- Google I/O 2013's Coolest Products and Services
- 10 Star Trek Technologies That are Almost Here
- 19 Generations of Computer Programmers
- 25 Must-Have Technologies for SMBs
Network World - Intrusion-prevention system (IPS) vendors have not found it easy to recast their appliances for use in the virtual-machine (VM) environment. But now McAfee and Sourcefire claim to have overcome some hurdles, at least with VMware's VM.
McAfee today said its Network Security Platform v.6, the evolution of what used to be called the IntruShield IPS, has added a way to inspect internal network traffic behind a VMware virtual-machine hypervisor by using agent-based software that runs on the hypervisor. To do that, McAfee has OEMd agent technology from Reflex Systems under a technology partnership.
The McAfee IPS agent software mirrors the traffic and transmits it through a secure channel to the McAfee IPS to do the assessment on the hardware box, says Greg Brown, McAfee vice president, of product marketing in network security. "We couldn't look at what was on the virtual machine before," he adds.
Doing the traffic inspection on a hardware box is seen as preventing strain on the VM itself with what would otherwise have to devote CPU cycles for IPS, Brown says. The McAfee Network Security Platform only supports VMware-based virtual machines in this manner today but McAfee is considering a similar approach for IPS for the Microsoft and Citrix virtual-machine environments. too.
The McAfee approach could be used not just by the enterprise but by cloud service providers to provide IPS security services. And that's why cloud service provider Savvis is testing the McAfee agent-based approach to IPS on VMware VMs in its data centers.
"We're limiting what traffic we hand off," says Ken Owens, vice president of security and virtualization technologies at Savvis. The McAfee agent software for the VMware hypervisor, based on Reflex technology, gets a first look at traffic and decides what to send over to the McAfee IPS appliance for inspection.
Owens acknowledges there is "always a kind of concern" with vendors that combine technologies since it raises questions such as how well they'll work together in the long run or whether one gets acquired. But the approach being tested out at Savvis would allow the cloud-service provider to use the McAfee IPS to inspect traffic for both traditional physical servers and virtual-machine servers.
Owens adds "cross-platform support" for Microsoft HyperV and Citrix Xen VMs is lacking today, a drawback since Savvis is looking at adding VM platforms.
Sourcefire is also reporting making progress in coming up with an intrusion prevention approach for the VMware environment.
VMware vShield App is VMware's application-aware firewall that can be installed on each VMware vSphere host to control and monitor traffic between virtual machines. VMware vShield Edge is a virtual appliance that provides firewall functionality, VPN, Web load balancing and other functions with the goal of eliminating the need for virtual LANs.