by Neil MacDonald | April 28, 2009 | 4 Comments
In my daily conversations with clients on virtualization security, one of the issues that we frequently discuss is whether or not they need virtualized security controls like firewalls and intrusion prevention systems to isolate and inspect traffic between virtual machines. One line of reasoning goes like this: If the workloads in the VMs have similar [...]
Category: Virtualization Security Tags: Next-generation Data Center, Virtual Appliances, Virtualization Security
by Neil MacDonald | April 23, 2009 | 2 Comments
When I called this “virtualization security” week, I wasn’t kidding. There were at least a dozen different session on the topic this week at the RSA conference in San Francisco. I’ve been researching the issue for several years, so it is exciting to see ideas and recommendations I have been giving in research, inquires and [...]
Category: Virtualization Security Tags: Best Practices, Virtualization Security, VMware
by Neil MacDonald | April 22, 2009 | 4 Comments
On Tuesday April 22, VMware formally launched the next major release of its virtualization platform. The code has been released to manufacturing and will become generally available during this quarter. The atmosphere was upbeat, the buzz phrase “cloud” was generously sprinkled throughout the presentations and, most importantly, the importance of security as a core capability [...]
Category: Virtualization Security Tags: Hypervisor Security, Virtualization Security, VMsafe, VMware, vShield, vSphere
by Neil MacDonald | April 21, 2009 | 1 Comment
I am out in the San Francisco area for a number of virtualization security-related events this week. I’ve been frequently blogging on this topic since my first post. Today, VMware formally launches vSphere 4. The launch is being simulcast here. Hopefully, VMware will provide specific details on three areas of interest that I have. First, [...]
Category: Virtualization Security Tags: Virtualization Security, VMsafe, VMware, vShield
by Neil MacDonald | April 18, 2009 | 1 Comment
During the course of my blogging activities, this is the third time I’ve talked about something the security industry should do that I believe is so obvious that I called it a “no-brainer”. The first was in reference to a global, industry-wide effort to create a shareable, standards-based application whitelist database built directly from feeds [...]
Category: Next-generation Data Center Virtualization Security Tags: Hypervisor Security, Security No-Brainer, Virtualization Security, vSphere
by Neil MacDonald | April 15, 2009 | 1 Comment
I had an interesting discussion with a client this week. They were trying to understand how several recent outbreaks of malware had gotten past their existing defenses. In reviewing their architecture, it became clear that while they had an established process for patching Windows and Office, they hadn’t yet extended the process up the stack [...]
Category: Application Security Beyond Anti-Virus Tags: Application Security
by Neil MacDonald | April 10, 2009 | 10 Comments
As I have discussed, x86 hardware virtualization creates a new IT platform that must be securely maintained (e.g. patch, configuration and vulnerability management) like any other IT platform we are responsible for. This layer is extremely sensitive as a compromise of this layer puts all of the hosted VMs at risk. I’ve also discussed the [...]
Category: Beyond Anti-Virus Virtualization Security Tags: Security No-Brainer, Virtualization Security, Whitelisting
by Neil MacDonald | April 3, 2009 | 9 Comments
My previous post on whitelisting has generated a lot of comments. Buried in the comment stream, I made this statement: I look forward to the time (hopefully soon) when an industry consortium or worldwide standards effort brings together legitimate ISVs to create a shareable whitelist for all to use. Whitelisting is foundational to any information [...]
Category: Beyond Anti-Virus Endpoint Protection Platform Tags: Beyond Anti-Virus, Security No-Brainer, Whitelisting
