RealTime IT News

Virtual Security? The PHANTOM Knows.

Securing a virtualized environment? If you're asking IBM, only the PHANTOM knows.

Big Blue announced today what it calls the Proventia network virtual intrusion prevention system (VIPS). Officials said it's the first in a series of products to come from its PHANTOM initiative, a corporate-wide research project aimed at securing the virtualized environment.

This is based on the Proventia physical intrusion prevention system (IPS) appliance and runs under VMware (NYSE: VMW).

Other virtual appliances in the works from PHANTOM, to be rolled out later, will be based on IBM's (NYSE: IBM) Proventia Enterprise Scanner and Proventia Multi-Function appliances. The Proventia product line is based on technology from Internet Security Systems (ISS), which IBM bought for $1.3 billion in late 2006.

"There will be a series of releases of our technology in the physical form factor being offered in the virtual form factor," Josh Corman, principal security strategist at IBM Internet Security Systems told InternetNews.com. "IPS as released today is one of the first."

By offering a virtual appliance for intrusion prevention, IBM is moving into two areas that could be very profitable -- security and virtual appliances.

Intrusion prevention enhances security by going beyond simple detection of an attack's signature, or methodology, to detecting random attacks without signatures. Meanwhile, virtual appliances are catching on in the enterprise because they are less expensive to purchase and maintain than their physical counterparts.

Virtual appliances also boost security in virtualized environments, which require a new approach to security. "As we adopt virtualization, an entire network could reside within a single appliance or server and that has become a blind spot for traditional physical intrusion protection systems," IBM's Corman said.

The solution is to leverage the virtualized environment to provide security, according to Corman. The major virtualization vendors have already moved to enable this. "VMware has VMsafe APIs (application programming interfaces) to let third parties leverage their platform, and Microsoft (NASDAQ: MSFT) with Hyper-V and Citrix (NASDAQ: CTXS) with Xen offer their own APIs," Corman said.

VMsafe is an interface that lets enterprises protect multiple virtual machines (VMs) running on a physical server using only one installed security application. "If I have 10 guest operating systems running on a physical server, I can leverage the virtual infrastructure to have one single instance of the inspection engine instead of having one on each operating system," Corman said.

Recognizing the market potential for virtual appliances, VMware has simplified its creation and management. At VMworld 2008, held in Las Vegas earlier this month, it unveiled a free tool, VMware Studio, which makes it easier to create and manage virtual appliances. It also updated its virtual appliance certification program, renaming it the VMware Ready Program.

IBM's approach of leveraging the virtual environment to protect multiple VMs with one security package is not the only one. StoneSoft, which last week unveiled its own VIPS appliance running under VMware, takes a different approach from IBM. Its StoneGate IPS virtual appliance has to be installed individually on each VM on a physical server.

"One of the biggest problems people have with VMware is network efficiency," Greg Mead, StoneSoft's senior solutions architect, told InternetNews.com. "We offload a lot of the processing load into the virtual space rather than moving them over the wire to a physical device."

This approach enhances business continuity and disaster recovery. Virtualization experts advocate moving security into the virtual machine.

So why is IBM taking the opposite approach? In Mead's view, "they have to because they create ASICs (application specific integrated circuit) appliances. These are the physical appliances IBM is now virtualizing through the PHANTOM project.