Emerging products: Virtual system security

March 3, 2014

This month we take a look at some interesting approaches to security for virtual environments. No two of the companies and products we looked at do this important type of security the same way.

One of the interesting aspects of virtual system security is that it looks a lot like security in the physical data center back in the day. Now we are entering the era of the software data center and it almost seems as if we are going back to square one. That said, progress is far more rapid in the virtual than it ever was in the physical. An example of that is this and next month, we are examining UTMs and SIEMs. For a long time it appeared that these two product types would converge into a single hybrid. For the most part, that hasn't happened yet, despite many years of trying.

However, in the virtual realm, things move a lot faster - even though they sometimes seem to start back at the beginning. What I mean by that is that in the virtual we still tend to see point solutions to point problems. For example, one of our products this month addresses malware. Another addresses the management plane, while another deals with compliance monitoring and enforcement. Amazingly, few products for security in the virtual use the cloud as a security paradigm. One would think that cloud services would be a natural environment for protecting software-defined data centers since the technology behind the cloud is virtualization.

We are beginning to see virtual security providers take this approach, and the pace certainly is accelerating. Another area where we are starting to see some movement is in light agent/agentless deployments. These behave in the virtual much the same way similar deployments in the physical behave. They offload most of the processing to a virtual appliance in the software-defined data center, similar to the way a gateway operates in the physical data center. The agent, if there is one, sits on a virtual machine and communicates with the virtual appliance. Then the appliance does the heavy lifting, reducing the performance load on the virtual machine.

The products that we tested this month are a good cross-section of the types of offerings that we see in the virtual security marketplace. That takes a bit of explaining. There really are two virtual security product types. One provides security to the enterprise virtually (that usually means that it is cloud-based), while the other provides security for virtual systems. It is the latter that we are interested in this month. There are a couple of corollary issues.

First, we need to consider the security of individual virtual machines. That is a combination of security and isolation. Especially in public cloud environments where multiple organizations share the same virtual resources they both can prove challenging. It is not desirable for one organization to have access to the other organization's virtual environment - for the obvious security and privacy reasons. The other area of concern is the hypervisor. Compromising the hypervisor potentially compromises the rest of the virtual data center.
Today's products for securing virtual data centers are beginning to address both of these interrelated requirements. As usual, though, it is a game of leapfrog with the bad guys.

Further, in 2012, virtualization bloggers were pointing out that there were no credible hypervisor attacks. Well, maybe there were, but at least there were no direct hypervisor attacks. However, way back in 2009, Gartner was telling us that hypervisor attacks were "inevitable." The truth is that today, in 2014, hypervisor attacks are a reality. In fact, the CVE listing shows 44 of them and some go back as far as 2007. Those old attacks were pretty specialized, of course - one addressed the virtualization in the Xbox, for example - but hackers were thinking about how to exploit those vulnerabilities even then.

With all of that in mind, let's have a look at some of the more interesting products for securing your virtual environment.