Previously we gave a high level view of securing a virtual environment. We talked about security gaps in the post and one of the biggest gaps is the lack of visibility between virtual machines on the same server.
In a physical world, you have a network based Firewall and possibly a Unified Threat Management device securing the physical gateway into your network. What happens when you go virtual and the traffic doesn’t leave the physical host? Your Network IDS/IPS is rendered useless as it’s blind to interVM traffic.
Ok, so let’s put an AV client on each virtual machine, that should help right? Well, yes and no. Yes, it will protect the VM itself, but it’s not going help you get the consolidation rates you were promised when you invested in Virtualization. Scheduled security scans kicking off at the same time cause “AV Storms” and can over utilize your ESX host resources.
What about those “gold images” you are using to provision new virtual desktops and servers? Chances are you are powering them down when you’re done using them. When you consider how many threats are created every second of every day, coupled with OS patches released by various vendors, how do you ensure that the gold image is being updated before its being used again?
And who’s in charge of creating these VM’s anyway? The security guy? The network guy? We are seeing the same issue with server sprawl in the virtual world that we saw in the physical world. With virtual servers being only a click away, how do you ensure that they are secure before putting them into production?
Deep Security is virtualization aware and designed for a virtual environment and can help you:
- Monitor InterVM traffic
- Avoid AV Storms and help increase consolidation rates
- Shield OS and Application vulnerabilities
- Protection new VM’s as soon as they are created with no AV clients to configure or patch
So you can fill in the gap.