Blue Lane shields virtual machines

Blue Lane Technologies made available Thursday a software download the company says will serve to shield virtual machines from security threats lurking in network traffic.

With the added complexity and mobility in virtual production environments, enterprise IT managers need a more dynamic way to protect virtual servers, says Gregory Ness, vice president of marketing at Blue Lane. While firewalls and intrusion-detection systems watch traffic and protect assets in more static environments, VirtualShield can do the same in a network with changing configurations and mobile virtual machines, he says.

"With virtualization, customers have the ability to create more virtual machines in less time than they could with physical machines, which adds a heightened level of mobility but also makes more security issues possible," Ness says.

For instance, processes around testing and patching virtual servers could fall by the wayside as IT managers rush to roll out new servers, leaving systems vulnerable to security threats. "The issue of patching becomes problematic," he says.

VirtualShield for VMware Infrastructure 3 works at the hypervisor layer to protect virtual servers from threats in passing traffic. Once deployed, the software takes snapshots of the virtual servers on the hypervisor and "maintains a consistent inventory of virtual assets, such as open ports, active services and applicable application protocols," Blue Lane says.

VirtualShield watches for traffic that violates known security and patching policies. The software is then able to correct the threat and prevent the virtual machine from being exposed to the vulnerability. For instance, in the event of a remote attack, VirtualShield would protect the servers by applying "appropriate inline policies or replicating the corrective logic of software security patches in the network stream," Ness says.

Blue Lane, which competes with Determina and Reflex Security, says the software provides "real time" protection as virtual machines are moved throughout a data center, because it does not require IT managers to apply new code or security signatures to the virtual machines. IT managers can subscribe to protection content updates from Blue Lane, which would be applied to customer production environments "on-the-fly" without disrupting server availability, for example. Blue Lane says VirtualShield also can protect guest virtual machines running on VMware ESX Server hosts.

Blue Lane's VirtualShield is available now for download. The software costs about $500 per VMware Infrastructure 3. The company also offers management software to oversee multiple VirtualShields.