Security Experts:

Connect with us

Hi, what are you looking for?


Cloud Security

Information Superiority – Key for the Virtual Enterprise

Lack of Visibility Into Virtualized Infrastructure Makes Defending It Effectively a Challenge…

Lack of Visibility Into Virtualized Infrastructure Makes Defending It Effectively a Challenge…

CIOs consistently rank virtualization and cloud computing among their top strategic IT initiatives. In fact, earlier this year a study by IDC found that virtualization is the number one priority for CIOs in 2012 with cloud computing second. At the same time CIOs also cite security as the main inhibitor to the adoption of these technologies. Blind spots, Virtual Machine (VM) sprawl, lack of separation of duties, new advanced threats and the dynamic nature of virtual deployments all contribute to their security concerns.

Information SuperiorityMany CIOs have begun to realize the benefits of virtualization from data center deployments—reduced operating costs, energy savings and increased flexibility. But as they look to expand their virtualization strategies to the desktop to drive further value, security concerns compound. In order to reap the substantial benefits virtualization promises, CIOs must be able to move forward with confidence.

So what’s keeping security professionals from being able to secure the enterprise against threats to their virtual environments, just as they protect their physical assets? The challenge is a lack of visibility into and control over virtualized infrastructure to defend it effectively. In essence, they haven’t established Information Superiority over attackers. This becomes particularly challenging as organizations expand their virtualized systems from the data center to the desktop.

To achieve Information Superiority in their virtual environments, security professionals must be able to enforce security policies across both physical and virtual environments. They also must able to establish visibility and control to detect and stop threats targeting virtual infrastructure and the impact of these threats to applications and users.

When considering technologies to help secure the virtual environment, security professionals should look for the following attributes:

Comprehensiveconnecting physical and virtual security elements together. Corporate security and risk management policies as well as compliance mandates demand consistent protection across physical and virtual environments. The ability to monitor, manage and report on security activities across the entire infrastructure from a central console is a critical step in enabling Information Superiority for the virtual enterprise.

Integratedcombining network and application awareness with big data analytics. Threats today are increasingly sophisticated and no aspect of the environment is safe. Integrating total network visibility—including hosts and other devices, applications, services and users—with big data analytics for increased security intelligence helps eliminate the blind spots in security controls that only monitor physical systems for malicious activity.

Intelligentdelivering the right information needed to structure defenses. In today’s resource-constrained IT security departments working smarter, not harder, has become a mantra. The ability for technologies to automatically assess new threats to determine which are relevant and business-impacting helps to focus response efforts and adapt defenses to quickly address changing conditions.

• Continuousresponding completely and systematically across deployed security infrastructure. The hyper-dynamic nature of virtualized environments exacerbates the need for continuous protection. Real-time visibility from the data center to the desktop, automating network security functions and management, and the ability to continuously detect and stop the latest attacks and control the inevitable outbreak are just a few examples of the capabilities needed to help maintain effective protection on an ongoing basis.

Without Information Superiority, implementing effective IT security is much more difficult because of all there is to know about rapidly changing modern physical and virtual network environments. Information Superiority lets CIOs pursue their virtualization strategies to maximize business flexibility, agility and cost savings without losing visibility and control over data integrity, security and business continuity. Technologies that support a holistic approach to IT security, providing the same level of visibility and control from the data center to the desktop and across physical and virtual systems, enable organizations to achieve Information Superiority and realize the full benefits of virtualization.

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies, including Valtix.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Cloud Security

Orca Security published details on four server-side request forgery (SSRF) vulnerabilities impacting different Azure services.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cloud Security

Cloud Disaster Recovery - Ingredients for a Recipe that Saves Money and Offers a Safe, More Secure Situation with Greater Accessibility