We’ve been hearing about the potential benefits of using a security solution designed specifically for virtual environments for a few years.
Unfortunately, many infosec departments continue to protect virtual environments with traditional, or legacy, approaches. While this is certainly a step in the right direction, something many see as “good enough,” the fact is traditional security doesn’t cut it, and exposes you to risk. To put a finer point on it, not adopting VM-focused solutions has the added impact of taking away those hard earned efficiency gains, promised by a virtual environment.
With more data centers in the cloud than ever, waiting around to address this problem is no longer feasible. Just look at what happened with the VENOM exploit — a vulnerability that put millions of virtual machines at risk — and you’ll see that hackers have started to attack these ubiquitous virtual machines in sophisticated new ways.
Now that virtualization has become the norm it’s time we re-examined the need for better, virtual-specific modes of keeping your servers safe and secure.
Agent vs agent-less
First, let’s talk about efficiency.
Often overlooked, this is perhaps the most compelling business reason to pursue a better virtual security regimen.
Simply put, traditional security agents take up enormous bandwidth and computing power to do their job. Think back to anytime you’ve ever run a scan on your personal PC, and you’ll get an idea of how long this will take. Now, when you treat every single VM on a hypervisor as its own discreet machine, and give each one its own separate agent to uncover threats, you can bet CPU power and speed will plummet.
The alternative, custom-built for virtual environments, is a solution like Trend Micro’s agentless security. A solution like that offers the same level of threat detection, but it does so from a level above the VM, at the hypervisor, ensuring the entire environment can be swept all at once, saving resources.
Virtualization was sold from the outset with the promise of efficiency. Dismantling that potential by not giving it the right, low-impact security agent makes getting those results promised in the board room a thing of fantasy.
Beyond the perimeter
It’s no longer the days where hackers place all their might behind crashing “the front gates.” With the distributed nature of cloud and virtualized networks, attackers are able to hone in on new weak points found at various endpoints across the network.
These weak points, writes one blogger at TrendMicro, are paradoxically what make virtualized environments attractive to data center architects:
Data centers have expanded […] tapping into network-distributed resources. In the attempt to perhaps decentralize IT operations, at least in terms of the basic hardware and power sources that they use, organizations may have instead ironically created an even more centralized target for attack and disruption: The data center, which is now home to copious amount of critical information and a magnet for cybercrime.
Perimeter security is still necessary going forward. However, a new approach will be required to address these new gaps, which are prominent in such places as Web-based, cloud applications. If not, keeping the perimeter secure won’t matter a bit if the assets inside aren’t individually insulated.
Another major risk that comes with virtualization is lack of diversity in the hardware choices. Hypervisors, or the machines that manage VM’s, are built by a select few manufacturers. As a result, when an exploit is discovered in a single hypervisor blueprint, a threat is exposed to literally thousands (if not more) hosts.
This scenario came into focus this summer with the VENOM vulnerability, a glitch found in a small piece of open-source code used in millions of cloud hosts globally. If exploited, it gave hackers the ability to come in through the front door then leap out into the host environment, gaining control of all the guests on the same hypervisor. The attack was soon neutralized with patches, but the estimated impacts would have been devastating if gone unchecked.
In theory, a hacker with control of the hypervisor could control any virtual machine running on the physical server. Not dealing with this directly puts your cloud hosted data at risk, regardless of who its stored with, public, private or hybrid.
Moving forward with virtualization security
While there are a number of solutions for virtual security, Softchoice often recommends TrendMicro’s Deep Security to its clients. Not only is TrendMicro employed by VMware for securing its own virtual workloads, but TrendMicro helped pioneer the solutions designed specifically for virtual workloads. Its complete, Deep Security offerings are worth investigating for any organization hoping to solidify its stance.
The important thing to note is that virtualized environments demand a specific, virtual security counterpart.