Sourcefire to add blocking capabilities to virtualization security wares

Pledges intrusion-prevention capability for virtualization platforms

Sourcefire Tuesday pledged its Sourcefire 3D System will deliver full intrusion-protection blocking capability for both the VMware-based and Xen-based virtual machine platforms. At present, it's limited to intrusion-detection monitoring and alerting.

Security of virtualization, cloud computing divides IT and security pros

"We will be able to block traffic in the VMware versions and this Xen version by year-end," says Richard Park, senior product manager at Sourcefire, which Tuesday announced monitoring-only intrusion-detection capability for the Xen 3.3.2 and 3.4.2 virtualization platforms. Software-based virtual appliances from Sourcefire can monitor traffic between two or more VMs, or between physical hosts and VMs.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Sourcefire Tuesday pledged its Sourcefire 3D System will deliver full intrusion-protection blocking capability for both the VMware-based and Xen-based virtual machine platforms. At present, it's limited to intrusion-detection monitoring and alerting.

Security of virtualization, cloud computing divides IT and security pros

"We will be able to block traffic in the VMware versions and this Xen version by year-end," says Richard Park, senior product manager at Sourcefire, which Tuesday announced monitoring-only intrusion-detection capability for the Xen 3.3.2 and 3.4.2 virtualization platforms. Software-based virtual appliances from Sourcefire can monitor traffic between two or more VMs, or between physical hosts and VMs.

Sourcefire is turning its attention to Xen because "it's open source, and Xen is being adopted by some cloud providers," Park says. He notes that both the Xen- and VMware-based virtual sensors can share information with a central management console.

Sourcefire last December shipped 3D System 4.9 and VMware-based virtual appliances, its first intrusion detection/prevention product designed specifically for virtualized environments. But the Sourcefire software-based virtual appliances for protecting ESX, ESXi and vSphere 4.0 are limited to monitoring and intrusion detection, not full-blown intrusion protection with blocking capability.

Despite technical hurdles in adapting the full strength of its traditional IPS to a virtualized environment, Sourcefire says it's making progress and anticipates having the blocking capability for both virtualization platforms by year-end.

Read more about security in Network World's Security section.