Security Experts:

Keeping Up With Threats in the Virtualized Data Center

Its no secret that modern data centers are in the midst of an ongoing period of very dynamic evolution that has fundamentally changed the speed and efficiency of enterprise computing.

As security professionals it is incumbent upon us to ensure that we deliver the benefits of these changes without undermining the security of the organization in the process. As one might expect, this is a bit easier said than done. At the heart of the issue is the impact of virtualization on network security.

Virtual Data CenterThe Impact of Virtualization on Security

Virtualization has rewritten what is possible in terms of delivering applications and data in a data center. In the past, when IT or a business unit needed a new server, physical hardware needed to be sized, ordered, patched, configured and deployed in the network – it was a process that could take days, weeks or more.

Today, of course, organizations can spin up new servers that can be deployed on server hardware the enterprise already owns in a matter of minutes. Needless to say, this has enabled a previously unimaginable improvement in deployment times and hardware efficiency.

However, this example is actually quite rudimentary by the standards of real-world virtualized data centers. In many modern data centers virtual machines move dynamically between physical appliances based on compute demands, and orchestration software fully automates a variety of workflows related to the deployment and ongoing management of these virtual machines. Again, all of this has enormous benefit not only to the organization, but to the IT team as well. However, these improvements have the potential to lead to painful new security challenges as well.

As virtual machines are deployed and move dynamically, it can be very difficult to ensure that the security policy and protections follow in lockstep. Systems will continue to have their own unique firewalling, intrusion prevention and threat prevention requirements that must be consistently applied regardless of where the virtual machine resides physically. To make things more complicated, as machines move about, it becomes increasingly common for machines of very different trust levels to share space on the same physical machine. This means that not only must security be virtualized to each unique virtual machine, but we must also prepare for the possibility of east-west propagation of threats moving from VMs of lower trust to VMs of higher trust within a host.

In short, the dynamic and flexible nature of virtualization and cloud computing can easily lead to a loss of visibility and control that were sometimes taken for granted in a physical world.

Enter the Unknown

As an industry, we would have our hands full if the problems stopped there, but it doesn’t. Threats and attackers have been innovating just as quickly as virtualization has. IT security threats and malware in particular have become increasingly adept at avoiding traditional signatures. This includes a malware infecting file that can avoid traditional antivirus signatures, as well as obscuring its malware communications in custom protocols, encryption or tunnels. This has changed threat prevention to not only include the “blocking and tackling” of stopping known threats and exploits, but also finding and automatically managing any unknowns in the environment. Obviously if we as an industry are having problems doing even the basics of security in dynamic virtualized environments, it’s no surprise that finding anomalies and unknowns in those same environments is even more daunting.

It is also important to realize that these are not far-fetched, worst-case scenarios. The reality is that the higher value the target, the more customized and sophisticated the attack becomes. For an attacker, the data center represents the crown jewels, offering access not only to vast amounts of data, but also some of the organization’s most sensitive and valuable assets. This creates a very real and troubling situation in which some of the most sophisticated attacks are being directed against resources where our security discipline and controls have potentially slipped.

Taking Control

For this reason alone, it is critically important that we design modern security controls into our virtualized data centers. Policies and enforcement must move seamlessly with virtual machines without fail. Just as importantly, we have to make sure that those controls are up to the task of managing modern traffic and threats, including evasive traffic, unknown threats and policies that can be enforced based on application and user context. Without this focus, we simply trade security for performance, which is not profitable in the long run. Not to mention, most IT professionals have long understood the need to build security into IT by design, only to be saddled by various legacy challenges that make it impractical. As we build the next generation of data centers, we actually have the chance to put our money where our mouth is and build it right. As an industry, we can do better.

Subscribe to the SecurityWeek Email Briefing
view counter
Wade Williamson is a Senior Threat Researcher at Shape Security. He has extensive industry experience in intrusion prevention, malware analysis, and secure mobility. He has extensive speaking experience having delivered the keynote for the EICAR malware conference and led the Malware Researcher Peer Discussion at RSA. Prior to joining Shape, he was Sr. Security Analyst at Palo Alto Networks where he led the monthly Threat Review Series and authored the Modern Malware Review. He has also led the product management team at AirMagnet where he helped to develop a variety of security and network analysis tools targeted to WiFi networks. He has been a steady and active researcher of new threats and techniques used to compromise enterprise networks and end-users.