Skip Links

Network World

  • Social Web 
  • Email 
  • Close

VMs You Can't See Can Definitely Hurt You

By Edward L. Haletky , CIO , 06/27/2008

Recently Verizon Business released its 2008 Data Breach Security Report, summarizing the results of four years of forensic research into more than 500 security incidents. While it doesn't focus on server virtualization specifically, it does illustrate a lot about virtualization security as well.

Of the attacks in the report, 73 percent came from outside the organization, 18 percent were internal, and 39 percent involved business partners. Another 30 percent involved collusion between multiple parties (hence why the numbers do not add up to 100 percent).

This is ground breaking information; the common wisdom has been that an average of 70 percent of all attacks come from the inside.

This report indicates that may no longer be true. Instead, it shows that the highest risk to the datacenter is from files compromised by business partners, followed closely by the insider with the external source a distant third.

Measures of impact follow the same pattern. Compromised data records can be assigned a value according to how critical their data is to the company; since insiders and partners have most direct and frequent access to the most valuable files, the report finds those two groups also hold the greatest power to cause havoc.

Even more important, however, is what the report finds that the victims hadn't. In a significant number of cases-listed as the 'Unknown Unknowns' category-the victimized organization either didn't know it owned the system that was compromised (7 percent), or did not know the data was stored on the system that was hit (66 percent).

Other attack paths came from unsuspected connections to a system (27 percent), or unknown, inappropriate privileges on the system (10 percent).

So why is this important to virtualization security?

The answer lies in the nature of the virtual infrastructure: It is very easy to create a system (unknown system), on a virtual network that you just created (unknown network), and place upon that system sensitive data (unknown data), granting rights to that data to anyone (unknown privileges), without much, if any indication that you'd done it.

As a matter of fact all that can happen within 10-30 minutes and the security team would be completely in the dark.

It is very important for security teams to fully understand virtualization, its security, and how to audit the system to catch such actions. At the moment not many tools exist, but simple read-only access to the virtualization management tools can give the security team the ability to run audits. While the tools are cool, the report states that there is nothing like good old fashioned eyeballs.

Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.

Download the white paper.

Unauthorized applications: Taking back control

Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?

Download the white paper.

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library. Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.

Whitepapers

Advancing the Economics of Networking

Aging network systems and old habits have dictated how businesses spend their IT budgets. As a...

Implementing HA at the Enterprise Data Center Edge to Connect to a Large Number of Branch Offices

This paper reviews the problem of creating a network where the dynamic availability of services is...

Enterprise Data Center Network Reference Architecture

Using a High Performance Network Backbone to Meet the Requirements of the Modern Enterprise Data...

Webcasts

PoE Plus: Impact on the PoE Market

The standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...

Harnessing the power of communications to increase workplace performance

Due to the convergence of IT and telecommunications technologies, the business workplace has been...

Stay out of the headlines: Detecting and preventing network intrusions

How do YOU stay out of the headlines? There is no denying that risk exists in our computer-driven...

Special Reports

The Evolution of Network Security

We have so many holes punched in our firewalls today that many industry insiders question the value...

IP address management in 2008 - six things to know

Read this Network World Special Brief to learn how Enterprise IT managers must update their...

The self-managed network

We aren't there yet, but advances in network and systems management tools are making it possible to...