New Security Tools Protect Virtual Machines

5-product test reveals differences between Reflex, Catbird, Beyond Trust, Hytrust and Trend Micro.

virtualization_security_1-100345750-orig.jpg
Credit: http://www.networkworld.com/slideshows/2011/030711-virtualization-security-test.html
Beyond Trust Power Broker

BeyondTrust made its name in securing Linux and Unix servers, where it enables root-like execution of commands and shell scripts without actually having to be logged in with root privileges. It has taken this concept to the virtual world, to include the ability to secure VMs in a similar fashion.

Read a more indepth story version.

virtualization_security_2-100345751-orig.jpg
Credit: http://www.networkworld.com/slideshows/2011/030711-virtualization-security-test.html

BeyondTrust's Web interface isn't the strongest, but here you see the collection of VMs under protection.

This is a very powerful product, but its power is based on its extensive custom scripting language that is all command-line based. If you are comfortable with Linux and command lines, this is the product for you.

virtualization_security_3-100345752-orig.jpg
Credit: http://www.networkworld.com/slideshows/2011/030711-virtualization-security-test.html
Catbird vSecurity

Catbird can manage non-VMware hosts, including Citrix Xen hosts along with any VMs that are running on Amazon's Web Services infrastructure (which also runs Xen). It does this via an Open Virtual Data Format agent that is installed on each host.

virtualization_security_4-100345753-orig.jpg
Credit: http://www.networkworld.com/slideshows/2011/030711-virtualization-security-test.html
Catbird's classic UI dashboard showing operating risk index, alerts and a weekly flow summary

Catbird has a deep set of security policies and practices that are built on the stalwarts of the physical world: Snort's intrusion detection and Saint's vulnerability scanner. The policy creation process is somewhat complex, but it is nothing that a regular firewall admin couldn't learn within a few hours.

virtualization_security_5-100345754-orig.jpg
Credit: http://www.networkworld.com/slideshows/2011/030711-virtualization-security-test.html
Trend Micro Deep Security

Trend Micro purchased Third Brigade and has incorporated its features into Deep Security. The product has a variety of protective modules, including agent or agentless firewall/IDS, anti-malware, and Web application protection.

virtualization_security_6-100345755-orig.jpg
Credit: http://www.networkworld.com/slideshows/2011/030711-virtualization-security-test.html

Trend's main dashboard is very graphical and gives you at a single glance a good picture of the security posture of your entire VM collection.

As you might suspect from a consumer-focused software company, the Web management interface is very attractive and the dashboard has a lot going on. At a glance you can see your entire VM collection, whether any protective measures have been installed, and what alerts have been reported.

virtualization_security_7-100345756-orig.jpg
Credit: http://www.networkworld.com/slideshows/2011/030711-virtualization-security-test.html
Reflex Systems Virtual Management Center

Of the five products tested, Reflex's Virtual Management Center is the most comprehensive, with modules in three broad areas that we examined -- auditing/compliance, firewall/intrusion detection and access controls. These modules are knit together with separate reporting and management consoles. That is a lot to handle, to be sure.

virtualization_security_8-100345757-orig.jpg
Credit: http://www.networkworld.com/slideshows/2011/030711-virtualization-security-test.html

Compliance reports are easy to read with Reflex Systems.

There are three different modules managed by its Windows-based Virtualization Management Center: vTrust (the virtual firewall protection), vWatch (which handles performance and resource monitoring), and vProfile (for configuration management).

virtualization_security_9-100345758-orig.jpg
Credit: http://www.networkworld.com/slideshows/2011/030711-virtualization-security-test.html
Hytrust Appliance

All of Hytrust's operations are performed with a browser connecting to its appliance. Screens are fairly uncluttered and its menu structure is simple to understand. Within an hour of getting the device setup, you can be off and running, protecting your virtual network and producing intelligent reports.

virtualization_security_10-100345759-orig.jpg
Credit: http://www.networkworld.com/slideshows/2011/030711-virtualization-security-test.html

Hytrust comes with a variety of compliance templates that are extremely detailed that it uses as the basis of its remediation.

Hytrust offers easy setup. There aren't multiple servers or agents to install, it all just works out of the gate. One nicety is that they have a VMware vClient plug-in. When installed, an extra "Hytrust" tab shows up at the top of the selection area and clicking on it will bring up the same view that you would see in the browser.

Read a more indepth story version.