Virtual Security Gets a Boost
How secure is your virtual environment? Recent US-CERT Cyber Security Bulletins list several vulnerabilities for versions of software from VMware that allow attackers to cause denial of service attacks, generate buffer overflows, expose password logging and gain unauthorized privileges that can be used to hijack processes. The exposures have been addressed in patches by the company, but concern has been growing that virtual machines may get less security-related attention from IT staff than physical boxes.
Reflex Security, which develops virtual security software, has enhanced access control functionality and device visibility in its Virtual Security Appliance (VSA). VSA discovers virtual assets and maps them so users can attain a visual view of the virtual infrastructure that is being secured. The new functionality, expected in the next couple of months, will allow users to drill down into the virtualized network infrastructure.
The software profiles the virtual network state, assets, services and communication flows dynamically and provides anti-virus, anti-spyware, network discovery and network policy enforcement services. VSA supports VMware ESX Server, XenSource and Virtual Iron.
"Reflex VSA's ability to expose the virtual network to the security manager and protect it from threats is a proven asset, and the first of its kind in the industry," said Hezi Moore, CTO of Reflex. "Our development is building upon VSA's visibility functionality to add virtual server access control which will invoke permission-based controls for users that can add or remove virtual machines and virtual network components."
Get daily news from THE Journal's RSS News Feed
About the author: Dian Schaffhauser is a writer who covers technology and business for a number of publications. Contact her at firstname.lastname@example.org.
Proposals for articles and tips for news stories, as well as questions and comments about this publication, should be submitted to David Nagel, executive editor, at email@example.com.