Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Keeping Up With Threats in the Virtualized Data Center

Its no secret that modern data centers are in the midst of an ongoing period of very dynamic evolution that has fundamentally changed the speed and efficiency of enterprise computing.

Its no secret that modern data centers are in the midst of an ongoing period of very dynamic evolution that has fundamentally changed the speed and efficiency of enterprise computing.

As security professionals it is incumbent upon us to ensure that we deliver the benefits of these changes without undermining the security of the organization in the process. As one might expect, this is a bit easier said than done. At the heart of the issue is the impact of virtualization on network security.

Virtual Data CenterThe Impact of Virtualization on Security

Virtualization has rewritten what is possible in terms of delivering applications and data in a data center. In the past, when IT or a business unit needed a new server, physical hardware needed to be sized, ordered, patched, configured and deployed in the network – it was a process that could take days, weeks or more.

Today, of course, organizations can spin up new servers that can be deployed on server hardware the enterprise already owns in a matter of minutes. Needless to say, this has enabled a previously unimaginable improvement in deployment times and hardware efficiency.

However, this example is actually quite rudimentary by the standards of real-world virtualized data centers. In many modern data centers virtual machines move dynamically between physical appliances based on compute demands, and orchestration software fully automates a variety of workflows related to the deployment and ongoing management of these virtual machines. Again, all of this has enormous benefit not only to the organization, but to the IT team as well. However, these improvements have the potential to lead to painful new security challenges as well.

As virtual machines are deployed and move dynamically, it can be very difficult to ensure that the security policy and protections follow in lockstep. Systems will continue to have their own unique firewalling, intrusion prevention and threat prevention requirements that must be consistently applied regardless of where the virtual machine resides physically. To make things more complicated, as machines move about, it becomes increasingly common for machines of very different trust levels to share space on the same physical machine. This means that not only must security be virtualized to each unique virtual machine, but we must also prepare for the possibility of east-west propagation of threats moving from VMs of lower trust to VMs of higher trust within a host.

In short, the dynamic and flexible nature of virtualization and cloud computing can easily lead to a loss of visibility and control that were sometimes taken for granted in a physical world.

Enter the Unknown

Advertisement. Scroll to continue reading.

As an industry, we would have our hands full if the problems stopped there, but it doesn’t. Threats and attackers have been innovating just as quickly as virtualization has. IT security threats and malware in particular have become increasingly adept at avoiding traditional signatures. This includes a malware infecting file that can avoid traditional antivirus signatures, as well as obscuring its malware communications in custom protocols, encryption or tunnels. This has changed threat prevention to not only include the “blocking and tackling” of stopping known threats and exploits, but also finding and automatically managing any unknowns in the environment. Obviously if we as an industry are having problems doing even the basics of security in dynamic virtualized environments, it’s no surprise that finding anomalies and unknowns in those same environments is even more daunting.

It is also important to realize that these are not far-fetched, worst-case scenarios. The reality is that the higher value the target, the more customized and sophisticated the attack becomes. For an attacker, the data center represents the crown jewels, offering access not only to vast amounts of data, but also some of the organization’s most sensitive and valuable assets. This creates a very real and troubling situation in which some of the most sophisticated attacks are being directed against resources where our security discipline and controls have potentially slipped.

Taking Control

For this reason alone, it is critically important that we design modern security controls into our virtualized data centers. Policies and enforcement must move seamlessly with virtual machines without fail. Just as importantly, we have to make sure that those controls are up to the task of managing modern traffic and threats, including evasive traffic, unknown threats and policies that can be enforced based on application and user context. Without this focus, we simply trade security for performance, which is not profitable in the long run. Not to mention, most IT professionals have long understood the need to build security into IT by design, only to be saddled by various legacy challenges that make it impractical. As we build the next generation of data centers, we actually have the chance to put our money where our mouth is and build it right. As an industry, we can do better.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.