Virtualisation Security Myths – Busted!

The requirements from today’s modern business, mean that the demands on virtual infrastructure and networks are ever growing. Virtualisation is becoming an increasingly mission-critical part of IT infrastructure...

KL-Data-Breaches-300x208

The requirements from today’s modern business, mean that the demands on virtual infrastructure and networks are ever growing. Virtualisation is becoming an increasingly mission-critical part of IT infrastructure and a growing platform for managing customer data, financial transactions, and the applications that businesses use every minute of every day. This reliance on the virtualised environment has moved the issue of how to secure it higher up the business agenda, with Kaspersky Lab research suggesting that for 21 per cent of enterprise-level IT managers, it is one of their top three IT security priorities.[i]

It is therefore imperative that virtual environments work as planned and are secure for modern businesses to be successful. Despite this, however, securing a virtual network is still something of a dark art, and all too often businesses apply security measures developed for physical machines, which can leave the business exposed to a whole raft of risks – from performance issues to security vulnerabilities.

With this growing global focus on virtualisation in mind and in a bid to ensure businesses stay protected whilst getting the most from their investment, we’d like to highlight a few common misconceptions about virtualisation security, to guide CIOs and their IT managers towards smarter decisions about their IT security policies.

“I don’t need additional security. The endpoint security software I use to protect my PCs, mobile devices and servers can protect my virtual environment too.”

This is a very common perception, and can be the root cause of many challenges that IT departments face while trying to secure their virtual network. Most traditional endpoint security solutions aren’t virtual-aware.  So while they may provide the same protection they deliver on physical systems, they do so at the expense of performance – for example, having to download updates separately for each and every virtual machine.

“It may not be perfect, but my existing anti-malware doesn’t interfere with the operations of my virtual environment”

It does, and performance issues can create security gaps that didn’t exist before.

Traditional endpoint security uses what’s known as an agent-based model where each physical and virtual machine gets a copy of the security program’s agent and this agent communicates with the server while performing its security tasks. This works fine for physical machines, but if you have 100 virtual machines, this means you have 100 instances of this security agent plus 100 instances of its malware signature database running on a single virtual host.  This high level of duplication impacts performance, wastes storage capacity and can result in a time-lag between boot-up and protection of the virtual machines.

“Virtual environments are inherently more secure than physical environments”

This just isn’t true.  Remember, virtualisation is designed to allow software, including malware, to behave as it normally would. In the end, malware-writers will target any and all weak points in a business network to accomplish their criminal goals. As virtual networks become hosts for more critical business operations, the bigger the target they’ll become.

Take into consideration the data held on your virtual network; it’s just the same as it was on your physical machines.  Virtual machines may be gateways to a server, or the server itself may be a virtual machine. Either way, the cybercriminals want access to the data.  If an attacker compromises one virtual machine, it’s possible for them to replicate their code across all virtual machines on the same physical server, further maximising their opportunity to steal important business data.

Using non-persistent virtual machines is an effective way to secure my network.”

In theory, this makes sense, as any machine that encounters malware is wiped away and recreated cleanly, something that happens with virtual desktop infrastructure every day.  But security firms have begun seeing malware that is designed to survive the “tear-down” of individual virtual machines by spreading across a virtual network, allowing it to return when new virtual machines are created.

If the policy allows new machines to be easily created on-demand, this can also result in “virtual machine sprawl,” where a virtual machine could be created and forgotten, creating the risk of unmaintained virtual endpoints operating outside your IT department’s knowledge or control.

Even if the rest of your virtual machines are secure, it’s possible for one virtual machine to “eavesdrop” on the traffic to another, creating a privacy and security risk. And even a ‘non-persistent’ infection can compromise sensitive information (a login or password, for example). Not to mention the fact that most virtual machines are “persistent” servers, meaning they’re not shut-down even in the event of a security threat.  Recent research found that more than 65 per cent of businesses worldwide will have some form of server virtualisation within the next 12 months, and these servers need to be “on” all the time for the business to function, so the “tear-down” approach to security isn’t viable in this situation.

“If I decide to use a specialised virtual security program, they’re all more or less the same.”

Most traditional endpoint security measures take an agent-based approach, but a virtualised environment needs flexibility to ensure total protection. In many cases this will be a blend of agent-less and light-agent security, to provide advanced protection for a whole spectrum of different virtual environments – including VMware, Citrix and Microsoft. There is no one-size-fits-all solution and the right application, or combination of applications, depends entirely on what you’re trying to protect. A non-web-connected server is going to have entirely different security needs to a virtual desktop or a server that manages customer information.

The agent-less model offers performance advantages by performing security tasks away from the virtual machine.  This means, for example, that you only need to download anti-virus updates once, for all virtual machines.  But there are limits to the ability of agent-less software to perform advanced security management and network protection tasks on virtual endpoints. A light-agent solution, on the other hand, can offer the best of both worlds over existing agent-less and agent-based security models by combining centralised control with extra security features, including application controls and web usage policy enforcement, to virtualised environments.

Specialised software and expertise is required to build and maintain a virtual network.  So as virtualised environments become a standard feature of the business environment, it is critical that businesses deploy appropriate solutions that allow growth but maintain security.

For more information about Kaspersky please visit – www.wickhill.com/kaspersky

[i] B2B International IT Survey Risks Survey (March 2014)

Kirill Slavin, UK General Manager and David Emm, Senior Security Researcher at Kaspersky Lab

In this article

Join the Conversation