Neil MacDonald

A member of the Gartner Blog Network

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Coverage Areas:

Is Single Instance Security the Future?

by Neil MacDonald  |  June 6, 2011  |  Comments Off

I’ve been researching the intersection between virtualization and security for several years. Like security and cloud computing, virtualization and security is also following a maturity curve.

The first several years were discussions with clients on how to deploy virtualization securely.

Over the past 2 years, I’ve had an increasing number of calls on the virtualization of security controls such as firewalling/segmentation and intrusion prevention systems.

More recently, there’s been an increase in calls on using virtualization to do things better than we can do today. One great example is the notion of “single instance security”. I originally wrote about using virtualization to radically transform security back in 2008 (in this research note for clients).

Today, there are many offerings coming to market that use virtualization to make the security protection of multiple virtual machines more efficient and effective. One example is Trend Micro’s agentless AV solution (Deep Security) which uses VMware’s vShield Endpoint set of hypervisor-level APIs to offload AV scanning from multiple VMs to a single “security VM” – or, in other words, single instance security. You don’t have to use VMware’s APIs to transform security. Note that McAfee’s MOVE technology and offerings do this in a way that is hypervisor-neutral.

You can imagine the same approach being used for security policy enforcement such as behavioral monitoring, host-based intrusion prevention, application control and data loss prevention.

Single instance security in a virtualized environment provides the best of both worlds: the insight and context of a host-based agent combined with the single instance ease of management of a network-based approach.

These approaches are so powerful that we project that 40% of security controls used within data centers will be virtualized in 2015 up from less than 5% at YE2010.

Comments Off

Category: Next-generation Security Infrastructure Virtualization Virtualization Security     Tags: , , , , , ,