IBM recently announced a breakthrough in safeguarding virtual server environments and introduced new software to help businesses better manage risk. The company said the advances can provide businesses with substantial improvements in securing information, applications, and IT infrastructures around the globe.
IBM, the company that pioneered the concept of virtualization with its mainframe systems, is tackling the security issue with Project PHANTOM, an initiative that’s so secret that IBM won’t even say what the name means. This is part of the announcement that was made:
IBM’s PHANTOM initiative aims to create virtualization security technology to efficiently monitor and disrupt malicious communications between virtual machines without being compromised. In addition, full visibility of virtual hardware resources would allow PHANTOM to monitor the execution state of virtual machines, protecting them against both known and unknown threats before they occur. It is also designed to increase the security posture of the hypervisor — a critical point of vulnerability; because once an attacker gains control of the hypervisor, they gain control of all of the machines running on the virtualized platform. For the first time, the hypervisor — the gateway to the virtualized world and all that lays above it — can be locked down.
Ars Technica had a call with the people at IBM. The company was still not willing to talk in any detail about it, but I did learn some important information that answers the questions I raised in my original post, which I’ve included below in its own section.
For starters, PHANTOM is not one particular technology, but rather a widespread research initiative within IBM that will eventually result in a range of products, services, best practices whitepapers, etc.. The initiative was started two years ago as a collaboration among various hardware and software groups within IBM, and has since expanded to embrace some third parties whose identities IBM isn’t revealing just yet. The internal groups involved in the initiative include IBM’s X-Force Threat Analysis Service (a division of IBM’s Internet Security Systems), IBM Watson research center, and the server platform groups behind the z- and p-series servers, among others.
IBM stressed to me that the initiative will produce results for a wide variety of hardware/software combinations, including x86 systems, Windows, Linux, POWER, and others. So the scope of PHANTOM, broadly defined, includes all virtualization platforms, products, and services.
Clearly, whatever else it is, PHANTOM is also extremely ambitious. It’s also still mostly under wraps, so we’ll have to wait for more announcements before giving further details.