Top 5 Tools for Virtualization Security

In my last blog post, I listed a few security tools for the Cloud. I left out the virtualization security and has planned to have another post to list a few cool tools for the virtualization security. As the audience of this blog must know, the majority of Cloud environment leverages virtualization for the elasticity and dynamic scaling of the services although virtualization is not a precondition for the Cloud. This blog post lists 5 top tools for virtualization security.

1:  VMware (http://www.vmware.com) offers a free tool and two packaged commercial products for the virtualization security.

• ·         The free tool is VMware's Compliance Checker Tool and it is a fully-functional product that provides detailed compliance checks (such as FISMA, and PCI/DSS etc) against the VMware vSphere Hardening Guidelines. You can print Compliance Checker reports and run compliance checks across multiple ESX and ESXi servers at once.
• ·         VMware also offers a suite of vShield App with bundled price of $300/per VM. Here is the summary of the functionalities:

o   VMware vShield App: Protects applications in the virtual datacenter against network-based threats, essentially it is a virtual firewall and can filter the network traffic between VMs.

o   VMware vShield App with Data Security: this is new feature in vShield 5.0 and it can discover sensitive data from VMs and isolate the VMs with sensitive data (such as PII information) into a isolated security zone. A nice enhancement in deed in the Trusted Cloud and nice add-on for Data Loss Prevention on the Cloud.

o   VMware vShield Edge: Enhances protection for the virtual datacenter perimeter

o   VMware vShield Endpoint: Improves performance by offloading key antivirus and anti-malware functions to a security virtual machine, eliminating the antivirus agent footprint (AV Storm) in virtual machines

o   VMware vShield Manager: Security management framework included with all vShield products

o   VMware vShield Bundle: Includes all vShield products  vShield App with Data Security, vShield Edge, vShield Endpoint and vShield Manager, cost is  $ 300/per VM

• ·         VMware vCenter Configuration Manager:  provides auto compliance check and continuous compliance with out-of-the box templates and toolkits and thus provides enhanced security. Cost is $800/vm.

2: Catbird (http://www2.catbird.com/) offers vSecurity, vCompliance, vSecurity Cloud Edition and has win "10 Virtualization Vendors to Watch" in 2010 by ComputerWorld among other awards.

o   Catbird vSecurity: vSecurity consist of two elements: A virtual appliance, deployed inside each VMware or Xen host (NOT on each virtual machine) and a Catbird Control Center typically deployed in the Security Operations Center (SOC). A Catbird appliance is the eyes and ears of the virtual network, delivering the security protection from inside the virtual host. This applicance reports back to the Control Center, where the management and expert system reside. The Catbird Control Center provides a single enterprise-wide view of the security and compliance state of the virtual infrastructure. The Control Center is responsible for policy-based analytics and compliance workflow and reporting.

o   Catbird vCompliance:  vCompliance monitors and audits controls required by the leading regulatory standards organizations and supports the widest array of common security frameworks. vCompliance includes default policies for SOX, HIPAA, DIACAP and PCI; each policy is built upon Catbird controls which map to the appropriate compliance framework.

o   vSecurity Cloud Edition:  Cloud Edition features Integrating Catbird's comprehensive suite of services, including vulnerability monitoring, IPS/IDS, firewalling via TrustZones, Network Access Control (NAC), policy enforcement and many other critical features managed via a multi-tenant portal and has the following features:

o   24x7 vulnerability management with a fully compliant scanner that is automatically correlated with other virtual machine attributes to provide an accurate assessment of known defects against a specific and customizable compliance framework.

o   NAC-based enforcement for continuous monitoring of the virtual machine population, real-time inventory management, and the most accurate real-time VM catalog and virtual machine sprawl prevention

o   A multi-tenant management portal that provides compliance intelligence aggregation, management and reporting across physical, virtual, private and public clouds from a single dashboard, while ensuring the privacy of customer or departmental data.

3: HyTrust (http://www.hytrust.com/) appliance provides access control, authentication and authorization, policy management, security configuration management and auditable log aggregation for virtualized environment. HyTrust is tightly integrated with VMware and can be managed through a vCenter tab.

4: CloudPassage (http://www.cloudpassage.com/):  CloudPassage's Halo platform is offered as a security Software-as-a-Service. The major components of the Halo platform include:

o   Halo Daemon: The Halo Daemon is a very lightweight (~2 Mb) and well-protected software component that runs as a service on each cloud server. The Halo Daemon monitors important server security factors, e.g. IP addressing, installed software, running processes and open network ports. The Halo Daemon provides information to the Halo Grid as needed, and responds to commands from the Halo Grid to take actions such as updating iptables firewall rules.

o   Halo Grid: The Halo Grid is a powerful and sophisticated elastic compute cloud provides sophisticated analytics that evaluate data collected by the Halo Daemon, making decisions on exposures and compliance concerns to be reported and updates to security parameters such as iptables policies. The Halo Grid does the "heavy lifting" on behalf of the Halo Daemons, ensuring that customers' server resources and performance are preserved.

o   Halo Portal: The Halo Portal is the single pane of glass used to manage all Halo product capabilities. Policy configuration, review of compliance status, evaluation of reported exposures and even generation of Halo Daemon installation scripts are all provided through the Halo Portal.

5: Trend Micro(http://us.trendmicro.com): Trend Micro's Deep Security 8 offers anti-malware protection, firewall capabilities, intrusion prevention, Web application protection, integrity monitoring and log inspection for virtualized environment.

 It can be integrated with Trend Micro's SecureCloud 2, which provides encryption and data protection for cloud deployments. With this integration, it is possible for Deep Security to check the security profile of a system accessing encrypted content on SecureCloud and prevent access if the accessing system is lacking in security protections or has been infected by malware. Pricing for Deep Security 8 startes at $1,000 per server, with volume discounts available. Deep Security 8 is expected to ship by the end of the year 2011.