There isn't a lot in the information technology field that Microsoft doesn't - and hasn't traditionally - dominated. However, virtual environments are one area that the Redmond, Wash. giant is coming to a bit late in the game given VMware's dominance. So it makes sense that there are not a lot of virtualization security products that cover Hyper-V. In fact, there is only one that covers it exclusively and that is 5nine Cloud Security.
Now, don't get the idea that we are saying that Microsoft is not a presence in virtualization. It certainly is. But it has not attracted the following that VMware has. So, that said, what does 5nine Software expect to gain by supporting Hyper-V only? A lot, it turns out, starting with a global customer base of more than 50,000. That's not bad for a niche product. We've been watching these guys for two or three years - they were founded in 2009 - and they just seem to get better and better. Every year we ask about their roadmap and they tell us. When we look back, we find that they've achieved their goals and, usually, more.
5nine Cloud Security has all of the bells and whistles you'd expect from a world-class security tool for a virtual environment. It has a central console, multi-tenant support, lots of auditing, ease of administration and really good compliance support. But it has a few other things that we really liked. For example, it supports Azure Pack, and there are some pretty good API options as well.
5nine Cloud Security is agentless. It sits on a virtual switch between the Hyper-V host and the virtual network adapters in the virtual machines. This means that it is in the only path between the outside physical world and the inside virtual world. It also forces virtual machines to communicate within the software data center through it, achieving security through optimal placement.
Protecting a virtual environment can be very challenging, especially if one tries to do it by protecting the endpoints. What one really needs to do is think about data flows rather than endpoints. If an admin protects the data flows, he or she automatically protects the endpoints. And that is exactly what this product does. For example, if we try to put a firewall on each endpoint, says 5nine, we will be challenged to ensure that all VMs are protected. But if we place a single firewall between the physical world and the virtual world, we can protect all of the VMs based on managing protocol behavior. That is exactly what 5nine Cloud Security does. It does its work at the network protocol level.
The anti-malware aspect to this product is based on world-class anti-malware software from vendors such as Kaspersky and Vipre. Naturally, with a single point of deployment, it is much easier to ensure that the signatures for known malware are kept current. The same is true for intrusion detection. In this case, the IDS rules are from Snort and other industry leaders.
5nine has some interesting philosophies. For example, it sees isolating everyone as a best practice. That means, for example, that a virtual machine cannot affect the host or another machine. We agree. But achieving that without impacting performance and usability can be challenging. Another issue that comes up in agent-based deployment is scanning storms that impact performance. To avoid that, 5nine scans only blocks on the disk that have changed since the last scan. This can achieve up to a 70 percent improvement in scan performance, according to the company.
However, with all of that, the most telling philosophy - and one that would seem to us to be obvious (but for some reason isn't) - is centralized security. This allows scalability. However, that poses - or could pose - a single point of failure, so the company recommends high availability through clustering and redundancy. What makes this interesting is that all of these philosophies are readily achieved by using the 5nine Cloud Security architecture.
The notion that all of this is available only for Hyper-V is not particularly surprising given the way the product is deployed and architected. In fact, the extremely tight integration with Microsoft's virtual environment practically ensures that all of the security goals can be achieved with minimal impact on performance.
Since the Azure public cloud is not universally available, there is Azure Pack. This allows users to create an Azure-like cloud in one's own data center. 5nine Cloud Security is completely compatible with Azure Pack.
We liked the solid Microsoft-style look and fell. Navigating is a snap. Logs can be exported to syslog servers, such as Splunk, for deeper analysis, and site support for disaster recovery is now available. If users want to do some more in-depth security, such as scanning inside encryption, you can add an agent so the product actually can run agentless of using agents.
Overall, this is a very high quality product and it fits very well within a Microsoft environment. So well, in fact, that it is nearly seamless.
Product 5nine Cloud Security
Company 5nine Software
Price $199 per two CPU per year.
What it does Virtual system security, specifically for Hyper-V environments.
What we liked These folks dominate the Microsoft Hyper-V marketspace and have done a superior job of integrating closely with the Hyper-V environment.