Hacking an endpoint, such as a mobile device, may only result in a loss for one user. Hacking a server can result in loss for thousands. IT professionals rely on security appliances--firewalls, filters, unified threat management (UTM) devices, intrusion protection systems (IPS), and intrusion detection systems (IDS)--to protect critical servers from Internet hackers and from hijacked computers within their Internet-facing "demilitarized zone.". The amount spent to purchase and maintain these security appliances is staggering, expected to reach over $10 billion annually by 2011.

One common appliance function is to analyze and filter communications or operating systems for malware. Information Security Magazine's recent study of leading anti-malware products, using 8,114 different malware specimens, found that the best performing product was unable to correctly identify 7.9%, or approximately 640 types, of malware.

David Leonard, former CTO of Infocrossing and current server security consultant has dedicated his career to managing outsourced data centers utilizing the state-of-the-art in security appliances. Leonard has stated that a top hacker can get into practically any network, even the most stringently protected banks and data centers. And these hackers will perform this service for as low as $25,000.

Virtualization is one of the hottest trends in server computing. It enables server consolidation and dynamic provisioning, saving precious size, weight, power, and cost. VMware and Xen are two commercial hypervisor technologies that have been deployed extensively. However, as virtualization deployments have grown, security experts have voiced concerns about the implications of "VM sprawl" and the ability of virtualization technologies to ensure security.

On June 2, 2008, VMware attempted to allay this concern by announcing that its ESX server products had achieved a Common Criteria EAL 4+ security certification. VMware's press release claimed that its virtualization servers could now be used "for sensitive, government environments that demand the strictest security."

On June 5, just three days later, several severe vulnerabilities in the certified VMware products were posted to the National Vulnerability Database. Among other pitfalls, the vulnerabilities "allow guest operating system users to execute arbitrary code."