Virtualization Technology News and Information
Network Computing Takes A Look at Blue Lane VirtualShield

Network Computing put Blue Lane VirtualShield to the test and found its unique patching approach an effective way to protect against remotely exploitable vulnerabilities targeting VMware.  The review starts with:


In many ways, security in a virtualized environment IS no different from security in the real world: You plan for defense-in-depth with host-based and network-access controls, and set security systems to monitor traffic where appropriate. For added protection, there are a few security "virtual appliances" available at VMware's Virtual Appliance Marketplace. We decided to test one, Blue Lane Technologies' VirtualShield, in our University of Florida Real-World Labs®.

According to its billing, VirtualShield removes malicious content from network traffic before it reaches your virtual servers, a technique the company calls "inline patching." This guards against new vulnerabilities, often well before vendors release fixes, and lets IT safely run legacy apps for which patches may no longer be issued.

At press time, VirtualShield was one of just two virtual appliances (VAs) we've seen intended to protect virtual machines (VMs) running under VMware. The other, Reflex Security's VSA, is an IPS (intrusion-prevention system) that runs in ESX and protects virtual servers. Blue Lane distinguishes itself by taking the approach of patching network traffic, rather than just blocking the evil stuff.

Although still new and needing some polish, VirtualShield is innovative and well-executed. The core functionality works as advertised, and Blue Lane, a four-year-old pre-IPO start-up, seems committed to refining its technology. The company's willingness to rapidly correct problems discovered during our tests makes us feel very comfortable recommending VirtualShield, especially since the product brings the capability of Blue Lane's two-year-old PatchPoint appliance inside VMware ESX server at an attractive price: $599 per year for a dual-processor server, compared with a $7,500 cost of entry for Blue Lane's physical appliance.


And jumping ahead, they try to answer the question, should you buy?

We've established that VirtualShield is cool, but do you really need it? If your company has excellent procedures for patch management on servers and the workstations that access them, downtime windows that let you get patches installed promptly, and good firewall separation from the Internet, probably not--though for the price, you may want the added peace of mind. Another crucial factor to ponder is whether Blue Lane's list of protected OSs and apps covers your environment, keeping in mind that policies can be used to protect many otherwise uncovered vulnerabilities, especially common problems in PHP Web apps.

If you run critical servers on VMware and have uptime requirements or strict change-control processes that make it difficult to patch in a timely manner, Blue Lane's VirtualShield may be just the ticket. It could also be useful in environments with a large number of virtual servers managed by different groups, but housed together, and where it's hard to ensure that each group is keeping its servers well maintained.

With the bad guys planning to release new exploits right after Microsoft and other vendors ship their monthly patches--thus ensuring almost a month without protection--Blue Lane's quick action on newly discovered exploits could really save your servers.

Read the entire review and the review process, here.

Published Saturday, May 26, 2007 9:10 PM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<May 2007>