VMware's new security feature, VMsafe, is a major improvement to security in a virtual environment because it allows visibility of incoming data, say analysts.
The virtual hypervisor, often considered a black hole for security technologies because most security tools assume that each virtual host is a physical server, is the Achilles heel of virtualisation, according to Jon Oltsik, senior analyst for Enterprise Strategy Group.
This feature has meant an inability to check malicious code entering the virtual environment. But the announcement of VMsafe this week may address that problem, said Oltsik.
Today, most malware runs in the very same operating system layer as host-based security software, which allows attackers to target the operating system kernel, turn off security protection, hide in device drivers, and stay obscured from security software. VMsafe allows security professionals to frisk malicious code before it enters the virtual host.
"At a high level, VMsafe is a set of APIs that provide "outside-in" visibility into the hypervisor. In other words, security tools will be able to inspect I/O traffic, operating system instructions, and data written to memory BEFORE they hit the virtual hosts," said Oltsik.
