Catbird is upgrading its virtual security software platform to keep closer tabs on virtual machines as they replicate themselves ensuring that proper security policies follow them wherever they go.

VMShield 2.0, includes V-Tracker, technology that uses more attributes to define virtual machines, making it more likely that VMs will be tracked accurately when they create other versions of themselves. The product then makes sure that the proper policies are applied to all instances of the virtual machine. The policy checks not only pertain to attributes of the virtual machine but also to the physical machine it migrates to.

So, for instance, if a policy states that a virtual machine should not be allowed on a physical machine with two network interface cards, VMShield could block that migration.

The software also takes into account the network segment where a virtual machine is deployed and adjusts for the policies in that segment. So if a virtual machine is deployed in a secure zone that contains credit card data, policies that apply to the zone can be added to the policy for the virtual machine. The aggregate policy might respond more severely to a VM policy breach than it would if it were deployed in a less secure zone, for example.

This aggregation of policies creates a policy envelope that is applied to each virtual machine. This function is performed by Virtual Infrastructure Security Engine (VISE), a software engine that correlates VMware attributes and network security events to better protect data.

V-Tracker creates a unique identifier for each virtual machine that includes a signature that can identify a copy of a virtual machine, whether it was created via live migration or altered slightly then cloned.

Altor Networks also creates signatures to track virtual machines, using VMware virtual machine properties listed within vCenter, VMware's central management server. Catbird says it uses factors beyond that to identify virtual machines.
Other vendors specialising in virtual security include Stonesoft and Third Brigade, said Ted Ritter, an analyst with Nemertes Research. He said the problems these companies address are real, but fewer than 10 percent of businesses using virtual machines had deployed virtualisation-specific security. They rely on traditional security gear they already own and configure their networks to secure virtual machines as best they can, he said.

The risk of insecure virtual machines is significant, he says, because 78 percent of businesses Nemertes has polled say they have customer-facing virtual machines already deployed.

To discover potential contact with botnet command-and-control sites, VMShield performs intelligent packet filtering of traffic in and out of virtual machines, and can automatically quarantine virtual machines that violate policies.

VMShield 2.0 uses application programming interfaces with virtual machine hypervisors to be aware of individual VMs. It is compatible with VMware, Citrix Xenserver and Microsoft Hyper-V.