VMware yesterday said it has added more security vendor partners to its vShield product-development program in which security firms work with the company to develop data protection specifically designed for VMware's flagship virtualization platform, which today is vSphere 5.0.
Slideshow: Products at VMworld
At a VMworld presentation, Allwyn Sequeira, VMware's chief technology officer of security and vice president of security and network solutions, announced that McAfee, Symantec, Sophos, Kaspersky Lab, BitDefender and Lumension Security were now signed as part of the vShield program. However, these new partners themselves made little fanfare about it and weren't represented on stage.
So far, only Trend Micro has been a VMware partner for vShield, developing anti-malware specifically designed with VMware for virtual machines using the agentless approach proposed by VMware to try and avoid the performance issues traditional agent-based anti-malware can engender when scanning virtualized environments. (HP TippingPoint and Sourcefire have developed VMware-specific intrusion-prevention systems.)
McAfee begged off discussing vShield altogether but today, Sean Doherty, Symantec chief technology officer and vice president of the security group, said Symantec is looking at how it might leverage the vShield approach, but there were as yet no formal decisions about precisely what Symantec would do.
Symantec isn't totally in agreement with VMware's agentless approach. "We believe you can't totally do antimalware without an agent," said Doherty, adding Symantec does expect to have something more decisive to say about vShield by yearend.
Along with technical issues, there are political implications to the vShield approach for security vendors with a large installed base of customers as the vShield program asks for considerable investment in time and money to develop what are new types of security products under VMware's oversight, plus sharing of threat-detection information with vShield Manager in a middleware approach.
In an interview with Network World, Sequiera acknowledged the vShield program in many respects "does represent a challenge to the status quo" and that sometimes new ideas may be "viewed with suspicion." He says it is up to VMware to prove its concepts about the agentless approach are viable, and Trend Micro, with its Deep Security product, "was the first to jump on this." But he said he expects the new vShield partners may end up with a different product outcome than Trend Micro.
The pressure to make vShield and its APIs a success is on VMware in some respects because VMware's earlier security API , the VMsafe APIs, weren't that successful. Sequiera candidly acknowledges that, saying, "we got the APIs wrong the first time," adding that "the major security vendors have found it hard to integrate with VMsafe."
There are a handful of security products besides anti-malware in the market based on the VMsafe APIs, which are expected to be phased out eventually. VMware is reluctant to pin down an exact date, though some vendors anticipate end of next year.
Because VMware has so far reserved the role of software-based firewalls and data-loss prevention under vShield to its own products, that has also contributed to unease among security vendors. But Sequiera says VMware is in discussions with Cisco on a firewall role in vShield. And there could be many other changes that could perk vendor interest. VMware insists its vShield APIs are open but in the early days of vShield has taken the approach of working very closely with a few selected vendors.
In general, the potential for building a new generation of security products specifically designed for VMware's virtualization software may be just beginning. Sequiera said there is work underway with Intel to make use of the security and encryption available in the Trusted Platform Module (TPM) hardware. VMware may have more to say about that by year-end, but bringing in TPM use into virtualization could provide strong authentication and security in the future.