I came across a news item about BlueLane's VirtualShield product for VMWare protection. See http://www.bluelane.com/products/
This looks very useful, labeit pricey for my "one-man" show. I was wondering;
1) Any knowledgeable reader aware of a similar "hypervisor layer" protection product, especially one that is not so expensive?
2) Anyone able to comment on BlueLane's offering?
3) Any recommendations on how best to protect a bunch of VMs running on one host, without wasting cpu on having firewall/anti-virus/anti-spy on every guest OS?
Apologies if this has already been discussed - I am a newbie. Just give me some links, if that is more appropriate.
So... what you're saying is that tuning signatures keeps your team in shape... and if they had a solution that could prevent successful attacks they would get lazy?
They COULD get lazy - I've seen this far to often.
"Hey lets' buy a firewall - plug it in and we are safe (and forget that there's more to this)."
The app and protocol decoding at the core of the system is very new.
No - app and protocol decoding is rather old when thinking in IT periods of time. The principles of decoding and analyzing any layer 4-7 protocol haven't changed.
Face it... the days of signature-processing/tuning and throwing processor cycles and custom chips at the problem are over
I never said that IPS are a solution to this problem - they never were a solution and they never will be - they are an additional security layer you could use (to a greater or lesser extent).
Server security without tuning,...
Security without tuning isn't possible.
BTW: I expect IPS to be obsolet in less than 3 years.
Then again, maybe Patch Tuesday, etc and reboots give you a sense of purpose...
I didn't say that I have no interest in it - I will definitely give it a try. But as I said before - I don't expect it to be the philosopher's stone.
I have seen far to many "cool new things" in IT security - therefore I step gently.
There's nothing wrong using BlueLane VS (or any other product) - if you don't get trapped with its features and get a wrong feeling of safety (the laziness again).
I think the risk of overtaxed ops and security teams trying to keep up with attack mutations with ASICS is exponentially more critical than the risk of lazy security/ops teams relaxing behind network security appliances that actually do what they say they do. Ultimately the same reservation could be brought up with any innovative technology. If the tuning sweat keeps you honest and you're not concerned with the increasing demands facing sig/ASIC solutions than by all means enjoy the hamster wheel.
From a netsec standpoint the app and protocol decoding (across multiple protocols) is new. Thats why Bluelane has stood out in reviews, etc.
Certainly IPS is a layer. These days that is the only defense left. They introduce latency, operational drain and availability risks... but they do provide some valuable protection. I guess the question is how long they'll be able to keep up with exploit permutations.
Server security without tuning will be possible if you install Blue Lane.
Agree with you that no tech is a panacea. Thats why company's need security and ops pros...
No, not getting your point. It is another tool in the tool belt. No one it saying it solves every problem. It is a very interesting product and one that will help out a lot of companies in their effort to secure their virtual infrastructure. Right now I just need some time to I can properly kick the tires of the product before I heop to roll it out across our 25 ESX hosts.
IF any one has any experience with the product and can talk to how there process and procedures for patching have changed our how it has allowed them to do things differently it owuld be greatly appreciated.