HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 8 MINUTES AGO.
You are here: Home / Data Security / Virtual Servers Need Protection, Too
82% of the Fortune 500
Use BMC for innovative solutions & competitive business advantage.
Contact BMC to learn more.
Virtual Environments Need Protection from Attackers
Virtual Environments Need Protection from Attackers
By Peter Piazza / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
FEBRUARY
28
2008

Servers use only a small percentage of their capacities to store data or run applications. Virtualization technology allows multiple applications to run side by side on the same machine. This allows companies to consolidate as many as 20 servers into one machine that could be running databases, e-commerce applications, and a Web server simultaneously.

The return on investment is clear just from hardware costs and lower electrical costs (an estimated 2.5 percent of all U.S. power consumption is for data centers). At the same time, virtualization allows new servers to be put into a production environment very quickly, helping to realize savings on time and manpower.

But virtualized environments face the same threats as physical environments, plus some unique challenges. Jason Yuan, group manager for product management, at security firm McAfee told us that companies looking to realize cost savings by storing data virtually need to be aware of these risks.

Virtual Risks

"One of the benefits of virtualization is being able to create a disaster-recovery backup," Yuan said. In fact, creating a backup can be done with nothing more than a right-click of the mouse. The backup image is typically stored offline on network-attached storage (NAS) or a storage-area network (SAN) until it's needed, then it's plugged directly into the production environment. That's where trouble lies.

"On the day of the backup there might not be a vulnerability, but six months later there may be some vulnerability that was uncovered in that operating environment or the applications that are running," Yuan explained. If that happens, the network becomes attackable the moment it's brought online. Yuan has seen it happen; a backup that had a vulnerability that didn't exist three months earlier was brought online, and was immediately infected by a worm that shut down thousands of machines.

"Virtualization requires the same security as a physical system," Yuan said, including antivirus, intrusion-protection and intrusion-detection systems. It also poses some unique threats. For example, the virtualization application itself is software that can be attacked. "Last year, the number of vulnerabilities associated with the virtualization environment doubled compared to 2006," Yuan noted.

Real Protection

So before moving precious data into a virtual environment, take a look at the protection available. McAfee announced this week a host of products and services that address security issues in the virtualized environment. It's embedding VMSafe, a set of APIs from virtualization giant VMware, into its security offerings. Yuan said that will allow McAfee to provide security "underneath the operating environment, so we can monitor and protect better than the physical environment."

McAfee has also built a new Email and Web Security Virtual Appliance for the VMware platform to better protect virtualized environments while giving organizations the same cost benefits as other virtualized applications. Later this year McAfee will launch a product that will open offline images and ensure they're protected before being put into the production environment.

Yuan said McAfee is also working to integrate its other offerings, such as encryption and data-loss prevention, into the virtualized environment. IntruShield, a network-based intrusion-prevention solution, is already effective against VMWare attacks, he said.

McAfee also announced an update of its virtual infrastructure security assessment service, McAfee Foundstone Professional Services. "It's a risk-assessment service for anyone who wants to perform a virtualized deployment," Yuan said. The technology-agnostic service has already been working with Fortune 500 companies and is aggregating best-practices tips into the updated service, Yuan said.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
BMC's shared success is built on 6 fundamental principles: 1) An Intuitive User Experience 2) Agile Application 3) Actionable Intelligence 4) Adaptive Automation 5) Compliance & Risk Mitigation 6) Optimized Infrastructure & Cost. Contact BMC to learn more.
MORE IN DATA SECURITY
Product Information and Resources for Technology You Can Use To Boost Your Business

ENTERPRISE HARDWARE SPOTLIGHT
Making a major change to its usually staid design philosophy, HP unveiled an all-in-one PC with built-in projector and surface-enabled touch, designed to make 3D scanning and printing easy.
© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.