A major VMware security initiative announced more than six months ago has still not resulted in any new products, but VMware and partners this week are demonstrating several prototypes of technology that will better secure virtual machines.
VMware publicly revealed plans in February for VMsafe, a set of APIs that will give security vendors more direct control over the hypervisor, allowing them to catch viruses, Trojans and keyloggers before they do any real damage.
VMsafe development is far enough along to build some "pretty effective" security products, and the APIs are being built into VMware's hypervisor, says Nand Mulchandani, VMware senior director of security products and marketing. But VMsafe won't be publicly available until the shipment of VMware Infrastructure 4.0, the next version of VMware's virtualisation software, and it's not clear when that will occur, Mulchandani said during an interview at VMworld in Las Vegas Tuesday.
"The APIs are built into the hypervisor and will ship concurrently with the next release," Mulchandani said.
No third-party security vendor can release VMsafe-related products available until then. But Symantec, Check Point, Trend Micro, and IBM's Internet Security Systems (ISS) division are among those demonstrating prototypes this week, he said.
Symantec is demonstrating a rootkit detector that utilises VMsafe. Today's intelligent malware is able to replace drivers and masquerade as part of the operating system, making them very hard to detect, Mulchandani said. Symantec's prototype allows a thorough security scan at the moment a virtual machine boots up or restarts, so it's able to intercept rootkits before they are encrypted and before the malware has been executed.
Check Point, meanwhile, is demonstrating a VMsafe-enabled network firewall, bringing granular firewall capabilities down to the level of individual virtual machines, a capability Mulchandani called "really revolutionary."
"The integrated firewall protects traffic and provides access control between virtual machines on the same subnet, eliminating the threat of a compromised virtual machine gaining access to other virtual machines on the same subnet," Check Point states.
VMware's goal is to provide "infinite flexibility" for deploying firewalls to any virtual machine, and enabling the firewall to move with the virtual machine even when it's transferred from one physical server to another, Mulchandani said.
Also this week, IBM ISS is demonstrating a firewall, and Trend Micro is demonstrating an offline virus scanning product that could potentially be put on the market even before VMsafe is ready, Mulchandani said. The Trend Micro technology allows customers to do a complete virus scan of virtual machines even when they are powered down, he said. This particular capability can be accomplished without the VMsafe portion of the hypervisor and so could be available before VMsafe itself.