Virtual Physical Security
By Steven J. Vaughan-Nichols, CIO.com,
Running virtual machines is easy. It's managing and securing them that's the problem, according to both users and analysts. Check Point Software Technologies thinks it has an answer: the VPN-1 VE (Virtual Edition).
The VPN-1 VE is a VMware-certified virtual application, which is designed to secure VMware virtual servers and applications by making them act as if they were on separate physical servers. While Check Point claims that it's the "first company to provide unified security management for both physical networks and virtual applications," the concept is used by other vendors in the still new field of virtualization security. For example, Apani's EpiForce VM takes a similar approach.
Check Point's VPN-1 VE will, however, integrate with pre-existing Check Point security infrastructure. This should result with in a significant management saving since administrators will be able to run both virtual and the more usual server and network security tasks from one interface.
The VE is part of Check Point's VPN-1 Power VSX virtualization security suite. Power VSX, a virtualized security gateway, allows managed service providers and corporations to consolidate up to 250 VMware virtual security systems. This package includes firewall, virtual private network (VPN) and intrusion prevention on a single hardware application platform.
What VE adds to the package is a way to quickly deploy a VMware ESX or ESXi reconfigured security setup without requiring additional hardware devices. It also, according to Check Point, "strengthens auditing, compliance and risk management with unified logging for the entire security infrastructure, including virtual environments."
It sounds good, but does this approach of treating virtual systems as if they were physical servers really work? In general, Gartner analyst Neil MacDonald isn't crazy about this approach, he says. "Many organizations mistakenly assume that their approach for securing [virtual machines] will be the same as securing any operating system and thus plan to apply their existing configuration guidelines, standards and tools. While this is a start, simply applying the technologies and best practices for securing physical servers won't provide sufficient protection," he says.
And as Dan Kusnetzky of the Kusnetzky Group IT consultancy points out, there are many virtualization security programs vying for your attention now. "Security is an area of intense focus. Neocleus, Qumranet, Fortisphere, Fortinet and a few others have products that address some aspect of creating a secure environment."
A wise CIO is going to take a long hard look at several proposed virtualization security programs before committing to one. It's also noteworthy that this is a VMware specific security solution. VMware, as anyone who has been following the company knows, recently released a patch that actually knocked out ESXi servers.
Copyright © 2008 IDG. All rights reserved.