Security firms plug virtual security holes

New tool helps security companies and businesses protect against the threats they can't see as well as the ones they can.

Security key

Security firms have a new weapon in the war against internet threats as a proof of concept tool is now being made commercially available.

It's called VMsafe and it provides software developers with a greater level of control and monitoring capability than was previously thought possible with either physical or virtual servers.

The increasing popularity of virtual servers has introduced new security challenges. While they provide significant benefits, with busy data centre staff being able to bring new systems online in seconds rather than minutes or hours, these same luxuries also have their downsides. Rushing out new servers can mean periods during which those systems are left unpatched and otherwise vulnerable to attack.

VMware, the company behind one of the most prevalent virtual systems, has provided developers with low-level access to its products via the VMsafe API. In practice this means that companies specialising in internet and host-based security can produce software capable of doing things that were previously unheard of.

VMsafe was first announced as a concept in 2008 but has only been available for a few months. Now, vendors including Trend Micro are rolling out products that use this API to monitor multiple systems without the overhead of traditional anti-virus software. Other uses may involve automatically checking the working status of systems, their logs and the integrity of their files.

Blake Sutherland, vice president of strategic markets and alliances at Trend Micro, told IT PRO that his team have been working on technology that will not only improve security but also cut costs too.

"The number of virtual machines (VMs) exceeds the number of previous physical servers. This is good for consolidation but, if you are using host-based security, the cost rises. You're being charged for each installation of the product, but we don't do that with our virtual security model," he said.

The VMsafe API has also allowed Trend Micro to develop a vulnerability blocking system that would, Sutherland claims, run more effectively and with less load on the servers than traditional intrusion detection (IDS) and prevention (IPS) systems.

"Running software on the server uses resources like the CPU and most particularly memory. We cannot take the network appliance approach because this would involve an ever-increasing signature list [of threat descriptions] and appliances have their own hardware to handle that. We use VMsafe to inspect the packet stream between systems on an ESX server and if there's a vulnerability on a VM we'll block all attempts to attack it."

What happens if some malicious code enters the servers regardless of this protection? Bill McGee, Trend Micro's development director, responded saying "malware can still turn off security software. However, our application runs at Hypervisor level and will notice that the protection from the guest system has gone. We don't know of any other developers who are doing this."

It's still early days for this type of approach to security and there may be as many problems as successes while vendors work to put useful implementations in place. Sutherland acknowledges that there's still a long way to go before the full potential of this type of technology is realised. "It's the art of the possible versus the art of the practical in the short term."

Featured Resources

Defeating ransomware with unified security from WatchGuard

How SMBs can defend against the onslaught of ransomware attacks

Free download

The IT expert’s guide to AI and content management

How artificial intelligence and machine learning could be critical to your business

Free download

The path to CX excellence

Four stages to thrive in the experience economy

Free download

Becoming an experience-based business

Your blueprint for a strong digital foundation

Free download

Recommended

What is a botnet?
botnets

What is a botnet?

14 Jul 2021
Trend Micro home network security flaws could let hackers take over PCs
Security

Trend Micro home network security flaws could let hackers take over PCs

26 May 2021
The secure cloud configuration imperative
Whitepaper

The secure cloud configuration imperative

26 May 2021
Trend Micro and Snyk team up to combat open source flaws
vulnerability

Trend Micro and Snyk team up to combat open source flaws

10 May 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Citrix mulling potential sale after tumultuous 2021
mergers and acquisitions

Citrix mulling potential sale after tumultuous 2021

15 Sep 2021
Hackers develop Linux port of Cobalt Strike for new attacks
Security

Hackers develop Linux port of Cobalt Strike for new attacks

14 Sep 2021