Virtual Security? The PHANTOM Knows.
IBM's PHANTOM project aims to detect ghosts in the virtual machine.
Securing a virtualized environment? If you're asking IBM, only the PHANTOM knows.
Big Blue announced Wednesday what it calls the Proventia network virtual intrusion prevention system (VIPS). Officials said it's the first in a series of products to come from its PHANTOM initiative, a corporate-wide research project aimed at securing the virtualized environment.
This is based on the Proventia physical intrusion prevention system (IPS) appliance and runs under VMware (NYSE: VMW).
"There will be a series of releases of our technology in the physical form factor being offered in the virtual form factor," Josh Corman, principal security strategist at IBM Internet Security Systems told InternetNews.com. "IPS as released today is one of the first."
By offering a virtual appliance for intrusion prevention, (define) IBM is moving into two areas that could be very profitable -- security and virtual appliances.
Intrusion prevention enhances security by going beyond simple detection of an attack's signature, or methodology, to detecting random attacks without signatures. Meanwhile, virtual appliances are catching on in the enterprise because they are less expensive to purchase and maintain than their physical counterparts.
Virtual appliances also boost security in virtualized environments, which require a new approach to security. "As we adopt virtualization, an entire network could reside within a single appliance or server and that has become a blind spot for traditional physical intrusion protection systems," IBM's Corman said.
The solution is to leverage the virtualized environment to provide security, according to Corman. The major virtualization vendors have already moved to enable this. "VMware has VMsafe APIs (application programming interfaces) to let third parties leverage their platform, and Microsoft (NASDAQ: MSFT) with Hyper-V and Citrix (NASDAQ: CTXS) with Xen offer their own APIs," Corman said.
VMsafe is an interface that lets enterprises protect multiple virtual machines (VMs) running on a physical server using only one installed security application. "If I have 10 guest operating systems running on a physical server, I can leverage the virtual infrastructure to have one single instance of the inspection engine instead of having one on each operating system," Corman said.
Recognizing the market potential for virtual appliances, VMware has simplified its creation and management. At VMworld 2008, held in Las Vegas earlier this month, it unveiled a free tool, VMware Studio, which makes it easier to create and manage virtual appliances. It also updated its virtual appliance certification program, renaming it the VMware Ready Program.