VMsafe APIs will be for many but not for all

Posted by virtualization.info Staff   |   Tuesday, March 3rd, 2009   |  

vmware logo

As virtualization.info wrote many times, with VMsafe APIs VMware has the unique chance to shake up the security world.
But as long as VMware has this privileged position in the IT industry to drive innovation across so many market segments, its challenges and responsibilities are much bigger than the ones of many other vendors.

The VMsafe initiative was announced exactly one year ago. In these twelve months the only ones that could really see what can and cannot be done with the new APIs are a restricted number of security partners that VMware recruited.

Now that VMsafe is about to be released as part of the vSphere 4.0 platform, more details emerge and at least a couple of them may raise concerns.

The first concerning point is that the security vendors will not fully unlock the capabilities of VMsafe.

At their first release the APIs allow out-of-band inspection of any resource inside the virtual infrastructure: the virtual memory, storage and networking will be fully exposed to any security product sitting outside the protected guest operating systems.

This would allow the security partners to remove their inspection/remediation agents from inside the virtual machines, saving precious resources, preventing any attack that tries to disable them, and granting a 360 degrees vision of where/how the malware is spreading inside the virtual data center.

Unfortunately this is not what the security vendors will do once the VMsafe interface will be public.

As they are developed today, the APIs will provide a huge amount of unstructured data, which basically is the dump of the virtual memory, virtual networking or virtual storage.

Inside this big chunk of information the security vendors don’t have too many problems in finding out the signature of a well-known malware, but they certainly have serious issues in identifying, for instance, the file system structures and the files where the malware is hidden.

For this reason none of the VMware partners will really use VMsafe to remove the malware.
The APIs will be used only for detection while customers will have to install agents as usual to remove any malicious code inside the guest operating systems.
And of course this implies that any attack vector can still try to disable the protections and spread around before it’s fully neutralized.

So before we’ll see a real out-of-band security infrastructure inside our virtual data center some more time will have to pass.

The second concerning point is that not every security vendor will have access to the VMsafe APIs.

At a point in time after the VMsafe GA, VMware will disclose the APIs to the general public, but it will continue to give the execution key only to recognized security vendors.

Right now and for the time to come VMware accepts new VMsafe partners only after they submit some detailed documentation about the vendor identity and its plans to use the APIs.
The review process doesn’t involve money but cannot be skipped.

The company says that this is done to avoid that any untrusted entity can access the interface and develop a new class of attack tools but this basically means that VMware is in control of who can and cannot access its interfaces.

This has some dangerous implications:

  • the credibility that the biggest vendors have grants them a competitive advantage over any other firm in the security space, as they can access the APIs before anybody else
  • a stealth startup that is trying to protect its innovation before the official launch has no chances to access the VMsafe code unless it discloses its plans
  • VMware may directly or indirectly influence the security market slowing down its review process for some applicants

and so on.

If VMsafe will become relevant in the security industry then VMware may be obliged to seriously reconsider this approach.


Labels: ,

blog comments powered by Disqus


virtualization.info Newest articles
Release: VMware vRealize Log Insight 4.5

June 13th, 2017

Log Insight is a log aggregation, management and analysis tool, that VMware first introduced in 2013 and considered a competitor of Splunk.
Yesterday VMware announced the release of version 4.5, available for…

Release: VMware vRealize Automation 7.3

June 6th, 2017

Today VMware announced the latest release of its cloud management platform vRealize Automation, former vCloud Automation Center.
VMware vRealize Automation 7.3 release notes can be found at this link.

The…

Paper: Introducing the NSX-T Platform

February 9th, 2017

“We see greater potential strategic opportunity in NSX over the next decade than our franchise product vSphere has had for the past decade.”
said VMware’s CEO Pat Gelsinger talking about…

Paper: VMware vSphere Virtual Machine Encryption Performance

November 22nd, 2016

Encryption of virtual machines is something that has been requested for years by the security community. VMware continued to postpone its implementation due to the negative operational impact that many…

Quest Software leaves Dell

November 1st, 2016

In September 2012 Dell announced to have completed the acquisition of Quest Software, a Californian company with an history in systems management, security, business intelligence and, falling back in our…

Citrix announces Q3 2016 results

October 21st, 2016

Citrix announced its financial results for third quarter 2016.
The revenues for the second quarter were $841 million for an increase of 3% compared to Q3 2015.
Net income was $132…

Release: VMware vSphere 6.5 & Virtual SAN 6.5

October 19th, 2016

2016 edition of VMworld US has been quite turbulent, on the other hand during VMworld Europe, happening these days in Barcelona, the company announced a few more products for the…

Release: VMware vRealize Log Insight 4.0

October 18th, 2016

Log Insight is a log aggregation, management and analisys tool, that VMware first introduced in 2013 and now is usually compared with Splunk.
Yesterday VMware announced Log Insight’s new major…

Release: Windows Server 2016 with support for Window Server & Hyper-V containers

October 13th, 2016

Yesterday Microsoft announced the general availability of Windows Server 2016 which the company defines as a cloud-ready OS.
Beside fancy definitions, one of the most relevant perks of this release…

Release: Oracle VM 3.4.2

September 22nd, 2016

During Oracle OpenWorld 2016 the company released version 3.4.2 of its enterprise virtualization solution.
Oracle VM is available for both x86 and SPARC based processor architectures and uses the Xen hypervisor…

VMworld US 2016 Wrap-up

September 1st, 2016

Today was the last day of VMware’s flagship conference VMworld in Las Vegas, an highly controversial edition which left a good chunk of the audience disoriented if not properly disappointed….

Gartner releases its Magic Quadrant for Cloud Infrastructure as a Service for 2016

August 11th, 2016

Last week Gartner updated its Magic Quadrant for Cloud Infrastructure as a Service (IaaS) for the year 2016. The Magic Quadrant for the year 2015 was released in May last year…

Release: Ansible Tower 3 by Red Hat

August 2nd, 2016

Ansible is one of the four main players in the automation market, younger then the well known Chef and Puppet, has been launched in 2013 in Durham, N.C. and acquired…

IBM announces earnings for Q2 2016

July 19th, 2016

Yesterday IBM announced its results for Q2 2016.

If we compare with the same quarter in 2015 earnings per share, from continuing operations, decreased 22%. Net income, from continuing operations,…

 
Monthly Archive