5 Myths of Virtualization Security: You May Be More Vulnerable Than You Think
Virtual machines are just gateways to a server, and the cybercriminals want access to the data on those servers. An attacker who compromises one virtual machine and finds a way to jump to the hypervisor then has access to every virtual machine on that host. In addition to virtual desktops, the attacker potentially could gain access to any virtual data backup or storage.
Jun 11, 2014 6:38 AM PT
Businesses increasingly are relying on virtual machines to handle more critical data and tasks than ever before. The reality is that virtualization is growing as a platform for managing customer data, financial transactions and the applications that businesses use. Simply put, virtualization is a core component of today's mission-critical IT infrastructure.
However, while the increased reliance on virtualization is very real, many businesses are misguided about their security needs in this environment. There are several myths that have serious consequences that can impact performance and leave organizations vulnerable to an attack. Understanding these issues can help you make smarter decisions about your business' virtual environment.
Myth No. 1: My Existing Endpoint Security Will Protect My Virtual Environment
While most traditional endpoint security solutions are virtual-aware and provide some low levels of protection for virtual environments, this protection is too limited. It simply isn't enough to cope with modern threats. Also, the performance brain, especially in large deployments, can cripple your virtual machines.
Depending on the virtualization platform used -- VMware, Citrix, Microsoft, etc. -- your traditional endpoint security suite probably can recognize virtual endpoints. In many cases, however, this physical software can't bring its full toolset of antimalware to the virtual world, and it can perform only basic tasks, like on-access scanning. Worse, traditional endpoint security software can create security gaps as a result of slowing down the network -- like security being disabled altogether.
Myth No. 2: My Existing Antimalware Doesn't Interfere With My Virtual Environment Operations
The truth is, it does. Performance issues actually can create security gaps that didn't exist in your physical environment.
Traditional endpoint security uses an agent-based model. Basically, each physical and virtual machine has a copy of the security program's agent on it, and this agent communicates with the server while performing its security tasks.
This works fine for physical machines, but if you have 100 virtual machines, then you have 100 instances of this security agent plus 100 instances of its malware signature database running on a single virtual host server. This high level of duplication causes massive performance degradation and wastes tons of storage capacity.
In this model, if a dozen of your virtual machines simultaneously start running a normal security scan, all the other applications on that hypervisor will be slowed down. This applies to other aspects of security as well.
If malware is detected in a network and your policy dictates all machines should scan for infection, your virtual network will grind to a halt and limit your ability to find the malware. Even the routine task of updating the 100 different antimalware databases can create network traffic jams (known as "update storms") if they're conducted all at once.
In other words, some virtual machines could be unprotected from the latest threats for hours during the staggered release of updates.
Also, consider the start of your workday, when dozens of virtual machines are activated simultaneously. These machines haven't received updates since they were shut down the night before, so each machine is trying to pull down the latest antimalware updates. Until these updates travel through your jammed virtual host -- a process that could take hours -- these virtual machines are all vulnerable to security threats.
Myth No. 3: Virtual Environments Are Inherently More Secure Than Physical Environments
This just isn't true. Virtualization is designed to allow software, including malware, to behave as it normally would. Malware writers will target any and all weak points in a business' network to accomplish their criminal goals.
Just think of the types of data your virtual network touches. Virtual machines are just gateways to a server, and the cybercriminals want access to the data on those servers. An attacker who compromises one virtual machine and finds a way to jump to the hypervisor then has access to every virtual machine on that host.
In addition to virtual desktops, the attacker potentially could gain access to any virtual data backup or storage, effectively gaining access to sensitive business data. Such high-value targets are exactly what today's cybercriminals are looking to compromise.
Myth No. 4: Using Non-Persistent Virtual Machines Is an Effective Way to Secure a Network
In theory, this makes sense. Any machine that encounters malware is wiped away and recreated cleanly, which is what happens with virtual desktop infrastructure every day. However, we now are seeing malware that is designed to survive the teardown of individual virtual machines by spreading across the virtual network, allowing it to return when new virtual machines are created.
A policy of being too eager to create new machines on demand also can result in virtual machine sprawl, which occurs when virtual machines are created but then forgotten. This leads to an unmaintained virtual endpoint operating without your IT department's knowledge.
Even if the rest of your virtual machines are secure, it's possible for one virtual machine to eavesdrop on the traffic to another virtual machine, creating a privacy and security risk.
Myth No. 5: All Specialized Virtual Security Programs Are More or Less the Same
There are actually a handful of different approaches to virtualization security, and your network will probably need a blend of available options. Agent-based security relies on processing security on each individual endpoint. Hopefully, you've decided that the agent-based model used by traditional endpoint security isn't right for your virtual network.
Do you know the difference between two other types of virtualization security, known as agent-less and light agent? If not, you're not alone. The right application or combination of applications depends entirely on what you're trying to protect. A non-Web-connected server is going to have entirely different security needs than a virtual desktop of a server that manages customer information.
Proper security is vital with virtualization becoming a critical component of a business' IT infrastructure. By gaining an understanding the myths and realities associated with it, you will be better equipped to secure your mission-critical virtual environment.