IBM Eyes Virtualization Security with Phantom

Big Blue officials launch a research project to develop IPS and other technologies to secure virtual environments.

SAN FRANCISCO-IBM is launching a security research project to protect the hypervisor and prevent malware from infecting virtual environments.

The project is a joint initiative from IBM X-Force and IBM Research, according to company officials, who discussed the effort April 7 here at the RSA Conference. The project, dubbed "Phantom," is focused on creating technology to monitor and block malicious communications between virtual machines, as well as monitor their execution state to protect them against malware threats.

At its core are plans for host intrusion protection that will sit in a secure, isolated partition and integrate with the hypervisor, IBM officials said. So far, the industry has done a poor job of securing the hypervisor, and it's a foregone conclusion that hackers will eventually exploit it, said Joe Anthony, program director for security and compliance management with IBM Tivoli.

"Physical security is what's been driving the market for a long time as far as, How is an overall area secured, how do we lock it down?" he said. "The virtualization area-in particular, the hypervisor-has not been addressed very well and has really opened up a lot of attack vectors inside a virtual environment."

Confused by the myriad terms and acronyms in IT security? Click here for eWEEK's Security Dictionary.

The company did not say when a product would be ready based on the research. The project will incorporate IPS technology from IBM's Internet Security Systems division, which was an independent company specializing in intrusion prevention products before it was bought by IBM two years ago.

A number of companies-both virtualization vendors such as VMware and security providers like Symantec and Apani-have made a push around securing virtual environments of late. IBM officials said the company is leveraging decades of experience in virtualization and will work to design tools that play well with VMware, Citrix and other virtualization providers.

"Each of the different environments does have nuances that are different. ... They all leverage hypervisors, but they all do it in different ways," Anthony said. "[We have to] go ahead and work with the major virtualization vendors so what we bring to market definitely addresses a broad scope of different communications."