With the long weekend looming (well, technically starting today) I thought I would do a nice light post about the state of third party security and virtualization. I still have this debate once and awhile about what is better, vendor integrated solutions such as vShield, or third party solutions from security vendors. So what are the arguments for each side?
Starting from the platform integrated side, what I like about these types of solutions is that they are created from the code up. That is, they are designed with the operating environment in mind and security designed to work within the environment. While you might not get the largest breadth of solutions (they are coming though), they are stable and give the right visibility into the infrastructure. They are also tested heavily in every variation of the environment to anticipate any possible critical issues. There is also the nice feature of one throat to choke, as they can’t simply say “It’s the vendor’s issue.”.
From a third-party vendor side, security is derived from years of product design and testing. There is no question that the big players in the market are good at what they do from a security perspective. The question really is what happens when a award-winning product is modified to work within a virtual environment? The key issue I see (and this is not meant to reflect all vendors, there are some awesome solutions that I would recommend in a heartbeat) is that they are modified to work in virtual environments, not designed from the environment out. This means that you can’t possibly expect that they can react in every single state of the virtual environment. It might work beautifully in a static environment, but what if you vMotion? What if you have 10 VMs on a hypervisor, or 100? Does it scale? What about environments where you are running no O/S?
There is no right or wrong answer here. I really just want to highlight that when it comes to security and virtualization, it’s a complicated topic. Add to that the fact that from a security perspective, this is a fairly new discussion, and for security vendors, it’s a new approach to designing products. The only thing I can suggest that is when deciding which route you want to go in terms of securing your environment, make sure that you have a lot of testing time and that you have a D/R or business continuity plan in place, just incase.