Sourcefire is readying its first intrusion-prevention systems designed to run as software appliances in VMware’s virtual machine environment.
Sourcefire 3D System 4.9, which is expected to ship by year-end, includes the Virtual 3D Sensor and the Virtual Defense Center. The products will run as virtual appliances on VMware’s ESX and ESXi servers, as well as on the cloud-computing platform vSphere 4.0.
Many thrifty managers believe that the same technologies currently used to protect conventional physical servers can simply be extended to virtualized environments, but security experts say this could lead to being trapped by threats in several areas, including software, administration, mobility, the operating system and network visibility.
Sourcefire 3D System 4.9, now in beta, can be used to inspect traffic between two physical hosts, two VMs or between a physical host and a VM, according to Steve Piper, Sourcefire’s senior director product marketing.
The first virtual IPS appliances that Sourcefire will ship will deliver speeds ranging from 20M to 250Mbps. This is “the low end” for IPS speeds today, Piper acknowledges.
A couple of months ago IBM launched a hardware appliance to deploy service oriented architecture and WebSphere applications in an internal cloud computing environment.
Piper says there are some basic concerns regarding a virtual appliance — which is simply software tailored to run in a specific VM environment — as compared with a physical appliance that includes software on a dedicated hardware device.
“There are a lot of unknowns,” Piper says, because the virtual appliance is likely to share a physical server with other VM applications and there may be wide differences in deployment and usage of resources.
The main concern is the performance of an IPS sensor running as a virtual appliance, he says. As the Sourcefire virtual appliances become available, “we encourage customers to test for performance,” Piper says.
In its first iteration of virtual appliances, Sourcefire is not implementing VMware’s VMsafe security API, because it’s “not ready for prime time” due to performance issues related to Sourcefire’s projects, Piper says.