This week, on a Friday before the start of VMworld, VMware announced that they acquired PacketMotion. It was announced in a blog post Friday by Dean Coza, director of security product management at VMware.
Is it just me, or do most companies choose to announce things they want no one to discuss on Friday afternoons – via blogs? My corporate masters tend to save the good stuff for Monday mornings at the start of massive trade shows, and they use old-fashioned press releases, backed by armies of outsourced PR people to create buzz.
VMware should be really happy with the acquisition and put a spotlight on it. PacketMotion’s technology tracks user transactions and correlates them with identity management systems in order to detect potential malicious internal behavior or compliance violations. It’s a good guess that Packetmotion’s recently-released PacketSentry Virtual Probe was the big reason for the acquisition. This neat piece of tech lets you monitor VM to VM traffic for VM security and compliance. The word on the street at VMworld is that VMware will integrate PacketMotion into VMware vShield 5 and the PacketMotion team will join VMware’s Cloud Infrastructure Business Unit.
Cloud security people like me have long complained about VM-to-VM attacks and lack of visibility of virtual network traffic. This deal seems like it will address those concerns, although best practices sill require per-VM (or agentless) protection for each VM running on a physical host.
PacketMotion also does user activity context for network segmentation and data access monitoring, which is a helpful feature, but one that VMware will have to work to evolve. This kind of complex capability is much more security focused than infrastructure focused, and VMware’s DNA lies in infrastructure. They’ve made great strides, but it’s hard for any infrastructure-focused company to stay equally focused on security and infrastructure at the same time, as we’ve seen with Microsoft. Microsoft is definitely heavy on the infrastructure and lighter on the security because of the same dynamic.
As Dean Coza puts it, the Packetmotion technologies, combined with existing Vshield capabilitis, can “make it possible for customers to automate security and compliance policies in a completely business-driven language, such as ‘give HR access to HIPAA vApps’ or ‘give Finance access to the PCI-CDE vApps’” That’s a holy grail of policy based management!
Now that you’ve read the whole post, it’s entirely possible that VMware soft-announced Packetmotion because they didn’t want to distract from the messaging around VMworld, which opened this Monday in Las Vegas to large crowds of enthusiastic virtualization and cloud people. It’s a great show this year; I think I’ve had hugs from at least a dozen friends and colleagues from former employers I haven’t seen in a few years. This has become a “must attend” event for cloud people.