As you know, physical firewalls don’t inspect or filter the vast amount of traffic that originates from a hypervisor running several virtualized servers. It turns out that this is a significant vulnerability when you consider that VMs start, stop, and move from one hypervisor to another at the click of a button.
Additionally, few hypervisors have the access controls that even the most basic file server has, and once someone gains access to the hypervisor, they could potentially access and control all of the VMs housed there.
Finally, protective features have to handle all these movements and activities, and agent backups are complex to manage — with one agent required per VM.
Even with the vulnerabilities clearly spelled out, many IT managers may still have “secure the hypervisor” way down on their to-do list – there are just so many priorities. That’s fine, of course – until the unthinkable happens.
So how should IT Managers protect VMs? Here are the four key things to consider:
- Compliance and Auditing – produce reports to understand various compliance requirements, such as PCI standards and audit access, and create administrative logs to track down what someone changed and when.
- Intrusion Detection (IDS) and Firewall Features.
- Access Controls – so users cannot stop or change any VMs on any protected host machine. You must be able to tie access control to particular users.
- Anti-Virus/Anti-Malware Protection – similar to the anti-virus tools in the physical world, this protects against attacks inside a VM.
Trend Micro’s Deep Security product addresses these four important aspects of securing VMs.
Trend Micro’s Deep Security protects enterprise applications and data from breaches and business disruptions, without requiring emergency patching. And its comprehensive, agentless server security platform protects dynamic data centers comprising physical, virtual, and cloud servers, as well as virtual desktops. The solution comprises the Deep Security Virtual Appliance, Deep Security Agent, and Deep Security Manager and includes a variety of protective modules, including agent or agentless firewall/IDS, anti-malware, and Web application protection.
Deep Security lets you see your entire VM collection including any installed protective measures and alerts. Its firewall and IDS features include deep packet inspection and rules regarding monitoring the integrity of the operating system. The solution also provides a clear reporting module that’s part of the overall Web dashboard — with a pull-down menu that enables you to create one of 18 reports in either a RTF or a PDF file. You set the date ranges and the VMs of interest simply by clicking the relevant buttons.
As part of its integrity monitoring module, Trend Micro Deep Security scans each VM for rules you created or modified. Adding a new VM is easy — Trend hooks into the vCenter interfaces as soon as you add it, and it’s already protected. The only thing you need on the VM is the VMware vShield Endpoint Guest software. Deep Security also syncs with Active Directory and LDAP directories and pulls its users from there. Finally, Trend delivers granular options enabling you to determine user roles, down to dozens of rights for particular activities, such as allowing certain users to view but not alter any parameters.
To help you build an impenetrable IT environment, download our Ultimate Security Guide.
How does your organization respond to threats? Do you tackle them now or put them off? Let us know in the comments and we will get back to you!