New software to check virtual security policy

A British company has developed software to help customers check that their security policies have been followed accurately within VMware environments.

VMinformer's eponymous tool works by creating "a policy template running 85 checks on a virtualised set-up, running across the entire environment," said VMinformer's John Reeman.

"We check against a number of pre-set rules. These rules are ones that we have previously defined - although they are customisable by individual companies. For example, a test and development environment would be more willing to accept risk than a production environment," he added. VMinformer's pre-defined policies include VMware's Security best practice 'hardening guide' and the 'DISA ESX STIG' hardening guide.

Reeman said that the product had been developed as security had been one of the last aspects of virtualisation to be tackled by third-party companies. "Security is one of the last things to be considered," said Reeman. "People are keen to adopt virtualisation and create virtual machines and only then do they consider the security implications. And there are very security players in this space."

VMinformer is being offered at a single price of £500 ($714) regardless of the size of the customer - "that's something we're going to have to look at it in the future," said Reeman. The software is currently being offered as a free download, with 15-day licence expiry, from the VMinformer website.

Reeman said that there had already been plenty of interest in the product with a healthy number of downloads since it  was launched earlier this week. He said that companies who have to do a lot of product testing were particularly interested in the product. He said that security companies with a presence in the physical space were also interested in the product as it filled a vital gap in their portfolio.

"What's happening is that companies are creating any number of virtual machines, it's only then that the security manager starts wondering what security policies are being followed," said Reeman.

This story, "New software to check virtual security policy" was originally published by


Copyright © 2009 IDG Communications, Inc.

Shop Tech Products at Amazon