Virtually excited about virtual IPS
I have to admit I was a bit excited when I saw the Google Alert for a new article by Ellen Messmer, "Sourcefire Embraces VMware". I assumed we were going to see Snort running in a virtual machines, but even more, an IPS sitting at the nexus of multiple virtual applications. Perhaps Sourcefire would even announce their own virtual switch/firewall? Frankly, I have been looking for some new news on IPS period. You think it's easy writing about NAC all the time?
Anyway, reading Ellen's article it seems that Sourcefire's RNA can "scan" VMware appliances and applications. This is a bit misleading, as RNA is more of a sniffer. So I take it that RNA sensors are looking at traffic and from that deducing what type of virtualized applications are running and what if any vulnerabilities they might have. This is different than classic "active" vulnerability scanning, where an actual scan of the device is made.
Also, it looks like Sourcefire will soon ship a RNA sensor that actually runs in a VMware server, but not the Citrix or Microsoft virtual machines. OK, sounds good. We continue to see vendors, security and others making their products run in a VMware environment and lesson the need for separate appliances. As a matter of fact both Symantec and McAfee released virtual security products today.
StillSecure's Strata Guard IDS/IPS has run in VMware for a while now. BTW, there was some nice coverage of our free version of Strata Guard on Linux.com that you can read here.
Comments