Virtualization Security Issues Virtual machines rely on hypervisor technology, which generally is secure, but the software that runs on top of hypervisors is still subject to the same security issues that afflict physical server environments. Those issues include Antivirus Storms, Dormant Virtual Machines and Inter-VM Attacks.

It’s no secret that IT as a whole is getting more difficult to manage following the rise of virtualization, so it should come as no surprise that securing virtual environments also will require additional effort. Virtual machines are difficult to secure because they increase the attack surface. With each physical server running 10 or more virtual machines, the number of applications that need securing has increased. But beyond that there is the nature of virtual machines themselves -- as they strive to bring application workloads closer to the end user, virtual machines will move from one server to another, or entire application workloads and their associated data may wind up moving from one virtual server to another. This means virtual environments not only are becoming more complex to manage, they are also more difficult to secure.

Managing Security in the Age of Virtualization

Security In Depth By Mike Vizard Tech Security Today

January 25, 2012

2

ANTIVIRUS STORMS: Traditional antivirus security was not designed for a virtual environment. When traditional security is applied to virtual machines, it does not know it is in a shared resource environment and antivirus scans or scheduled updates are initiated automatically and simultaneously across multiple virtual machines. This can easily create an “antivirus storm” that will result in debilitating performance degradation on the underlying host machine.

DORMANT VIRTUAL MACHINES: Unlike a physical machine, even when a virtual machine is offline it is still available to any application that can access the virtual machine storage over the network. Therefore, the virtual machine is susceptible to malware infection because dormant or offline virtual machines do not have the ability to run an anti-malware scan agent. Also, when a dormant virtual machine is reactivated, the security software applied to the virtual machine more than likely will be out of date.

INTER-VM ATTACKS: When a threat penetrates a virtual machine, the threat can spread to other virtual machines on the same host. Traditional security such as hardware-based firewalls might protect the host but not the guest virtual machines, easily creating a security blind spot. Protection must be applied on an individual virtual machine level -- not host level -- to ensure security.

3

Managing Virtualization Security Virtual machines make the entire IT environment dynamic. They can quickly revert to previous instances, be paused and restarted. They also can be readily cloned and moved seamlessly between physical servers. As a result, vulnerabilities and configuration errors can be easily and unknowingly propagated. And it’s difficult to maintain an auditable record of the security state of a virtual machine at any given point in time. What all this means is that it’s difficult to achieve and maintain consistent virtualization security. In fact, the whole notion of securing the network perimeter is becoming obsolete. The reality is that as virtualization increasingly is extended from the server out to the desktop and eventually mobile computing devices, these days the definition of the perimeter is each and every end point that needs to be secured. To achieve true virtual security each virtual machine instance will require a virtual security appliance, which is a software image designed specifically to run on a virtual machine. This approach allows visibility to inter-VM traffic while providing other security benefits specific to virtualization, such as virtual patching and better anti-malware software performance. The virtual appliance is deployed to protect each VM behind it, with each physical machine now essentially operating almost like a network of virtual machines. One major benefit to this approach is that it allows organizations in many cases to apply security rules on a more granular level, because they can isolate different types of application workloads on different virtual machines. Another benefit to this approach is it enables “agentless” protection for the entire virtual network segment, which improves performance while providing security in case the host security agent is not yet deployed or missing. The virtual security appliance also can provide the network access control (NAC) function -- it can inform or alert an administrator or prevent a virtual machine without the proper security controls in place from being initiated or moved on to a particular server. Cloud Security Obviously, virtualization security has major implications for cloud computing. The No. 1 factor slowing the adoption of cloud computing is concerns over security. But by combing agent and agentless approaches to virtualization security, IT organizations can “rightsize” their IT security for the cloud.

The Trend Micro Virtualization Security Lineup Virtualization security requires a layered approach to security that gives IT organization the maximum amount of protection they need. The Trend Micro portfolio of virtualization security products include: Trend Micro Deep Security provides advanced protection for systems in the dynamic data center – from virtual desktops to physical, virtual or cloud servers. Deep Security combines intrusion detection and prevention, firewall, integrity monitoring, log inspection and anti-malware capabilities in a single, centrally managed enterprise software solution. The solution can be deployed in both agentless (virtual appliance) and agent-based configurations. Trend Micro SecureCloud is a hosted, key-management and data-encryption solution designed to protect and control confidential information deployed into public and private cloud-computing environments. It provides the freedom to move between cloud vendors without being tied to any one provider’s encryption system. Trend Micro OfficeScan delivers protection for virtual and physical desktops on and off the corporate network. It is the industry’s first virtual desktop infrastructure (VDI)-optimized endpoint security solution, accelerating protection, reducing resource use and applying virtual patching. Trend Micro Smart Protection Network infrastructure delivers advanced cloud protection, blocking threats in real time before they reach users. It is powered by a global network of threat intelligence sensors, e-mail, Web and file reputation technologies that work together to dramatically reduce infections. Trend Micro Mobile Security protects smartphones and PDAs from data loss, infections and attacks, via a central enterprise console that can also manage desktop protection.

4

Not all cloud-computing environments, however, are created equal. Considerations that influence the level of security necessary for a cloud computing environment include regulatory requirements, the sensitivity of the data and the amount of risk associated with the IT assets that need to be. Finding the appropriate balance on a case-by-case basis is easier to achieve when the IT organization has granular control over how much security to apply at any given time or place. By applying security at the virtual machine level, IT organizations gain that level of granular control in a way that doesn’t wind up adversely affecting the performance of cloud computing applications. The Need for More Automation The rising complexity associated with managing virtualization is forcing many IT organizations to reconsider their management options. Instead of relying on manual processes or custom scripts that don’t scale, IT systems and security management must rely more on IT automation technologies. These next-generation management platforms not only automate routine management tasks, they also reduce so many of the common human configuration errors that hackers like to exploit. The end result is not just a more cost-effective approach to systems management but also a more secure IT environment. IT environments consisting of hundreds of virtual servers and perhaps thousands of virtual clients are beyond the capabilities of the average IT organization to manage without some investment in automation. In fact, it’s pretty apparent at this stage that cloud computing in all its forms is dependent on the automation of virtualization management, which in no small measure also includes IT security management. The rise of virtualization allows IT organization to address longstanding IT security management issues. Instead of treating security as an afterthought, through virtualization IT organizations can unify systems and security management in a way that reduces costs while actually improving the quality of the IT security being delivered. Conclusion The advent of virtualization enables IT organizations to move beyond just bolting on security. IT systems and security management now can be more closely aligned than ever. But to make that happen, IT organizations need to look to new approaches for automating the delivery of layers of security that work in concert. The end result should be not only a more dynamic, in-depth security strategy that automatically responds to changing conditions, but also an IT environment that is easier to manage at a level of scale that winds up actually paying for itself by reducing the cost of IT.

The Dell IT Management Advantage Dell continues to expand its portfolio of next-generation systems management products and technologies, which now feature tight integration with a variety of security products from Trend Micro. Key elements of the Dell systems and security management portfolio include: Dell KACE Appliances provide a lower-cost alternative to IT management by using an appliance-based architecture. Simply plug the appliance into your network and give it an IP address, and you are ready to begin managing all your desktops, laptops and servers. KACE Appliances typically deploy in one day, and because the appliances are fully integrated and pre-configured, there are no hardware or software pre-requisites, no professional service fees and no hidden costs. The Dell KACE K Series Appliances address the management of the complete PC lifecycle, from deployment to retirement, including PC inventory and software license compliance. Dell SecureWorks is a managed service that provides a wide range of security services to organizations of all sizes. Its security services provide protection across the network to safeguard the perimeter, critical internal assets, data, remote users, customers and partners. By shifting responsibility for security management to Dell SecureWorks, IT organizations free up valuable time and resources that can be applied to getting more value out of their strategic IT investments.

ABOUT TECH SECURITY TODAY

Tech Security Today is committed to providing insights and actionable recommendations to help small-to-medium businesses cost-effectively maintain security. To achieve that goal we have invited a number of notable bloggers and industry experts steeped in security knowledge to share their thoughts on best practices for setting security policies to prevent issues from occurring in the first place and then how best to remediate breaches once they occur. www.techsecuritytoday.com

ABOUT THE AUTHOR

Mike Vizard has more than 25 years of experience covering IT issues in a career that includes serving as Director of Strategic Content and Editorial Director for Ziff-Davis Enterprise, which publishes eWeek, Baseline and CIO Insight. Vizard has also served as the Editor-in-Chief of CRN and InfoWorld. In addition, he served as a senior editor with PC Week, ComputerWorld and Digital Review.