Our article earlier this week addressed some of the broad product categories and specific vendors that are in the market to provide VM protection for your cloud-based infrastructure. In this follow-up, we’ll talk about some of the more important questions to ask your potential protection vendor as you consider these solutions.
What specific versions of hypervisors are protected? All of these products work with particular VMware hosts, some only work on more modern (v4 or newer) versions. Some, such as Catbird’s vSecurity and BeyondTrust PowerBroker, also work with Xen hosts (and by extension, Amazon Web Services, which is built on top of Xen). None currently work with Microsoft HyperV technology.
Do you need agents and if so, where are they installed? What happens when you add a new ESX host to your data center to get it protected by each product? Each product has a different process by which its protection gets activated; some (such as Hytrust and Reflex) are easier than others that require multiple configuration steps or a series of different agents to be added to each host. Some products install agents on the hypervisor itself, so no additional software is needed inside each VM running on that hypervisor. Others work with the VMware interfaces directly and don’t need any additional software. Some require VMware’s vMA or vShield add-ons. The goal here is to provide instant-on protection, because many times VMs can be paused and restarted, avoiding the traditional boot-up checks that physical security products use.
Can I email reports to management and can they make actionable decisions from them? A security manager wants to understand where and how they are vulnerable, and be able to clearly explain these issues to management too. Some products produce reports that could be phone books if they were printed out: this level of detail is mind numbing and not very useful or actionable. Others do a better job of presenting dashboards or summaries that even your manager can understand. I liked the reports from Trend: they were easiest to produce and parse, and share with management. Setting up reports for Beyond Trust was excruciatingly complex.
[Trend Dashboard]: Trend Micro’s Deep Security has a very actionable dashboard with alert summaries and event histories.How granular are its policy controls? Another item to examine is how easy it is to add elements to existing policies or create entirely new ones. This is the bread and butter of these products; but be aware of how they create and modify their policies because this is where you end up spending most of your time initially in setting things up.
Finally, what is the price? Each product has a complex pricing scheme: some charge by VM, by virtual socket, by protected host, or by physical appliance. Make sure you understand what the anticipated bill will be with your current cloud formation and what you expect to be running in the future. For example, Catbird charges $2000 per VM instance, while Hytrust charges $1000 per protected ESX host.
