Virtualization Security a Focus for Vendors

At the RSA conference in San Francisco, popular sessions such as "Mitigating Virtual Machine Security Vulnerabilities" forced organizers to turn away attendees.

Virtualization security is top of mind for some attendees at the RSA Conference held April 7 to 11 in San Francisco, and vendors big and small are taking notice.

IBM kicked off its involvement with the conference by revealing a research project, dubbed "Phantom," focused on protecting the hypervisor and blocking malicious traffic between virtual machines. Startup Montego Networks used the show to announce integration agreements with companies such as StillSecure and Elitecore Technologies' Cyberoam to address security in virtual environments.

Interest in security issues remains high; organizers had to literally turn people away from the "Mitigating Virtual Machine Security Vulnerabilities" session because it was too full. But IT professionals still are tasked with sifting through the hype to find what they actually need to be concerned with.

"There are many solutions that are being brought to market that provide nothing more than what their physical counterparts have provided for years-in-line IPS, firewall, patch management, etc.," John Peterson, chief technology officer of Montego Networks, said in an interview with eWEEK. "Customers' principal request has been [the] ability to provision network monitoring and policy enforcement between virtual machines."

Click here for's coverage of the RSA Conference.

Montego Networks is pushing its new HyperSwitch, which company officials said integrates policy enforcement, access control and secure switching for virtual networks.

Other companies, such as Altor Networks, are focused on providing visibility and analysis of traffic across virtual switches. Prior to the show, Altor CEO Amir Ben-Efraim said in an interview with eWEEK that traditional network analysis tools were built to tap directly into the physical network or integrate with physical switches. However, these products assume some level of participation in network communication in order to gather information, and network traffic on virtual switches is embedded inside the virtual servers, he said.

"This creates an operational and security blind spot for server and network administrators," Ben-Efraim said. "Much like in the physical world, operational and security best practices require an effective means to monitor all network activity for unwanted protocols [and] unwanted connections, as well as for security threats."

Fear of an exploit compromising the hypervisor remains a topic of interest for researchers, enterprises and hackers alike. In the past year, a number of bugs have surfaced affecting a variety of virtualization products. Joe Anthony, program director of security and compliance management for IBM Tivoli, said a hypervisor exploit is the next step for hackers.

"I do fully expect to see that. There [are] definitely different things that have already occurred on a small scale. It is not that big a leap to see the types of exploits that are going on now on a regular server level ... occurring within the virtualized environments on a given machine. It's a very easy next step," Anthony said.