VMware , the market leader in virtualisation
software, has acquired Determina , a Silicon Valley maker of host
intrusion prevention products.
The terms of the acquisition have not been disclosed and there
has not been any formal announcement of the deal, but it apparently
occurred on 6 August. VMware went public with a much-hyped IPO on
Monday, and is still in its quiet period.
"VMware has acquired Determina to integrate a talented product
development team with unique security technology into our efforts
to make our virtualisation platform the safest place to run
applications. VMware does not have plans to enter the security
content subscription business. VMware maintains its commitment to
working with the security partner community to deliver a range of
security solutions including vulnerability protection," Karthik
Rau, vice president of product management at VMware, said in a
statement.
In a research note analysing the deal, Gartner analyst Neil
MacDonald says he expects VMware to integrate Determina's Memory
Firewall technology into its existing products, including the
ESX hypervisor, and to stop selling the Determina products as
standalones. Determina's technology is unique in the HIPS market,
as it is designed to protect the operating system and applications
by preventing malicious code from abusing memory, which is typical
of attacks such buffer overflows.
Determina, based in Redwood City, California., also has a
development lab in Cambridge, Massachusetts, where VMware has its
East Coast headquarters. One of Determina's co-founders, Vladimir
Kiriansky, whose thesis work at MIT led to the development of the
Memory Firewall, previously worked at VMware.
This is VMware's first real foray into the security market, and
it comes at a time when the company's core virtualisation offerings
are more in demand than ever. Large enterprises and other sizeable
organisations are turning to virtualisation as a way to cut costs
in the data center and get more out of the investments they have
already made in servers and desktops. But the security of
virtualised environments has been something of an unknown quantity
due to the complexity of the technology and the ways in which
hypervisors interact with the host OS.
Determina's technology is designed specifically to protect the
OS from malicious code, regardless of the origin of the attack, so
it would seem to be a sensible fit for VMware, analysts say.
"Securing the integrity of the hypervisor and the guest OS is
integral to the widespread enterprise adoption of virtualisation,"
said Nick Selby, senior analyst at The 451 Group in New York.
"Determina has some technology that can help VMware, if properly
integrated, address some of the most compelling issues."
In his analysis of the deal, Gartner's MacDonald sounded many of
the same notes. "By potentially integrating Memory Firewall into
the ESX hypervisor, the hypervisor itself can provide an additional
level of protection against intrusions. We also believe the memory
protection will be extended to guest OSs as well: VMware's
extensive use of binary emulation for virtualisation puts the ESX
hypervisor in an advantageous position to exploit this style of
protection," he wrote. "Further, by using the LiveShield
capabilities, the ESX hypervisor could be used 'introspectively' to
shield the hypervisor and guest OSs from attacks on known
vulnerabilities in situations where these have not yet been
patched. Both Determina technologies are fairly OS- and
application-neutral, providing VMware with an easy way to protect
ESX as well as Linux- and Windows-based guest OSs."