SAN FRANCISCO—Virtualization as a security mechanism, starting with virtual vaulted machines for different levels of use, is one idea to come out of Symantec’s innovator’s meeting today at RSA.
In this model, there would be the primary VM the same as most computers today; least secure “playground” (players, peer to peer, etc.)” and super securest, preconfigured with minimal applications (o/s, browser) for use during the HTTPS session. All this would roll over flawlessly without user notice … in fact they had to put up funny little icons to show when they were switching between Virtual Machines during the demonstration.
This is a backward take on what I’ve been thinking about security as a virtualization device in that it can hide the security software beneath the O/S and therefore not get rootkitted. They have plans to go there, too, but they started first with the virtual desktop piece.
I’m not thoroughly satisfied with their answer to my question on upkeep (patching, configuration) for the three machines: Their answer is the master is still controlled like they would a single physical machine with their auto updates turned on, etc. The necessary updates will hit them all where they apply, but somehow Symantec will have to ensure that the uber secure machine, at least, is continuously configured securely.
Symantec also had this idea of identity layer that would require a middleman to vet identities for uber secure accounts and later for the masses once we get all the standards, vendors and new layer of middlemen sorted out. Symantec says customers are begging them to manage their identities. In this model, Symantec would act like the master Verisign type service only deeper. But how is this different than the vetting type ID services in action today?
Think about dating sites, says Brian Hernacki, Symantec Architect. Serious customers would pay extra for a stamp or a star saying they’ve been vetted enough to know they’re not making things up. So they’ll pay extra to be snooped upon? Now that’s a turn of events.
