Deployment of products that transform physical servers into “virtual machines” has resulted in nothing short of a data center revolution. But virtualization of everything from operating systems to applications increasingly has critics asking: Where’s the security?
“Traffic is going from virtual machine to virtual machine,” points out Neil MacDonald, vice president of research firm Gartner. “Where's the monitoring, the intrusion-detection and protection?”
MacDonald says that only a handful of security vendors — Blue Lane Technologies, Reflex Security and StillSecure among them — have adapted the capabilities of their appliances to work as software-based shields in virtualization software from vendors that include VMware, XenSource and Virtual Iron.
| Virtualization security tips | ||||||||
|
The traditional security industry has been largely oblivious to the radical changes wrought by virtualization, which is fast moving from development to production environments, says Andreas Antonopoulos, senior vice president and founding partner at Nemertes Research.
"We’re at a crossroads,” he says. “We will either end up messing up the virtualization market because of the security failure or revitalizing the security market for the future.”
In a paper he recently published titled "Secured Virtualized Infrastructure: From Static Security to Virtual Shields,” Antonopoulos notes: “Virtualized servers need to be protected from the outside world, but they also need to be protected from each other.
“If a single server in the pool is infected with a rapidly propagating threat, then it will be able to cross-infect all other servers that contain the same exposed vulnerability.”
Antonopolous says in most instances it is possible to deploy traditional antivirus, spam and other security software in servers and desktops based on virtual machines.
“But in a virtual-machine environment, it creates a performance overhead on the CPU utilization,” he says, that can range from 5% to as high as 50%. “Go ahead and do it anyway, but pressure your security vendors to offer these things in the hypervisor [the software-based switch for the virtual machine]."
Today, most enterprises deploying virtualization servers do it mainly for server consolidation, and security strategies typically revolve around using VLANs “to compensate for the lack of security virtualization,” Antonopoulos says.
But he says the VLAN approach is “far from ideal” since the security devices are static and cannot respond to changes in the virtual servers. VLANs won’t scale for large organizations, and he adds: “The disadvantage is that VLANs are difficult to manage and they are too coarse-grained to use as security controls.”
Rss FeedRss Feed
The Leader in Network Knowledge
Comments (3)
Hypervisor management and other virtualization issuesBy Anonymous on May 3, 2007, 2:17 pmEllen - This is a great article. The team at Egenera has been working on managing hypervisors for over 3 years. Re: Virtual security virtually missing. We...
Reply | Read entire comment
Whats missing is VM to VM security controlsBy John Peterson on February 1, 2008, 1:06 amGreat article indeed and it was a pleasure talking with Ellen when she interviewed a number of us for this story. One comment I'd like to make publicly is that...
Reply | Read entire comment
Sourcefire Virtual Intrusion Detection & Prevention SystemBy Anonymous on September 10, 2009, 9:58 amSourcefire has come out with IDS/IPS for virtual environmetns: http://www.sourcefire.com/solutions/etm/virtualization
Reply | Read entire comment
View all comments