I’ve talked with several vendors over the past week that are considering the virtualization of their security controls for placement into a virtualized environment. There are multiple dimensions of how disruptive this change can be:
1) Business model changes and significantly lower pricing for users. Some of them sell hardware-based appliances and are grappling with the potential for cannibalization if a software-based implementation displaces the need for their physical appliances. My counter-argument to them: sure, but if you don’t someone else will. And, a pure software-based business model can be more profitable (albeit with less cash flow) than one involving hardware. Early adopters can seize this disruption and use it to gain market share. Laggards will lose.
Ditto for endpoint protection vendors, the potential for using the virtualization layer as a new platform using introspection opens up the possibility of a single AV engine protecting every hosted workload on a server (including virtual desktop workloads). At that point do you pay for one copy or one for each workload protected? The answer will ultimately be somewhere in between. Again, early adopters can seize this disruption and use it to gain market share. Laggards will lose.
In both cases, good news for you: security gets to take advantage of Moore’s Law like the rest of IT and we start getting to pay less each year for equivalent functionality (or the same for more).
2) Buying center changes and new market entrants. The battle for control inside of the server. Sometimes the buyer is the virtualization server administrator, sometimes it is the traditional network security buying center. Interestingly, some host-based security vendors like Trend Micro (with its acquisition of Third Brigade) are new players in the emerging market for virtualized data center security. They have a large installed base of server protection buyers and can also stake a legitimate claim in this emerging market.
3) Reduction or elimination of proprietary hardware. The act of being virtualized forces a software-only model (at least until directed i/o becomes mainstream). Yes, virtualized security controls will have performance implications. Whether or not a virtualized security control makes sense will depend on what your requirements are for performance. Simply saying that a virtualized security control can’t be as fast as a physical control doesn’t mean much. The real question is “how much performance do you require”? I’m seeing test data using VMware’s VMsafe APIs in “fast path” mode for inline firewalling achieving in the 8 Gbps range inside of a server with 10 Gbps connections – almost line speed.
Let me be clear: I don’t expect organizations to eliminate their perimeter security defenses and I expect a hybrid physical/virtual/Cloud model will evolve where the virtualized security controls address blind spot in our architecture and where these controls intelligently coordinate inspection and policy enforcement among themselves
What I am saying is that the rules and the playing field are changing. There will be a significant shuffling of vendors and market share over the next 5 years. These changes have been at the heart of my research since 2007 and are gaining more and more relevance today.