Gartner: Network virtualization will lead to security control changes

By , Network World |  Virtualization, Gartner, network virtualization

Gartner analyst Neil MacDonald's specialty is security, and he not only keeps a close eye on what security vendors are doing, but he's an advocate for change as fundamental network technologies evolve. Virtualization is having an enormous impact, leading to questions about the role of physical security appliances in a virtual world. MacDonald predicts by 2015, 40% of security controls in the enterprise data center will be virtualized, up from 5% in 2010. In a recent interview with Network World, MacDonald talked about the future of security in the virtual world.

MORE FROM GARTNER: Top 10 emerging infrastructure trends

To adapt to virtualized networks, some security vendors are coming up with software products they say are specialized for certain environments, such as VMware. But it was surprising to hear McAfee in announcing its latest antivirus software, Management for Optimized Virtual Environments (MOVE) 2.5, which support the VMware vShield security technology, which calls for an agentless approach, complain that the agentless approach is inadequate. They'd like VMware to change their views on agentless for vShield, saying agent-based is better. There seems to be industry tension over that right now. What's this all about?

McAfee came out and said it's not as good as running an agent inside the virtual machine (VM). And there's some truth to this. Buffer overflow protection, memory protection -- all the things they do inside, they can't do that with agentless. They lose all behavior heuristics. They can open the file and close the file. With MOVE 2.5, McAfee adds the agentless process. But McAfee is supporting both agent and agentless, and it's hypervisor-neutral.

So what's the issue with running agent-based antivirus software and virtual machines?

It's called "A/V storms," and it creates new amounts of traffic. Suppose they're all set to kick off at noon. You can set it as the admin, you say "randomize between 12 and 2." It's an answer, but not the best answer. Why do we keep scanning the same image and again? These VMware APIs let you scan it once. Kaspersky is supporting that but Symantec, not yet; they use a different architecture with Symantec Endpoint Protection 12.

VMware's work with these vShield security APIs over the years seems to be a contentious process. VMware now seems inclined to work only with specific security vendors. What do you think about it?


Originally published on Network World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question