Network Computingwww.networkcomputing.com

A Look at Blue Lane VirtualShield

Posted by Avi Baumstein
May 25, 2007

In many ways, security in a virtualized environment IS no different from security in the real world: You plan for defense-in-depth with host-based and network-access controls, and set security systems to monitor traffic where appropriate. For added protection, there are a few security "virtual appliances" available at VMware's Virtual Appliance Marketplace. We decided to test one, Blue Lane Technologies' VirtualShield, in our University of Florida Real-World Labs®.

According to its billing, VirtualShield removes malicious content from network traffic before it reaches your virtual servers, a technique the company calls "inline patching." This guards against new vulnerabilities, often well before vendors release fixes, and lets IT safely run legacy apps for which patches may no longer be issued.

At press time, VirtualShield was one of just two virtual appliances (VAs) we've seen intended to protect virtual machines (VMs) running under VMware. The other, Reflex Security's VSA, is an IPS (intrusion-prevention system) that runs in ESX and protects virtual servers. Blue Lane distinguishes itself by taking the approach of patching network traffic, rather than just blocking the evil stuff.

Although still new and needing some polish, VirtualShield is innovative and well-executed. The core functionality works as advertised, and Blue Lane, a four-year-old pre-IPO start-up, seems committed to refining its technology. The company's willingness to rapidly correct problems discovered during our tests makes us feel very comfortable recommending VirtualShield, especially since the product brings the capability of Blue Lane's two-year-old PatchPoint appliance inside VMware ESX server at an attractive price: $599 per year for a dual-processor server, compared with a $7,500 cost of entry for Blue Lane's physical appliance.

Continue Reading This Story...

RELATED LINKS Interview With Blue Lane Technologies' Jeff Palmer The Evolution of Patch Management Painless (Well, Almost) Patch Management Procedures VMware Beats Microsoft's Carmine	IMAGES Click image to view image
NWC REPORTS --> Strategic Security: Risk Assessment You can't build effective security policies without involving non-IT business stakeholders. Here's how to get them to help you assess and address those threats. NWC ANALYTICS Host Intrusion Prevention How does Host IPS compare with conventional antivirus solutions? What's the difference between network IPS and host IPS? We answer these questions and more in this Tech Report based on an exclusive survey of enterprise users and in-depth lab analysis. Keep Your Guard Up Moving to a virtualized environment doesn't put conventional security measures out of business; however, a few factors are worth considering. First, you can't always deploy a tap or span port on virtualized systems, as you can on conventional devices. Fortunately, IT can use VMware's ability to create vSwitches to its advantage--by putting security right next to virtual server instances, you decrease the perimeter that must be protected. The main thing to remember: Don't treat a large virtualized infrastructure as a network black box. Security systems must be able to look inside the virtual infrastructure. If it's treated as one solid "box," or system, you might find that an attacker who compromises one VM has a large sandbox in which to play. Fast Fixes We were intrigued by the concept of inline patching. When a vendor releases a patch to an OS or application that VirtualShield protects, Blue Lane tears apart and analyzes the patch, deciphering exactly how it changes the OS's behavior to eliminate a vulnerability. The company promises to produce an inline version in less than 24 hours for critical patches and in no more than 72 hours after the original is released for lower-priority patches. Page:  1 | 2 | 3 | 4 | 5 | 6 | 7 | 8  | Next Page » Related Reading News Commentary News Virident Unlocks PCIe Flash From a Single Server IT Not Ready to Quit on BlackBerry RCS, WebRTC Will Unlock Mobile UC Potential Ospcode's Private Chef Gets Cooking with Facebook More News» Commentary Road-Testing Republic Wireless and Its $19 Mobile Plan InteropNet's Live Wire Act SDN Startup Targets Cloud Providers IT Not Ready to Quit on BlackBerry More Commentary» Most Popular On the Web Most Popular Deploying Dual-Stack IPv4 and IPv6 Networks 10 IT Apps for iPads and iPhones VMware's SDN Dilemma: VXLAN or Nicira? The Challenges Of Wi-Fi Guest Access More Popular» On the Web Justin.tv’s Namesake Founder Takes On Task Services With Exec Justin Kan Launches Exec For Real-Time Mobile Jobs How Dwolla Works Cloud Connect 2012 Speaker List: Mat Ellis Founder and CEO, Cloudability More On The Web» More Insights White Papers BYOD Risk and Rewards Five Reasons Why the Right BI is like the Right Partner More >> Webcasts Three Reasons to Throw Away your Requirements Documents Leveraging Business Intelligence & Data Analytics to Improve Claim Results More >> Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.   To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.   IaaS Providers Cloud Computing Comparison With 17 top vendors and features matrixes covering more than 60 decision points, this is your one-stop shop for an IaaS shortlist. IaaS Providers Research and Reports FEATURED RESEARCH State of Server Technology FEATURED STRATEGY The Long-Distance LAN Register for Network Computing Pro Find hundreds of reports featuring research from your peers, and best practices from top IT pros. Sign Up The Virtual Network February 2013 Video WATCH: Bob Metcalfe Plans Ethernet's 40th WATCH: CES 2013: It's A Wrap! WATCH: Intel shows off eye tracking and gesture tech WATCH: Intel touts tablets, smartphones at CES 2013 WATCH: QNX hacks a Bentley WATCH: CES; the car show WATCH: Atmel talks touch enabled curves and Internet ... WATCH: CES: Maxim shows heart, turns up volume on au ... WATCH: CES; Synaptics senses mobile touch potential View All Videos Previous Page Next Page Most Popular Stories Blogs 9 Data Centers: Unexpected Beauty And Creativity The Five Core Tenets of Scale-Out NAS Data Classification Tips And Technologies Lighthouse Launches Next-Gen Cloud-Based IAM Palo Alto Networks Introduces Next-Generation Firewalls For Branch Offices, Apple Devices More Stories » Next Generation Firewalls 101 SSDs In the Data Center: SLC Out, MLC In Apple's Fusion Drive: An Inside Look What Comes After RAID? Erasure Codes Air Time: Understanding 802.11 Interference Upcoming Events WebCasts Live Events Integrating Data in a Big Data Environment Trends in Enterprise Cellular Data Usage– What You Need to Know to Avoid the Common Challenges Data Protection Management for Enterprises and Service Providers: Faster, Smarter and More Automated Beyond Agile – 5 Secrets to Building Engaging Customer Apps Practical Tips to Successfully Test Complex Applications from the authors of "Service Virtualization for Dummies" More Webcasts>> Five Essential Steps to Mitigating Insider Threats Join us at Interop to learn how to uncover controls that have proven most effective at minimizing the risk of insider threats. Mobile App Development Meets the Cloud Join us at Cloud Connect as we discuss the build versus buy decision for mobile app development platforms and what you should look for. Security in the Mobile Cloud World BYOD and the mobilization of apps have forced companies to revisit security. Join us at Cloud Connect to discuss the key considerations for security as IT moves to a world where data resides on devices, in the cloud and on premises. Optimizing Your Cloud Spend: How to do it Right The cloud is supposed to save you money, but are you throwing it away? Join us at Cloud Connect to learn steps you can take right now to get more bang for your buck. Managing Mobility in a BYOD World Join us at Enterprise Connect as we explore the major developments in the mobile field, the new threats in mobile security, the challenges in mobile policy development, and the best practices in supporting a BYOD environment. More Live Events>> Featured Whitepapers     What's this? BYOD Risk and Rewards Measuring the Total Economic Impact- IBM Rational Application Portfolio Management LTFS Hits the Mark in Media & Entertainment: An In-Depth Introduction to LTFS for Digital Media Is Your Claims Management System Falling Short of Expectations? Success in the Next Wave of Federal Data Center Consolidation - Solutions Brief More >> Featured Reports     What's this? Take the InformationWeek 2013 Database Technology Survey Research: Apple Outlook Survey Best Practices: A Guide to Practical Database Monitoring IT Pro Impact: iPad vs. Nexus vs. Surface Tablet Shootout Strategy: 5 Keys to Painless Encryption More >> BlogRoll Bits or Pieces? Brad Casemore Brad Hedlund Etherealmind IOShints Stephen Foskett, Pack Rat Steve's IT Rants The Storage Architect StorageMojo TechWeb Careers There are a number of job listing scams naming Network Computing. For our official career postings, please see UBM TechWeb Career Opportunities.