Some of the issues they explored include:
In order to succeed in the virtual world, there are lots of things to think about when it comes to security. The first step is to re-evaluate what you are doing today and figure out how your existing security processes can be re-worked to accommodate virtualization. This requires working with the virtualization and other IT teams to make sure you’ve carefully delineated the roles to better match what you’ve had in place to begin with. Also, making sure the storage infrastructure is secure should not get left out.1. You have more virtual systems than you know: Virtual sprawl is the ability to rapidly provision systems. However, it can also increase vulnerabilities such as unknown systems that aren’t properly patched or kept up with from a configuration or security standpoint. Understanding everything in your environment is a major problem in the virtual world. It’s really all about inventory, and keeping up with systems and making sure you’ve got change management in place.
2. You aren’t leveraging virtualization for security: Virtualization is like a double-edged sword from a security and operational efficiency perspective. On one side, virtualization gives an organization the ability to tighten and standardize everything in an environment, making sure it is all being kept up to date. On the flip side, if the foundations aren’t in place from the start things like change management can go completely off track.
3. You need more visibility: In the virtual world, you have to keep tabs on everything in your physical and virtual environments. Monitoring virtual network traffic, particularly between VMs, can be difficult. In order to understand everything that’s running in a virtualized environment, organizations need to take a step back and look at what their entire security looks like. Visibility is critical to making sure you know the condition of all your systems and servers, and that they are being fully utilized.
4. All eggs are in one basket: Dumping the responsibility of running and maintaining virtualized platforms onto one group is a frightening picture, not to mention a step backwards in the concept of separation of duties. While nobody wants one group to have this type of control over their infrastructure, that’s exactly what’s happening with most of these virtualized platforms. What you want is very specific rules within an organization so each group can maintain their own areas.
5. You’re back to 1997 for network security: The reality of virtual environments is you don’t get in-depth security capabilities out-of-the-box with any virtual solution. Often times, you find yourself relying on VLANs for security because that’s all you’ve got. As far as security is concerned, that’s like stepping back into 1997 for network security, and that’s no place you want to be. To meet your security and policy requirements, you need to think about your existing physical infrastructure and try to match that inside your virtual environment.
6. Your existing security programs are probably not adapted for virtualization: Most security programs need to adapt a bit to accommodate virtualization. Evaluating where virtualization affects security operations and creating policies that address virtual systems or include virtualization in existing policies is a good place to start. While things are going to vary from organization to organization, the fact is infrastructures are changing, which makes it worthwhile to move ahead and adapt like everyone else.
7. Your auditors probably don’t know what’s going on: Most auditors are not comfortable with virtualization technology. They generally don’t understand the fundamental concepts of virtualization and how everything impacts different data classification levels and compliance data versus non-compliance data. Part of the education process includes making sure all internal audit teams understand all of the controls that are inherently available within the platforms and tools that are already in place.
8. Storage is a huge security hole: Storage is fundamental to virtualization deployment. Unfortunately, security and storage don’t often mingle in the same circles. Because there are typically no strong access control mechanisms in place with most storage deployments, which can create flaws in the virtualization platform, it’s now critical that organizations implement a defense-in-depth strategy in the storage infrastructure for protecting their virtual environments.
9. Virtualization software DOES have vulnerabilities: No system is perfect. Even for virtualization software, exploit POC code and malware attack toolkits are available for hackers to penetrate a virtual environment. The key is to keep up with what’s going on in the realm of virtualization and vulnerabilities, which are constantly evolving and becoming more sophisticated every day.
10. Availability is the new No. 1: While most security folks focus on confidentiality and integrity, virtualization architectures require availability to be a top priority for your business and operational teams. With a shared pool of resources relying on the availability of multiple systems, a different approach is needed. Organizations need to change the way they use traditional antivirus and anti-malware agents that are increasingly ineffective and consuming too many resources that impact day-to-day operations.
All in all, putting more new tools that are a little more “virtualization conscious”, and that have resource-consumption issue top of mind, are critical to alleviating security tools that eat up resources. This is part of the reason why people are turning to application whitelisting and application control for virtual environments. With solutions like CoreTrace’s Bouncer application whitelisting, you’re not running virus scans that consume valuable resources on every virtual machine, which is resulting in poor performance and denial of service incidents. You have a sure list of what’s allowed to run and what’s not allowed to run.
While blacklisting is still useful for identifying known malware already on your endpoints, the fact is organizations are getting hit more than ever despite running the latest security sweeps from all the major vendors. Blacklist simply cannot keep up anymore. Having total control of what is running on your box prevents the malware from executing. As your infrastructure changes with virtualization, you have to adapt for the long haul. This is why we believe application whitelisting and application control is the approach that’s needed to protect today’s rapidly changing virtual environments.
by JT Keating
No comments:
Post a Comment