Sourcefire pledged its Sourcefire 3D System will deliver full intrusion-protection blocking capability for both the VMware-based and Xen-based virtual machine platforms. At present, it's limited to intrusion-detection monitoring and alerting.
"We will be able to block traffic in the VMware versions and this Xen version by year end," says Richard Park, senior product manager at Sourcefire, which Tuesday announced monitoring-only intrusion-detection capability for the Xen 3.3.2 and 3.4.2 virtualisation platforms. Software-based virtual appliances from Sourcefire can monitor traffic between two or more VMs, or between physical hosts and VMs.
Sourcefire is turning its attention to Xen because "it's open source, and Xen is being adopted by some cloud providers," Park says. He notes that both the Xen- and VMware-based virtual sensors can share information with a central management console.
Sourcefire last December shipped 3D System 4.9 and VMware-based virtual appliances, its first intrusion detection/prevention product designed specifically for virtualized environments. But the Sourcefire software-based virtual appliances for protecting ESX, ESXi and vSphere 4.0 are limited to monitoring and intrusion detection, not full-blown intrusion protection with blocking capability.
Despite technical hurdles in adapting the full strength of its traditional IPS to a virtualised environment, Sourcefire says it's making progress and anticipates having the blocking capability for both virtualisation platforms by year-end.