Gartner Blog Network


Is Single Instance Security the Future?

by Neil MacDonald  |  June 6, 2011  |  Comments Off on Is Single Instance Security the Future?

I’ve been researching the intersection between virtualization and security for several years. Like security and cloud computing, virtualization and security is also following a maturity curve.

The first several years were discussions with clients on how to deploy virtualization securely.

Over the past 2 years, I’ve had an increasing number of calls on the virtualization of security controls such as firewalling/segmentation and intrusion prevention systems.

More recently, there’s been an increase in calls on using virtualization to do things better than we can do today. One great example is the notion of “single instance security”. I originally wrote about using virtualization to radically transform security back in 2008 (in this research note for clients).

Today, there are many offerings coming to market that use virtualization to make the security protection of multiple virtual machines more efficient and effective. One example is Trend Micro’s agentless AV solution (Deep Security) which uses VMware’s vShield Endpoint set of hypervisor-level APIs to offload AV scanning from multiple VMs to a single “security VM” – or, in other words, single instance security. You don’t have to use VMware’s APIs to transform security. Note that McAfee’s MOVE technology and offerings do this in a way that is hypervisor-neutral.

You can imagine the same approach being used for security policy enforcement such as behavioral monitoring, host-based intrusion prevention, application control and data loss prevention.

Single instance security in a virtualized environment provides the best of both worlds: the insight and context of a host-based agent combined with the single instance ease of management of a network-based approach.

These approaches are so powerful that we project that 40% of security controls used within data centers will be virtualized in 2015 up from less than 5% at YE2010.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: next-generation-security-infrastructure  virtualization  virtualization-security  

Tags: next-generation-security-infrastructure  virtualization  virtualization-security  vmsafe  vmware  vshield  vsphere  

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio




Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.