by Neil MacDonald | June 6, 2011 | Comments Off on Is Single Instance Security the Future?
The first several years were discussions with clients on how to deploy virtualization securely.
Over the past 2 years, I’ve had an increasing number of calls on the virtualization of security controls such as firewalling/segmentation and intrusion prevention systems.
More recently, there’s been an increase in calls on using virtualization to do things better than we can do today. One great example is the notion of “single instance security”. I originally wrote about using virtualization to radically transform security back in 2008 (in this research note for clients).
Today, there are many offerings coming to market that use virtualization to make the security protection of multiple virtual machines more efficient and effective. One example is Trend Micro’s agentless AV solution (Deep Security) which uses VMware’s vShield Endpoint set of hypervisor-level APIs to offload AV scanning from multiple VMs to a single “security VM” – or, in other words, single instance security. You don’t have to use VMware’s APIs to transform security. Note that McAfee’s MOVE technology and offerings do this in a way that is hypervisor-neutral.
You can imagine the same approach being used for security policy enforcement such as behavioral monitoring, host-based intrusion prevention, application control and data loss prevention.
Single instance security in a virtualized environment provides the best of both worlds: the insight and context of a host-based agent combined with the single instance ease of management of a network-based approach.
These approaches are so powerful that we project that 40% of security controls used within data centers will be virtualized in 2015 up from less than 5% at YE2010.
View Free, Relevant Gartner Research
Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.Read Free Gartner Research
Category: next-generation-security-infrastructure virtualization virtualization-security
Tags: next-generation-security-infrastructure virtualization virtualization-security vmsafe vmware vshield vsphere
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.