There are several new products in the virtualization and cloud security spaces from PacketMotion, MicroSolved, and LynuxWorks. Each of these companies approach virtualization security from uniquely different ways. Unlike the current set we know and use, these tools could be considered adjuncts for general use, or perhaps specific use cases. All provide additions to the End-to-End virtualization security.
First we should start with LynuxWork‘s LynuxSecure hypervisor. This is a replacement hypervisor that provides separation all the way through the hypervisor using a separation kernel and all the features of current chip sets. Similar in many ways to all other hypervisors, LynuxSecure however, has one feature that makes it a welcome addition in highly secure environments. They have the ability to encapsulate a VM in such a way that the VM will not boot if they security policy that wraps the VM is not met. This is a feature we have been asking for within the more well known hypervisors for many years. Now it exists but can only be used within the hardened hypervisor, LynuxSecure. Given that this is another hypervisor, use within a traditional virtual environment would be limited to those VMs that require higher levels of security.
PacketMotion provides a much higher level of functionality than LynxSecure as it is a network analyzer with a twist. PacketMotion, has entered the virtualization security market with a PacketSentry virtual probe virtual appliance. The virtual probe appliance communicates to a PacketSentry Manager physical component (but soon to be virtual as well). PacketSentry correlates in real time users to network accesses by integrating into Active Directory to know when a user logs in to an environment, and then tracks per user what happens on the network and correlates this information in real time. This solves a fairly large compliance issue of determining who did what when where and how from within the virtual network. PacketSentry in addition, can track management actions but not all those actions, they can track the packets from a client to the server such as vCenter, but not from vCenter to the vSphere hosts (actually, this is a difficult task given that vCenter uses a delegate user), so does not replace your current SIEM and other products that correlate this information. There is a bit of enforcement within PacketSentry as well, but this is geared to standard user interactions and not specific to the virtual environment. Actually, they have purposefully chosen not to delve into that aspect of compliance within the virtual environment, but chosen instead to provide a virtualized PacketSentry component for those who need one.
MicroSolved‘s HoneyPoint Wasp was discussed on the Virtualization Security Podcast #60. HoneyPoint Wasp is not a virtualization specific tool, but is provided as a virtual appliance in order to detect intrusions and if they are detected, perhaps shutdown the attack at the source. The tools works by placing a detector within your network that if hit implies someone is trying to either directly attack to or pivot an attack from within your network. In essence, it is a honey pot waiting for the first victim. The wasp component either just warns you of the attack, or could go back on the same channel as the attack originated, and shutdown the attack using advanced anti-hacking methods that prove hackers write code as badly as everyone else. HoneyPoint Wasp provides an early warning detection of an attack without requiring any new rules or rulesets. It does not require any, instead, since it is a honey pot, it provides a thin layer that represents an application and if it is hit, you know you are under attack. Placing one of these within your virtualization management network or other critical virtual networks would allow you to in effect place a early warning system within your virtual networks so you can react faster to an attack.
These tools taken individually have quite a bit of merit, but when you put them into the existing mix of virtualization security tools, you now have a much more interesting toolbox for compliance auditing, high secure areas, and early detection of attacks.
Comments are closed.
Thanks for the mention. Please note that very soon community editions of HoneyPoint will be available at no charge to those interested in playing with our technology. You can find out more and reserve your free 1 year license by emailing us at: info1@micro2solved.3com (spam protection, remove the numbers to email us). Thanks again for the mention and we love your blog. Keep generating the content, the industry needs insights and researchers who believe in rational approaches to the problems.