Few reports have surfaced of security breaches in virtual-server environments, but the potential looms large.
"Every single platform we have had in IT eventually gets compromised. There is no reason for us to think that the hypervisor is going to be any different," says Pete Lindstrom, a senior analyst with Burton Group. "While hypervisors seem to pose a fairly small attack-surface, as they multiply across a network, so do the attack surfaces. It is a huge unknown."
That's why companies widely adopting virtualization today must have a solid strategy for securing these environments, industry watchers say.
"During the 'Gold Rush' mentality of this server virtualization craze -- the more you deploy, the more you save -- the cost of securing the virtual environment has not been weighed," says Phil Hochmuth, a senior analyst with Yankee Group. "At the same time security has become an afterthought, researchers are publishing rootkits and people are thinking of ways to hack hypervisors -- it has to raise some eyebrows in the security world," he says.
Problems include unsecured virtual-machine-to-virtual-machine communications, poor visibility into hosts' server traffic, and virtual-machine configuration and patch management. As concern grows, established security vendors are adding virtualization features to their product road maps and newcomers are delivering purpose-built technology for the virtual realm.
Here are four virtualization-security companies that should be on every network-security manager's radar: