including Trend Micro, to leap in with new offerings to take on the virtualization challenge. Using the VMware VMSafe APIs is one approach which is still new, he noted.
Trend Micro's Core Protection for Virtual Machines, antimalware software that was designed for use with VMware, was released in the third quarter. Trend's Deep Security 7 for firewall, intrusion detection/prevention, integrity monitoring and log management for VMware ESX shipped in November.