Instead, Crosby said, "The technology we are pursuing is entirely different from, and vastly superior to, the memory inspection APIs that VMsafe offers today. Poking about in memory in the hope of finding an attacker is a bit like looking for the proverbial needle in a haystack, but with the additional complication that the needle can be split into many parts and can disguise itself as a piece of straw. Our technology offers a much richer interface and a positive attestation as to the state of the guest. This is critically important at a time when rapidly self-modifying attacks are making the job of attack detection increasingly difficult."
On the other hand, Dave Bartoletti, a senior analyst at The Taneja Group, told InfoWorld that he is hearing quite a bit about VMsafe from the security vendors that he speaks with on a regular basis.
"It's just taken some time to leverage VMsafe's introspection within existing products (many of which have been around for a long time)," said Bartoletti in an email exchange.
Looking ahead, Bartoletti added, "Several players are planning more detailed announcements in the next few months. I think it hasn't been obvious exactly how to integrate VMsafe's visibility into these existing products; the entire subject of virtualization security is still a fraught one. It's a push-pull problem ... do we proactively push it as very important, or let our customers tell us when it's important to them?"
When asked about the Citrix/McAfee announcement, Bartoletti said he believed it's just a validation that something better was needed. He stated, "Citrix calls out weaknesses of VMsafe at the endpoints (of course), and claims that VMware muddies the waters by providing a security API as well as security products (vShield Zones). OK. So, in response, Citrix will provide an API and their partner McAfee will provide products. But the Citrix/McAfee solution will be open, standards-based, hypervisor-agnostic, etc. -- all the dog-whistle words that mean, 'not VMware.'"
He then tried to shine a light on things by saying this latest announcement is more of the same types of tactics as was used to differentiate StorageLink APIs from vStorage APIs, but said it certainly is not without merit.
"You either need a hypervisor-agnostic solution (and buy the claim of openness), or you don't, but the market should offer both," said Bartoletti. "The cloud service providers are probably the most receptive audience to this message. Further, Citrix claims they are approaching security with technologies far better than VMware's -- well, bold claims demand dramatic results, so I'm eager to see them. We've got to do a better job of securing virtual resources as we come to depend on them everywhere, so this kind of competition can only bring goodness."
Whether you buy into VMware's solution or the joint solution between Citrix and McAfee, one thing is certain: We need a better way to provide security at the virtualized endpoints besides installing the same old antivirus software within the virtual machine or guest operating system.
This article, "McAfee and Citrix simplify security management for virtualized environments" was originally published at InfoWorld.com. Read more of David Marshall's Virtualization Report blog and follow the latest developments in virtualization at InfoWorld.com.