McAfee to support VMsafe

The security company will support VMware ESX Server in an upcoming intrusion-prevention product
Written by Tom Espiner, Contributor

Security vendor McAfee has announced an agreement to use VMsafe virtualisation APIs to build VMware-compatible security products.

The VMsafe APIs, announced on Wednesday, will allow security vendors to build and sell VMware compatible security products.

McAfee products will include host-based intrusion prevention "to prevent tampering with VMware processes", according to McAfee chief technology officer Christopher Bolin.

The McAfee intrusion prevention product that supports VMsafe APIs will be available next quarter. The as-yet unnamed product will enable IT managers to monitor VMware images of virtual machines to gauge whether they have been compromised.

McAfee has yet to see an attack against VMware infrastructure, Bolin said. As VMware has not provided third-party access to its hypervisor through software development kits (SDKs), which may introduce vulnerabilities, VMware has so far escaped the security issues which have plagued other companies that encourage third-party software development, according to Bolin.

"The more you expose [software], the more vulnerable you are," said Bolin.

VMware has not opened up its core hypervisor, said Reza Malekzadeh, VMware senior director of products and marketing.

"VMware has announced a secure API which will allow virtual machines running third-party security software to access other virtual machines running within the same infrastructure," said Malekzadeh. "All code running from third parties will be running within a virtual machine, which by its very nature is isolated or 'sandboxed'."

Malekzadeh said VMsafe works on a trust model: customers have to select which virtual machines they want VMsafe-enabled security applications to access.

As third-party products would require digital certificates to run, VMware applications would be secure, McAfee added. Bolin said McAfee would have to develop virtualisation products that mitigated the possible compromise of digital certification.

"We will become a third party, but cusotmers can be very selective about what is run," said Bolin. "VMware will be a [digital certificate] signature authority; a malware attacker would have to go through the signing process."

However, digital certification was by no means a security failsafe, said Bolin.

"As any application or platform realises broad use, it becomes subject to attack," he said. "It's absolutely incumbent on all VMware partners to ensure there are no vulnerabilities where code is signed."

Editorial standards