04:45 PM

The Right Security Tools

To bring VM sprawl under control, virtual deployments need the same controls as physical deployments.

Sure, security risks to your virtual systems exist. Some are rare, like virtual rootkit attacks and other theoretical vulnerabilities. Others are more practical, such as the potential loss of visibility into intraserver network traffic on a physical host. And because it's so easy to deploy virtual machines, it's easier than ever for servers to spawn like dandelions--so-called VM sprawl. This creates the risk of unauthorized, rogue servers being deployed.

But these risks are no different than the risks organizations face every day securing their physical networks. To bring VM sprawl under control, virtual deployments need the same controls as physical deployments. Server-hardening practices, penetration tests, and whatever procedures are followed by physical deployments must be followed by virtual ones. When it comes to securely introducing and managing virtualization to production environments, success in enforcing these basic practices is half the battle.

Security success has always involved the right mix of smart people, good processes, and solid technologies. What's made virtualization security different is that, until recently, few virtualization-specific security and management tools were available to get the job done. Fortunately, startups are rapidly filling this void.

InformationWeek Reports

Consider newcomers Altor Networks and Fortisphere. Both promise to help keep those sprouting VMs under control. Altor's Virtual Network Security Analyzer spots and manages virtualized network traffic, while Fortisphere's operational life cycle manager, Virtual Insight, inspects, tags, tracks, and reports on all virtual machines as they move throughout preproduction and production systems.

George V. Hulme

A number of startups are promising to bring established network security tools to the hypervisor.
Another startup, Blue Lane Technologies, provides virtual patch and security protection for hosted VMs as well as physical servers--a useful shield to help calm the maddening patching process.

One of the unique challenges to securing virtualized environments is the loss of visibility by traditional network security tools into intrahost VM traffic (see story, "Virtualization Has A Security Blind Spot"). As a workaround, many companies segment their intraserver traffic and route it to their wired network where it can be vetted by traditional intrusion-prevention systems, anti-malware software, and traffic analyzers.

This is a kludgy solution at best. What's needed is a way to bring those established network security tools to the hypervisor, and a number of startups are promising to do just that.

Catbird Networks' HypervisorShield protects the hypervisor management network from unauthorized access. The company also provides what it calls a VMware hypervisor-specific intrusion-prevention system for virtual subnets, so companies routing virtual traffic out to the physical wire may not have to perform such LAN gymnastics any longer. And Montego Networks' HyperSwitch integrates network policy enforcement and access control into virtual switches for policy-based virtual network partitioning and switching, as well as load balancing.

Then there's Reflex Security, an old-school IPS vendor that recently retooled itself to specialize in virtualization security. Its Virtual Security Appliance profiles virtualized assets and traffic flows and offers intrusion prevention, anti-malware, and other security capabilities to the hypervisor.

While business will have to keep an ear open for those theoretical hypervisor vulnerabilities, they'll want to keep both eyes focused on operational controls and choosing the virtualized security systems that make sense for their environments.

Illustration by Dan Page

Return to the story:
Virtualization Has A Security Blind Spot

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Google in the Enterprise Survey
Google in the Enterprise Survey
There's no doubt Google has made headway into businesses: Just 28 percent discourage or ban use of its productivity ­products, and 69 percent cite Google Apps' good or excellent ­mobility. But progress could still stall: 59 percent of nonusers ­distrust the security of Google's cloud. Its data privacy is an open question, and 37 percent worry about integration.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.