With Determina, VMware drops fortress mentality
VMware says it's received a bad rap when it comes to security.
The company's problems started with a 2006 presentation at the Black Hat security conference by Joanna Rutkowska, CEO of Invisible Things Lab. Ironically, Rutkowska's "Blue Pill" talk had nothing to do with VMware. It was about creating undetectable malicious software using the virtualization technology built into microprocessors.
But nevertheless, VMware is the world's best-known virtualization company, so any questions about virtualization and security "naturally became a VMware problem," said Nand Mulchandani, the company's senior director for security products.
"Blue Pill kind of set things off, but unfortunately it set things off on the wrong foot," he said. Soon VMware was fielding questions from worried customers. "They escalated it to our team and they said, 'Oh my God, we're going to get attacked by Blue Pill. What do we do?'"
Mulchandani has been trying to get the message across that the Blue Pill CPU virtualization hack is not connected to VMware's software, which is widely used on data center servers to simultaneously run many copies of the operating system on a single computer.
It's one of several security messages that Mulchandani is trying to convey these days, as the company looks to repair its reputation in the security community while developing new products that will keep it one step ahead of rivals.
Critics say VMware must shoulder some of the blame for the Blue Pill confusion and that it harmed itself by attacking Blue Pill in company blog postings. "They took the easy route, which was to attack Joanna's research," said Tom Liston, a senior security consultant with Intelguardians Network Intelligence. "It was just a big brouhaha with VMware jumping in where they didn't belong."
The feud with Rutkowska flared up at a low point in the company's relationship with independent security researchers. Employees who had been working with researchers like Liston left, and by early 2007 the company had developed a reputation as being unresponsive to bug reports, something Mulchandani calls "Fortress VMware."
Mulchandani says the issue was simply that VMware didn't have the people in place to respond to the community. That changed, however, with the company's 2007 acquisition of intrusion-prevention software vendor Determina.
Click here for case studies, whitepapers and other useful vendor content 
ARN Panel Sessions: Day 3The last of our panel sessions recorded live at CeBIT 2008. Today, the topic is storage. Data is growing at an enormous rate, so what does the future hold?
Weekly Tech News Update: 21st November 2008Yahoo's CEO says goodbye, Intel introduces a new processor, and robots run wild. All that news and more on this week's World Tech Update
Electronic voting in U.S. electionDoubts about voting machines are lingering in the minds of many Americans as they head to the polls.
When an IT disaster occurs, how handy it would be to push a button and start again as if nothing had happened.
Discover and learn more about CA XOSoft today.
PGP and Ponemon Institute Unveil Inaugural Australian Data Breach Study 2008 20 November, 2008 17:34:00
Symantec Cloud Services Transform Data Centre Operations Through Proactive Management 20 November, 2008 12:06:00
Verizon Business Offers Tips to Building a Successful Unified Communications and Collaboration Plan 20 November, 2008 12:04:00
NetApp Named 2008 Citrix Ready Solution of the Year by Citrix Systems 20 November, 2008 11:33:00
Extreme Networks Ethernet Transport lowers total cost of ownership for carrier metro networks 20 November, 2008 10:21:00
Dimension Data, La Trobe University and Windows Server 2008 partner to improve compliance
La Trobe University partnered with Dimension Data to deploy Windows Server 2008 and Network Access Protection technology to improve their existing network security solution.
Buying Guides
Latest Products
Buying Guides
