A major VMware security initiative announced more than six months ago has still not resulted in any new products, but VMware and partners this week are demonstrating several prototypes of technology that will better secure virtual machines.
VMware publicly revealed plans in February for VMsafe, a set of APIs that will give security vendors more direct control over the hypervisor, allowing them to catch viruses, Trojans and keyloggers before they do any real damage.
VMsafe development is far enough along to build some "pretty effective" security products, and the APIs are being built into VMware's hypervisor, says Nand Mulchandani, VMware senior director of security products and marketing. But VMsafe won't be publicly available until the shipment of VMware Infrastructure 4.0, the next version of VMware's virtualization software, and it's not clear when that will occur, Mulchandani said during an interview at VMworld in Las Vegas Tuesday.
"The APIs are built into the hypervisor and will ship concurrently with the next release," Mulchandani said.
No third-party security vendor can release VMsafe-related products available until then. But Symantec, Check Point, Trend Micro, and IBM's Internet Security Systems (ISS) division are among those demonstrating prototypes this week, he said.
Symantec is demonstrating a rootkit detector that utilizes VMsafe. Today's intelligent malware is able to replace drivers and masquerade as part of the operating system, making them very hard to detect, Mulchandani said. Symantec's prototype allows a thorough security scan at the moment a virtual machine boots up or restarts, so it's able to intercept rootkits before they are encrypted and before the malware has been executed.
Check Point, meanwhile, is demonstrating a VMsafe-enabled network firewall, bringing granular firewall capabilities down to the level of individual virtual machines, a capability Mulchandani called "really revolutionary."
"The integrated firewall protects traffic and provides access control between virtual machines on the same subnet, eliminating the threat of a compromised virtual machine gaining access to other virtual machines on the same subnet," Check Point states.
