When Kaspersky Lab asked business professionals about their “IT Security Priorities” for the next 12 months, 21% of Enterprise-level IT managers said securing virtualised infrastructure was one of the top 3 items on their “to-do” list. This new-found focus on virtualisation security for businesses is the result of virtual machines being created to handle more critical data and tasks than in previous years.
Says, Riaan Badenhorst, MD and head of Operations for Kaspersky Lab Africa; “Virtualization is no longer a “good thing to have,” or strictly a tool for IT department testing. Rather, it is becoming a mission critical business tool and so it’s imperative that virtual environments work as planned, where they have to be secure for modern businesses to be successful.”
With this growing global focus on virtualisation in mind, Kaspersky Lab has identified a few common misconceptions about virtualisation security – all of which will hopefully help CIOs and their IT managers make smarter decisions about their IT security policies around virtualisation.
The common myths include:
* The endpoint security software used to protect PCs and servers can as effectively handle protection of the virtual environment.
Reality: This is a very common perception, and can be the root cause of many challenges that IT departments will face while trying to secure their virtual infrastructure.
Most traditional endpoint security solutions are “virtual-aware” and can provide protection for virtual environments, but it will impact performance, especially in large deployments, and can create havoc within a network. However, even worse, traditional endpoint security software can create security gaps that result from slowing down the network.
Therefore, it is essential to utilise specialised security virtualization solutions that protect virtual environments without impacting performance of the network.
* Existing anti-malware doesn’t interfere with the operations of the virtual environment.
Reality: It certainly does, and the performance issues noted above can actually create security gaps that didn’t exist before. Traditional endpoint security uses what’s known as an “agent-based” model. It means that each physical and virtual machine has a copy of the security software on it.
This works fine for physical machines, but if you have 100 virtual machines, this means you have 100 instances of these security agents, as well as 100 instances of its malware signature database running on a single virtual host. This high level of duplication wastes storage capacity, and can create some of the security problems that were to be fixed in the first place.
In this model, if a dozen of virtual machines simultaneously start running a normal security scan, all the other applications on that hypervisor will be slowed down. This applies to other aspects of security as well. If malware is detected in a network, and the policy dictates all machines should scan for infection, the virtual network will grind to a halt and limit ability to find the malware.
Even the routine task of updating the 100 different anti-malware databases can create network traffic jams (known as Update Storms) if they’re conducted all at once, meaning some virtual machines can be unprotected from the latest threats for hours during the “staggered” release of updates.
Furthermore, consider the 08h30 start of a workday, when dozens of virtual machines are activated simultaneously. These machines haven’t received updates since they were “shut down” the night before, which means each machine is trying to pull-down the latest anti-malware updates simultaneously as well. And until these updates travel through the jammed virtual host, a process which can take a lot of time, these virtual machines are all vulnerable to yesterday’s threats.
* Virtual environments are inherently more secure than physical environments. Reality: This just isn’t true. Virtualization is designed to allow software, including malware, to behave as it normally would. In the end, malware-writers will target any and all weak points in a business network to accomplish their criminal goals. And the more virtual networks become hosts for critical business operations, the bigger a target they’ll become.
Just think of the types of data virtual network touches. If an attacker compromises one virtual machine and finds a way to jump to the hypervisor, and the attacker now has access to every virtual machine on that host. In addition to virtual desktops, the attacker could potentially gain access to any virtual data-backup or storage, effectively giving the attacker access to all of a business’s data.
* All virtual security solutions are the same.
Reality: There are actually a handful of different approaches to virtualization security, and your infrastructure will probably need a blend of available options. The above examples were about how “agent based” security relies on processing security on each individual endpoint, and hopefully IT managers and CIOs have decided that the “agent-based” model used by traditional endpoint security isn’t optimal for their virtual infrastructure.
However, the right application, or combination of applications, depends entirely on what is about to be protected. A non-web-connected server is going to have different security needs than a virtual desktop of a server that manages sensitive information. So along with “agent based” two different types of virtualization security, known as “agent-less” and “light agent”, should be reviewed to make the right choice for a specific virtual infrastructure.