The Ripple Effect Of Virtual Security

Virtual Security

Modern networks have expanded. Their components constantly evolve and spawn new attack vectors including endpoints, mobile devices, Web-enabled and mobile applications, virtual infrastructure, data centres, social media, Web browsers and home computers. These networks are complex to deploy, manage and secure. Any gap in protection across this extended network can have a ‘ripple effect’ across your entire IT environment, exposing your organisation to greater security risk.

If you’re like most IT security professionals, you’ve been tasked with doing more with less. Chances are you’ve turned to virtualisation to take advantage of the reduced operating costs, energy savings and increased flexibility to help address fiscal pressures while enabling your business. At the same time, according to a December 2012 Ponemon Institute survey, intrusions and data loss within virtual environments remain among the top three IT security concerns for IT practitioners.

So what can you do to quell these concerns and better protect not just your virtual assets but all of the assets on your extended network? Using best practices and technologies to enable visibility and control across the extended network will help you realise the full benefits of virtualisation while minimising security risks. Here are three recommendations to ensure you’re moving in the right direction.

1. Remove organisational silos

A natural separation of duties occurs in the physical world where server operations own the servers; network operations owns the routers, switches and firewalls; and security owns IT security systems, including intrusion detection and prevention systems and advanced malware protection solutions. In the virtual world, however, management of these devices or functions has been consolidated and offered as part of the virtual infrastructure.

Faced with tight deadlines, many virtual system administrators don’t have the time or resources to involve the network and security groups in the virtualisation process; they simply handle all aspects themselves. But a lack of subject matter expertise can lead to misconfigurations and vulnerabilities.

To better secure virtual environments these teams must work together across virtual environments just as they do across physical environments. By creating working groups with all stakeholders involved, IT teams can collectively assess the architecture within the broader context of the extended network to identify potential gaps in security and then create security policies and zones to close these gaps.

2. Seek security solutions designed for virtual environments

Many organisations rely on their physical appliances to protect their virtual environments and use techniques like ‘hair pinning’ to route virtual traffic to a physical device for inspection and then back. This creates unnecessary latency and management complexity. Appliances designed to operate specifically in virtual environments are easier to deploy and support virtual workflows.

They can also leverage the inherent benefits of virtualisation in a way that physical appliances simply can’t, for example offloading redundant activities, like scanning for malware, to the service virtual machine (VM) or the cloud, further enhancing performance and easing administration. However, just because a security solution is designed for use in the virtual world doesn’t mean it can’t integrate with solutions to protect physical assets. In fact, it should.

3. Target consistent security effectiveness

Securing each component of the modern network with disparate technologies that don’t – and can’t – work together creates gaps in protection. You need a holistic approach that provides consistent security effectiveness across physical and virtual worlds. The ability to monitor, manage and report on security activities across the entire infrastructure from a central console is critical to protecting the extended network.

Further, with the proliferation of advanced malware, visibility to specifically track malware trajectory and behaviour throughout user environments is essential to understand and stop these invasive threats. And solutions that leverage real-time cloud security intelligence to identify and discover the latest threats and vulnerabilities and then automatically and consistently update protections for all assets eliminate any gaps in defences.

The role of virtualisation in organisations will continue to grow. But attackers are savvy. All it takes is one weakness to penetrate the network and accomplish their mission – be it to gather data or simply to destroy. To truly protect our extended networks and eliminate the ripple effect a gap in virtual security creates, it’s time to better defend our weaknesses to strengthen our overall defences.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone
Leon Ward

Leon is a field product manager for Sourcefire. Prior to joining Sourcefire, Leon was involved in the design and development of open source (OSS) Intrusion Prevention Systems. Leon applies his strong background in UNIX security and protocol analysis to overcome the challenges of network security monitoring in the enterprise, specifically in the areas of network intrusion detection, threat mitigation, event analysis and vulnerability assessment. In the little spare time Leon finds, he is the lead contributor to the open source network traffic forensics project OpenFPC (Open Full Packet Capture).