Review: 4 VM security tools go under the microscope

Trying to protect your expanding VM (virtual machine) empire will require a security product that can enforce policies, prevent VMs from being terminated or infected, and deliver the virtual equivalents of firewalls, IPS, and anti-virus solutions.

We last looked at this product category nearly three years ago, testing five products. At that time, we said that no single product delivered all the features we desired. That’s still true today even though the market matured some. This time around we tested three vendors who were in our previous test — Catbird, Hytrust and Trend Micro — plus a newcomer, Dome9.

All represent solid approaches to improving your VM security, but coming from different places.

Today, vendors are looking to support hybrid cloud deployments and offer ways to mix protection on Amazon Web Services with VMware ESX hosts. Both Trend Micro and Hytrust have expanded support for multi-tenant situations. All of the products include a wider array of protective features, something that was sorely needed when we looked at them earlier. They have gotten easier to use, although harder to install. Their user interfaces are cleaner and more readily operable by unskilled staff, which is also welcome.

But there is still no single product that can do all things in all situations, and you will find that you’ll need multiple products to protect your VMs, just as in 2011. (Watch a slideshow version of this story.)

— Hytrust still remains the leader in securing access rights to the VMs as a hypervisor proxy. If having one of your VMs shut off inadvertently can bring down your entire VM infrastructure and applications stack, this remains an important tool to have.

— Trend Micro’s Deep Security is a full-featured product that offers firewall, IPS, anti-virus, compliance, reports and access control. It also supports cloud-based deployments.

— Dome9 is a SaaS-based product that’s focused on protecting VMs in Amazon Web Services (AWS) clouds. But it can also be used in public cloud environments or private networks.

— Catbird is solid in protecting your virtual networking infrastructure, filling a need that is still unmet in VMware’s extensive product line and ahead of what the other vendors have available. Its biggest weakness is the lack of role-based access controls, something they have added in v6.0 (which we didn’t test before its release, however).

+ ALSO ON NETWORK WORLD New Parallels, Fusion virtual desktops for OS X fail the smell test + 

Given the complexity of these products, we are glad to see that the vendors are offering some great opportunities for free trials. Trend Micro offers a 30-day free trial that automatically sets you up with two sample Windows Server VMs, all of which is available from your Web browser as a SaaS-service. It comes with pre-set virus infections that you can kick off and watch the results on the Deep Security console. This is a great testing environment and within a few minutes you can see the various features of the product. HyTrust Appliance Community Edition is also offered as a free version of the product that supports up to three hosts, but you have to download the software and install it yourself. Dome9 also offers a free trial for the first 30 days.