Securing the virtual environment
by David Phillips - Product Manager, Wick Hill - Friday, 11 July 2014.
So you have you a shiny new virtual environment up and running. You may have virtualised all your servers, so that your business-critical databases, CRM systems, ERP applications and email all reside in a virtual environment. It has been a long project, but now it is complete and you are experiencing the operational, performance and cost gains. Stop! Think! Have you covered all the bases? Have you thought about security?

I ask the security question a lot, and in most cases the response is either: "Security is not my responsibility." or ‘"Yes I have considered this and we have implemented the same security as we had in our physical environment."

These responses illustrate a common misconception - that a virtual environment is inherently more secure than a physical one. This is wrong. A malware attack doesn't distinguish between a physical or virtual device. Cybercriminals pay little regard to the environment. They are just looking for the easiest way in! There are even Trojan attacks designed specifically to attack virtual machines.

Another objection I hear to my security questions is that malware cannot survive the decommissioning of non-persistent virtual machines (VM). Again, rubbish. Some malware can jump from VM to VM and from host to host.

Finally, cyber-crime does not stand still. There has been a massive increase in the volume of malware and the attacks are constantly evolving, leaving physical and virtual environments at risk.

There are three options for securing your virtual infrastructure - that is, of course, excluding the fourth option of having no security at all!

1. Traditional ‘agent-based' security

This can provide you with a good solution, although there are some significant drawbacks. Consider the reasons you moved to a virtual environment in the first place. Cost savings and optimisation are likely to be included in your rationale. By installing software not optimised for a virtual estate, you are loading a separate copy of anti-malware, software and signature updates on every endpoint. This duplication is massively wasteful in a VM environment.

On top of this you have the resource nightmare of potential ‘AV storms'. All your VMs updating at the same time slows everything down and can even bring your environment to a complete halt. You can also leave your systems vulnerable through what's known as an ‘Instant On Gap,' the window of time after a VM spins up, but before the agent on that VM downloads the latest security updates.

For virtual systems, optimum consolidation ratios ( the greatest possible density of VMs for your money) is the main goal. Traditional protection is inefficient in virtual environments, taking up resources which could be used to add more VMs. However, at least with this approach, you are protected and have not left your systems vulnerable to attack.

2. ‘Agentless' security

This is the next option. Now we are moving on to protection that is designed to optimise security in a virtual infrastructure. The security software is loaded onto its own secure virtual machine and no agent resides on the other VMs in the estate. This allows them to run smoothly with no duplication or redundancies, helping to make the most of your investment. It also means you can get the security up and running very quickly and there is no need for time consuming reboots.

This approach is at the other end of the spectrum to the ‘agent-based' approach, addressing most, if not all, of the downsides. However, you don't get something for nothing and if you look at this approach in more detail, there are a few drawbacks.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th