We secure the cloud: IBM Virtual Server Protection

In my previous blog posts, we talked about the new threats in virtualization and the new technologies to protect the cloud.

IBM Virtual Server Protection (VSP) focuses on those new threats in the virtual world and leverages those new technologies to protect it. It is a comprehensive solution for your virtual infrastructure. We just announced the new VSP 1.1.1 release in April 2013.

Agentless is one of the great features of VSP. As I mentioned in this blog post, being agentless is one of the key characteristics of the security solution in the cloud. It represents a low footprint, policy enforcement and an OS-independent solution.

Here are the other key features of VSP:

  • VMsafe integration

VSP uses the interface provided by VMware to do efficient packet inspection. It is the certified mechanism to provide network security on VMware’s hypervisor. VSP is delivered in a virtual appliance form factor.

  • Firewall and intrusion prevention

VSP is backed by the IBM X-Force team to provide protection against any upcoming attack. The ISS Protocol Analysis Module (PAM) is the engine behind the preemptive protection and was developed by the X-Force team. PAM provides many features, including IBM Virtual Patch technology, application control and so on.

ibm protocol analysis modular technology

  • Rootkit detection/prevention

VSP does nonintrusive rootkit detection in the virtual machine. According to Neil MacDonald from Gartner:

IBM has the first commercial implementation of a rootkit detection/prevention offering that works from outside of the virtual machine it is protecting and thus can detect rootkits using introspection even if the rootkit is cloaked to detection from anything running in the same OS container.

  • Inter-VM traffic analysis

VSP can inspect the inter-VM traffic. On the contrary, a traditional intrusion prevention system (IPS) could not do that because it only protected the network edge, and therefore it could only see the incoming and outgoing traffic from the host but not the inter-VM traffic. Here’s a quote from my own blog post:

Inter-VM traffic plays an important role in virtual infrastructure because we usually run more than one VM on a single host. VMs on the same host might attack each other and even form a botnet. If you underestimate the importance of the protection to the inter-VM traffic, your security solution is incomplete.

  • Automated protection for mobile VMs (VMotion)

The security policy goes with the virtual machine (VM). Therefore when VM migrates from host to host, all the security polices will still be enforced seamlessly.

  • Virtual infrastructure auditing

VSP can help an administrator to create an inventory and user activity report for auditing. VSP also performs automatic VM discovery in order to reduce virtual sprawl and provide security and visibility across the virtual infrastructure.

  • Virtual network access control 

By providing the quarantine capability, VSP could limit communications to and from the untrusted VMs to prevent the unauthorized creation or migration of the VM to access the network. An administrator could also quarantine the newly created VM and only allow it to access the patch server until all the security patches are applied.

  • SiteProtector integration 

IBM SiteProtector is the centralized management console of VSP. Administrators could use it to deploy the security policies and monitor their virtual infrastructure in a central place.

To sum up, VSP provides protection for any guest OS running on a VM. An administrator doesn’t need to reconfigure their network or install any agents on the VMs. Even the newly created VM or migrated VM will get protection right away. Since VSP deploys a secure VM (SVM) on the host, the footprint is minimal and makes the solution more efficient by eliminating a redundant processing task. For example, when the X-Force team releases a new security update, only SVM needs to apply it; then all the VMs will get benefit from it. That is the beauty of its agentless design.

IBM Security Virtual Server Protection offers the broadest, most integrated defense-in-depth virtualization security in one product. It provides automatic protection to every layer of the virtual infrastructure in a transparent way. In addition, VSP helps administrators meet regulatory compliance by providing security and reporting functionality in the virtual infrastructure. VSP currently only supports VMware, but hopefully we will add more hypervisor support in the future.

How do you think VSP can protect your virtual infrastructure? Leave a comment below or connect with me on Twitter @ChentaLee.

Share this post:

Add Comment
No Comments

Leave a Reply

Your email address will not be published.Required fields are marked *

More Archive Stories

Creating your own CI environment for OpenStack — Part 3

This is the final post in a series on continuous integration (CI) environments in OpenStack. In previous posts (Part I, Part II), I’ve discussed how a CI environment works and why you should consider creating your own instead of relying on the environment provided by OpenStack. Here I’ll talk about how to accomplish that.  What […]

Continue reading

IBM technical sessions at the OpenStack Summit in Paris

I’m getting ready to attend my seventh OpenStack Summit. I’ve been to every one since the Essex Summit in Boston, and I know how daunting it is to look at the schedule and try to pick what sessions to attend. Does the session description catch me? Does it sound like a vendor pitch? Do the […]

Continue reading

Are you an IT expense?

Do you remember the rise of the new economy 20 years ago? Blinded by the dot-com bubble potential, some argued dot-com would change economic principals. That did not happen. But the e-business era helped the world learn about the Internet’s potential as a business driver. Cloud technology challenges the traditional way to produce, deliver and […]

Continue reading