Virtualized infrastructures demand a new approach to security
As enterprise IT continues to evolve, enterprise security must evolve in parallel. Today's architectures promise greater performance, flexibility, and scalability...but also introduce new complexities from a security standpoint. These must be addressed for the intended business value to be obtained.
Virtualization is a great example of this dual situation at work. Organizations use solutions such as VMware vSphere to run multiple virtual servers simultaneously on a shared platform, and in this way, have achieved impressive benefits—higher hardware utilization with lower energy costs, for instance. But because the hardware environment is shared, many security ramifications emerge that didn't exist before.
Imagine that an exploit succeeds in compromising one virtual server; the attacker might now use that server as a platform to attack the other servers on the same host. Exploits that compromise a host's hypervisor (which is used to link all virtual servers to the underlying hardware) could potentially threaten every service using the same hypervisor.
And because new virtual servers are created far more rapidly and unpredictably than ever before, to meet dynamically-changing workload spikes, IT has a correspondingly more difficult challenge in tracking and securing them.
IBM Security Virtual Server Protection for VMware: Smarter security for virtual servers
"VSP for VMware also helps prove the infrastructure is secure. This is particularly relevant in the context of compliance initiatives—a significant concern for security managers today."
Enter IBM Security Virtual Server Protection for VMware (VSP for VMware). This powerful solution addresses every one of those complexities—and many more besides—giving IT a straightforward way to secure virtual servers, all from a single point of control.
Like the other members of the IBM Security portfolio, it is intrinsically proactive in its design – it helps preclude security breaches from occurring in the first place. It accomplishes this by integrating seamlessly with VMware vSphere and other IBM security solutions. It thus plays a role in creating a layered, customized security architecture that can better shield an organization's infrastructure against the full array of threats, both known and unknown.
In fact, it’s reasonable to characterize this solution as playing a key role. Virtual servers comprise the heart of IT operations; increasingly they are used to drive significant business-critical services, both internal and external.
VSP for VMware addresses the new virtualization security gaps that cannot be addressed by traditional security products. This comprehensive security for virtual servers helps organizations realize the business value of virtualization and demonstrate compliance, while lowering the overall cost of operations.
Rootkit detection, firewalls, and intrusion prevention: Multiple security layers
Fortunately, in the area of comprehensive security, VSP for VMware really delivers the goods.
Consider, for instance, that it provides a unique and uniquely effective form of rootkit detection. Rootkits are a particularly problematic class of malware commonly used to leverage root (complete) privileges on exploited systems. Compounding this problem is the fact that they also commonly include special code designed to make it difficult for the affected system to detect or counteract their activity.
VSP for VMware, however, can detect rootkits from outside the affected system. This design not only enhances overall security and provides the convenience of a centralized monitoring platform, but also prevents the rootkit from disabling the monitoring process.
Also included in the solution is a dedicated firewall technology, specifically intended for a virtualized context. This can be used to segment networks into virtual clusters, isolating one from another, and as a result, preventing security breaches from spreading across them. This isolation is granular, too; it can be used to isolate even a single virtual server, essentially shutting off all network access to it or from it until any discovered security issue can be resolved.
Beyond creating de facto gates (firewalls), the solution also delivers transparent intrusion prevention to secure the logical areas between those gates. This feature inspects network packets in real time, looking for violations of security policies and taking automatic action in the event a violation is found.
One impressive result: virtual servers can be shifted from one host to another, and yet the security policies that govern them will automatically shift with them as well.
In this context, just as with firewalls, the solution delivers impressive granularity. How? VSP for VMware can analyze traffic between virtual servers that share a host. This is a key feature not available from traditional intrusion detection systems, and helps eliminate what would otherwise have been a major blind spot for IT security.
Furthermore, when new virtual servers are created, they are automatically discovered—helping to prevent a new server from being deployed in an insecure manner.
Security patch management and auditing: Stay a step ahead of complexities
Security patch management is also significantly enhanced, and for most organizations, that couldn't come at a better time.
As security attacks become more sophisticated and multifaceted—in some cases, utilizing multiple strategies to create a single exploit—the importance of security patch management becomes more important in proportion. Unfortunately, patches may take weeks or months for vendors to develop and release, and even when they're available, organizations may not know that, and may not apply them instantly. (And all too often, security vulnerabilities are never patched at all).
Fortunately, VSP for VMware includes IBM's response to that problem: Virtual Patch. This technology shields vulnerabilities from exploitation independent of a software patch and provides the security you need to eliminate the patching fire drills for new threats. This delivers improved protection against vulnerabilities until such time as a vendor-specific patch can be obtained and installed.
Finally, in addition to helping secure the virtualized infrastructure far more comprehensively than ever before, VSP for VMware also helps prove the infrastructure is secure. This is particularly relevant in the context of compliance initiatives—a significant concern for security managers today. It's not enough just to achieve regulation compliance; organizations also need to be able to demonstrate that compliance on demand, during an audit.
One class of important information in such a situation is the specific actions, going back in time to any given point, that have been taken by IT staff themselves as they administer the virtualized infrastructure and all of the services it drives.
Because regulations specify how sensitive information should be monitored and managed, it's important that IT security solutions acknowledge and mitigate the potential for abuse by these privileged insiders by tracking their activity.
VSP for VMware does exactly that by logging key actions taken by IT administrators, including VMotion events that shift services across hosts, as well as virtual machine state changes (such as starting, stopping or pausing servers) and login activity.
This information, analyzed and compared against both internal security policies and government regulations, can then play a central part in generating reports required for an audit.