VMware yesterday said it has added more security vendor partners to its vShield product development programme in which security firms work with the company to develop data protection specifically designed for VMware's flagship virtualisation platform, which today is vSphere 5.0.
At a VMworld presentation, Allwyn Sequeira, VMware's chief technology officer of security and vice president of security and network solutions, announced that McAfee, Symantec, Sophos, Kaspersky Lab, BitDefender and Lumension Security were now signed as part of the vShield initiative. However, these new partners themselves made little fanfare about it and weren't represented on stage.
So far, only Trend Micro has been a VMware partner for vShield, developing anti-malware specifically designed with VMware for virtual machines using the agentless approach proposed to try and avoid the performance issues traditional agent-based anti-malware can engender when scanning virtualised environments. HP TippingPoint and Sourcefire have developed VMware-specific intrusion prevention systems.
McAfee begged off discussing vShield altogether but today, Sean Doherty, Symantec chief technology officer and vice president of the security group, said Symantec is looking at how it might leverage the vShield approach, but there were as yet no formal decisions about precisely what Symantec would do.
Symantec isn't totally in agreement with VMware's agentless approach. "We believe you can't totally do anti-malware without an agent," said Doherty, adding Symantec does expect to have something more decisive to say about vShield by the year's end.
Upsetting the ancien regime
Along with technical issues, there are political implications to the vShield approach for security vendors with a large installed base of customers, as the programme asks for considerable investment in time and money to develop new types of security products under VMware's oversight, plus sharing of threat detection information with vShield Manager.
Sequiera acknowledged the vShield programme in many respects "does represent a challenge to the status quo" and that sometimes new ideas may be "viewed with suspicion." He says it is up to VMware to prove its concepts about the agentless approach are viable, and Trend Micro, with its Deep Security product, "was the first to jump on this." But he said he expects the new vShield partners may end up with a different product outcome than Trend Micro.
The pressure to make vShield and its APIs a success is on VMware in some respects because VMware's earlier VMsafe APIs weren't that successful. Sequiera candidly acknowledges that, saying, "we got the APIs wrong the first time," adding that "the major security vendors have found it hard to integrate with VMsafe."
There are a handful of security products besides anti-malware in the market based on the VMsafe APIs, which are expected to be phased out eventually. VMware is reluctant to pin down an exact date, though some vendors anticipate end of next year.
Because VMware has so far reserved the role of software-based firewalls and data loss prevention under vShield to its own products, that has also contributed to unease among security vendors. But Sequiera says VMware is in discussions with Cisco on a firewall role in vShield. And there could be many other changes that could perk vendor interest. VMware insists its vShield APIs are open but in the early days of vShield has taken the approach of working very closely with a few selected vendors.
In general, the potential for building a new generation of security products specifically designed for VMware's virtualisation software may be just beginning. Sequiera said there is work underway with Intel to make use of the security and encryption available in the Trusted Platform Module (TPM) hardware.
VMware may have more to say about that by year end, but bringing in TPM use into virtualisation could provide strong authentication and security in the future.