Virtualization Technology News and Information
Another Virtualized Solution for VM Security...

Christofer Hoff takes a deeper look and asks questions about Relex VSA and Blue Lane's technology.  Take a look here.

I  got an email reminder from my buddy Grant Bourzikas today pointing me to another virtualized security solution for servers from Reflex Security called Reflex VSA.  VSA stands for Virtual Security Appliance and the premise appears to be that you deploy this software within each guest VM and it provides what looks a lot like host-based intrusion prevention functionality per VM.

The functionality is defined thusly:

Reflex VSA solves the problem that traditional network security such as IPS and firewall appliances currently can not solve: detecting and preventing attacks within a virtual server. Because Reflex VSA runs as virtualized application inside the virtualized environment, it can detect and mitigate threats between virtual hosts and etworks.

Reflex VSA Features:
        • Access firewall for permission enforcement for intra-host and external network communication
        • Intrusion Prevention with inline blocking and filtering for virtualized networks
        • Anomaly, signature, and rate-based threat detection capability        
        • Network Discovery to discover and map all virtual machines and applications
        • Reflex Command Center, providing a centralized configuration and management console, comprehensive reporting tools, and real-time event aggregation and correlation

It does not appear to wrap around or plug-in to the HyperVisor natively, so I'm a little confused as to the difference between deploying VSA and whatever HIPS agent a customer might already have deployed on "physical" server instantiations.

Blue Lane's product addresses this at the HyperVisor layer and it would be interesting to me to have the pundits/experts argue the pros/cons of each approach.

I'm surprised most of the other "security configuration management" folks haven't already re-branded their agents as being "Virtualization Compliant" to attack this nascent marketspace. < :rolleyes here: >

It's good to see that folks are at least owning up to the fact that intra-VM communications via virtual switches are going to drive a spin on risk models, detection and mitigation tools and techniques.  This is what I was getting at in this blog entry here.

I would enjoy speaking to someone from Reflex to understand their positioning and differentiation better, but isn't this just HIPS per VM?  How's that different than firewall, AV, etc. per VM?

Check out his Rational Security site and read his original post, here.

Published Tuesday, March 20, 2007 6:40 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<March 2007>