Secure virtualisation at VMworld

McAfee and Tripwire launch their security initiatives at the show

The security of virtualised environments took centre stage at VMworld today as security vendor McAfee and IT configuration firm Tripwire made several key announcements.

McAfee launched a beta version its new email and web security virtual appliance, which offers the same protection from spam, malware and malicious web sites as McAfee's physical security appliances, the firm said.

It also announced an OEM agreement to use VMware's ESX Server 3i technology in future security solutions. It will also embed VMware's VMsafe security technology in future products.

McAfee used VMworld to launch a new service and new guidelines to help organisations deploying virtualisation technologies to do so in a more secure fashion.

The Foundstone Professional Services offering is designed to help organisations by addressing the people, process and technology elements surrounding virtual deployments, according to McAfee.

Christopher Bolin, McAfee's chief technology officer, said that the disruptive effect virtualisation is having in the IT market represents a huge opportunity for security vendors.

"The big news today is the announcement of VMsafe. With VMsafe McAfee will be able to offer security for virtual environments beyond what is available for physical environments," he explained. "With VMsafe a virtualised operating system will be more secure than its physical equivalent."

Graham Titterington of analyst firm Ovum said that McAfee had stolen a march on many of its rivals by positioning itself as a leader in virtual security.

"Virtualisation is a fundamentally secure technology but you need to think about things like patching virtual machines," he explained. "And then it's not just about protecting individual partitions; the hypervisor and the virtual platform itself are potentially open to denial of service attacks."

Another vendor to blaze an early trail in the security market for virtualisation is Proofpoint, which offers a virtual appliance version of its email security product.
"More than any other IT segment, security vendors ship a lot of hardware," argued the firm's chief executive Gary Steele. "Other security vendors have taken the same step as us and it makes lots of sense – an easy-to-set up and use locked-down environment with no physical hardware."

Also at the show, Tripwire launched a new agentless solution designed to help organisations adhere to operational, regulatory and security standards in their VMware environments.

Tripwire Enterprise for VMware ESX Server features customisable configuration assessment policies which allows firms to manage their configurations, and will alert the administrator when any non-compliant changes are made, said the firm.

The product features certification from best practice standards drawn up by the Center for Internet Security (CIS).

"The hypervisor is a blindspot for organisations because they don't have
the tools to manage it or have the right in-house experts to help," argued Tripwire's Dwayne Melancon. "A lot of organisations are still reluctant to fully deploy [virtualisation technologies] because of this."