The Year of Virtualization Security (VirtSec)

By Greg Ness
published: Tuesday, June 03 2008

In February I called 2008 The Year of VirtSec. We're now approaching the halfway point, so let's take a quick scan of the meaningful highlights this year in virtualization security. I think there are three meaningful highlights to note thus far in 2008, and they all fall into the category of virtsec validation.

When VMware announced VMsafe at Cannes it was a watershed moment. I was there working the Blue Lane booth and you could feel the adrenalin rush that security pundit/blogger Chris Hoff referred to as a defibrillator for the tired netsec industry. VMware put virtsec on the map, after a year of blogs and press speculation and a trickle of papers at various conferences. Don't get me wrong, the virtsec market is still small, but the validation that VMware brought combined with the list of security players who signed up was more than impressive, it was a signal that VMware was taking security and the migration from devtest to production data center environments seriously.

So let's call VMsafe one giant leap for virtsec. Kudos to VMware for both recognizing the importance of virtualization security and signaling their intentions to enhance data center security above and beyond the tired status quo to which Hoff referred.

The second point of 2008 virtsec validation was the rush of start-ups making virtsec announcements. Clearly smart venture capitalists and entrepreneurs were voting with their feet that there really is something there when it comes to a high potential growth market and status quo netsec shortcomings in the "virtual layer blindness" and deep packet apocalypse scenarios I blogged about a few months ago.

I think the third notable development was the very recent Hoff/Crosby debate about who owns virtsec. I think Chris Hoff's point questioning both the Citrix virtsec vision and its ability to execute in the data center (based on that vision) is a prescient debate on multiple fronts. If the senior brass at Citrix takes Hoff's comments correctly, they'll realize that he represents what will be a common network security perspective on the security dynamics of virtualization in production data centers. Whether they address these issues now in a high profile manner or later in the channel and via a "thousand points of fight" is up to them.

Where Does Virtualization Security (Virtsec) Go From Here?

I think you'll start to see more virtsec product announcements from the larger VMsafe members now that they have time to digest the unique security requirements of protecting the hypervisor layer. I also think we'll see more upstack innovation in perimeter security, as a way of evolving existing approaches to better protect fluid environments. As I've blogged before, virtualization security will force vendors to move away from deep packet inspection and signature-based defense at an even faster pace.

The fishy bid for Sourcefire by Barracuda was a harbinger for the tired deep packet inspection-obsessed status quo of network security appliances threatened by the demands of virtsec and increasing exploit mutation. Most certainly we'll see the usual last of breed positioning exercises by those most behind in the upstack race with slide ware highlighting customer counts and pay for play reports highlighting new features designed to compensate for inherent weaknesses like accuracy, processing requirements, limited visibility into the hypervisor layer and insufficient exploit countermeasures.

As we mark the first six months of the Year of Virtsec it is clear that the rate of change in the once staid security industry is about to accelerate. If it doesn't we're all destined to witness the continued erosion of security that may one day be called the golden age of bricks and mortar.

Sourcefire , Barracuda , VMware , Citrix