Re: This is a strong vantage point. Do any security experts agree?
Personally, I think it makes sense that as virtualization becomes more prevalent to leverage the virtual switches to act as traffic cops, much in the way a firewall would work. That being said, there is still a need for tools like IDS/IPS to inspect internal traffic that gets past the physical network. This is really the key issue with virtualization, the abstraction of hardware means that if traffic can get past the physical security tools, unless there are virtual network security policies in place, you really can't see what's going on internally. The trick is to have an internal traffic cop that can detect valid from unauthorized traffic and can then react accordingly. It makes total sense to build these from internal hypervisor functionality provided they have the right security policies to be able to understand what the traffic itself is.