Emerging products: Virtual system security
This month, we continue our periodic look at the hot product groups that are shaping the information security marketplace. One of the hottest is, of course, security in the virtual world. We have four products this month that are focused on securing virtual systems.
Virtual system security is a mixed bag of security at the hypervisor, security at the VMware API (vShield), and relatively independent security applications. We saw examples of all of this and a bit more. For example, while we generally think of security as being some sort of direct protection – such as encryption, firewall and more – sometimes configuration and other management offers improved security within the enterprise environment.
We have learned the truth of this in the physical world when the enterprise is quite large. The challenges of keeping configurations consistent must be met or there could be vulnerabilities resulting from misconfigured devices that are not noticed in the forest-and-trees environment of a really big enterprise. In the virtual world, the problem is exacerbated by the simple fact that it is way too easy and inexpensive to spin up new servers. This results in virtual-world-unique challenges, such as server sprawl. Once a server is built for whatever reason, it seems to be a law of virtual nature that it will live on forever – even if it is not needed anymore.
The end result is that there usually are lots of servers that have been retired, but still consume resources and may even still be accessible. Server sprawl is not the only problem that is more or less unique to the virtual environment. Another not so obvious challenge is the scan flood. Scanning floods occur when one has an automated vulnerability scanner that lives in the virtual and scans the virtual. Because it is not uncommon to have a large number of virtual devices in the enterprise, that means that lots of packets are flying about looking for security holes. Some control certainly seems like a good idea here.
But scanning for vulnerabilities is not the only type of security scanning that can cause trouble in the virtual. Anti-malware scans are at least – if not more so – as problematic. In a well-managed enterprise, virtual or physical, everything that comes in or goes out of the virtual environment should be scanned for malicious content. That can be a lot of scanning – more, even, than vulnerability scanning. In a large environment – one of our vendors this moth reported a customer with 40,000 virtual machines – one can depend on the fact that there are scans occurring constantly.
Another challenge is access to the virtual environment by mobile devices. That's not unique to the virtual, of course, but it can be somewhat more challenging to manage in a virtual data center. Unfortunately, managing mobile devices is not a luxury in the virtual – something that we do in the physical world but think of as an option in the virtual. Rather it is one of those “must haves” that plague us with each new wave of emerging technology.
All of these and many more obvious and not-so-obvious challenges are either unique to or exacerbated by the virtual world. Our products this month address these and many more. I enjoyed looking these over and I learned a lot about where threats live in the virtual world. Even though I spend most of my computing time in a virtual environment, I find that I take security in these environments for granted. Like most users, I assume that vShield will protect me. That actually is not the case.
It is important to understand the virtual environment in one's virtual data center. One needs to recognize where it is similar to and where it is very dissimilar from the physical world and then to seek out the appropriate security solutions to the problems uncovered. Sometimes those will be the old standbys that we have lived with for decades in the physical world. But sometimes they will be totally unique.