XenSource integrates Snort with Xen

Quoting from XenSource official announcement:

XenSource, the leading provider of enterprise grade virtualization solutions based on the Open Source Xen hypervisor, today demonstrated the industry’s first implementation of a secure hypervisor at the Intel Developer Forum (IDF). The solution is an integration of the Open Source industry standard Xen hypervisor with the market leading Open Source Snort Intrusion Detection System. By embedding security capabilities into the hypervisor, XenSource has given the CIO a powerful new ability to implement the same security policies across the virtualized enterprise, independent of the operating system. Moreover, the hypervisor can ensure that even legacy guests that have not been patched will be protected. Xen can even prevent a compromised virtual machine from attacking other virtual or physical servers in the enterprise by blocking its network traffic.

“Intel is pleased to see companies like XenSource taking the initiative to provide enterprise class security features for virtualized environments,” said Diane Bryant, VP and general manager of Intel’s Server Platform Group. “As hardware and software virtualization solutions continue to evolve, you will see greater synergies between features like Intel Virtualization Technology, Intel Active Management Technology and secure virtual machine monitors like XenSource is offering. These types of developments support Intel’s advanced technology roadmap and our vision of providing increased value through platform solutions”

“XenSource is actively working with Xen ecosystem partners to deliver added value virtualization solutions to F100 enterprises,” said Nick Gault, President and CEO of XenSource Inc. “Our customers view XenSource as uniquely capable of supporting their production needs for virtualization of all operating systems. Moreover, adoption of a ubiquitous Open Source virtualization solution has the benefit of delivering dramatic new benefits in security and manageability to the enterprise. ”

“We’ve heard a lot about open hypervisors recently,” said Simon Crosby, VP Strategy for XenSource, “but this demonstration shows how third party ISV solutions such as firewalls, virus scanners and intrusion prevention can be quickly and easily integrated into the hypervisor to deliver important security benefits to the enterprise. By adopting an open industry standard for virtualization, the Xen ecosystem is delivering benefits that closed source, proprietary hypervisors never could.“

The demonstration shows how a security feature set embedded in the I/O path on the Xen hypervisor successfully prevents a VM that has not yet been patched to remove a security vulnerability from being compromised. When the security capabilities in the hypervisor are turned off, the vulnerable guest, a hosted on-line stock trading application, is quickly overcome by standard attack tools, and compromised. The security policies in the hypervisor are managed consistently across all servers, and apply to all guest operating systems, including Windows and Linux.

This is a great news! Snort is a point of reference in the intrusion detection market and its adoption at hypervisor level can add a fundamental security level to any virtual environment IT manager should build in any case.
Snort can intercept incoming threats like exploits and viruses, alerting or even blocking them.

Now I expect to see soon an honeypot engine integration in Xen so when Snort detects an incoming attack it can be redirected to the honeypot virtual machine.

Update: I wonder what will happen of this project now that SourceFire has been acquired by Check Point…