Skip Links

How smarter hypervisor use can lead to a 'big, big change' in security

By George V. Hulme, CSO
January 19, 2012 10:35 AM ET

CSO - To gain insight on the months ahead as they relate to IT attacks, malware, cloud security, and the impact of virtualization on security, we recently chatted with Simon Crosby, former CTO of Citrix Systems' data center and cloud business. Crosby recently founded a cloud security startup, Bromium, with Guarav Banga, former CTO and senior vice president at Phoenix Technologies, and Ian Pratt, chairman of Xen.org and co-founder of XenSource.

What do you think 2012 may bring in terms of malware?

Crosby: I think you will see, obviously, a growth. By the way, the growth path in malware is currently exponential per year. That will continue. That's obvious. I think you'll see, in the U.S. large enterprise and maybe even in the federal infrastructure, another major compromise next year. It will be incredibly bad and incredibly embarrassing. That is, to say, very succinctly, we are now in a state of ongoing national cyber espionage. It's not cyber war, but it's cyber espionage on a grand scale. That's absolutely going to carry on. However, I do think the year ahead heralds a fantastic opportunity. It will be the first time when virtualization hardware and its uses within computer systems, generally, dramatically change the odds in favor of security.

How is that?

Crosby: We're in a really bad state in the traditional IT world. Here's a good example. I was sitting with a very large military organization and they tell me that they are required to have two of everything. Two firewalls. Two web application firewalls. Two endpoint security measures. The question is, why two? They have to have diversity of vendors. Then they can have some degree of certainty that they will have more protection. Is two good enough? They don't know.

Wait a minute, just to understand, they have two of each in-line? Two WAFs, two --

Crosby: Right. That's merely a sign of how desperate the times are. The existing approach, blacklisting, is broken. Whitelisting is very useful for the stuff you know. While you can tell that the programs that you use, your applications and your operating system, are in a certain state, you can't tell what's going to happen when they process bad data. That's what happens when you get attacked. Your browser is not malicious. It's just that when your browser happens to go to a particular website and pick up a particular attack, then it's going to attack. Whitelisting is great. It just can't go far enough because it has no way of reasoning about the unprecedented use of code.

If you look at the various vendors who have been trying to get there, I think if you look at various segments of the industry, we're all trying to get to the same place. And that is a more trustworthy, more reliable infrastructure.

Where is that, and how do you think they get there?

Crosby: Look at it this way. The desktop virtualization vendors are trying to go for this path whereby the virtual desktop is more secure. It is, in many respects, because it's centralized. It's not because it doesn't deal with the attack coming in through the browser, say. The traditional endpoint security guys or network security guys are trying to produce ever-better detection methods. Now we've gotten to the point where they're deploying fuzzy logic, which by the way doesn't inspire me. Fuzzy logic is not a good way of inspiring trust in a customer. Then you have the DLP folks, who are trying to sneak ever more invasive controls on the desktop. The problem is a good attack can get by them.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News