Home » Technology » Data Center » New tools minimize risk to virtual servers
Virtualized servers are often considered more secure than physical servers.
But the reverse may be true.
“Cloud and virtualization alone do not add security,” said Tim Erlin, director of IT security and risk strategy for cybersecurity expert Tripwire. “In fact, without additional controls, they increase the risk.
Vendors are addressing this growing need by developing tools that focus on protecting the virtual environment. These resources provide security at the hypervisor level, which coordinates protection throughout a virtual network. Older methods focus on protecting individual machines and are less effective and efficient.
Questions regarding risk and virtualized servers have been more prevalent as organizations rely increasingly on them.
When they were first introduced, virtualized servers were largely immune from attacks because they were not in common usage and therefore largely off the radar of hackers. That changed in 2012 when cybercriminals first targeted virtual machines with Trojan viruses called Morcut and Crisis.
“The ill-formed conclusion that virtualization makes servers more secure comes from the early days of virtualization, when it was more secure because it was more obscure,” said Todd Morris, CEO, BrickHouse Security. “Five years ago, malware wasn’t designed to attack virtual systems. But, once virtualization became the norm, people wrote exploits specifically targeting virtualized systems.”
Meanwhile, hackers have expanded their repertoire for creating breaches in virtualized environments.
Some malware, including Kido and Conficker, can jump among virtual machines and their hosts. Turning off a host or deconstructing a virtual machine will not destroy the malware or halt an attack.
“Current threats may attack the hypervisor (which lets hardware share resources in a virtual environment) from within a virtualized system, or attack other virtualized systems, or attack other customers within a cloud provider,” Erlin said.
Still, a high percentage — 36 percent according to a recent Kaspersky Labs survey — believe that security concerns are significantly lower in virtual infrastructures than in physical environments, and 46 percent suggested traditional security solutions were sufficient for virtual environments. Many companies continue to rely on traditional, agent-based security methods (like firewalls and anti-virus protection) to protect virtualized environments.
In this approach, companies manage each virtual server separately to ensure security. In an environment with tens of thousands of virtualized servers, this may increase the likelihood that organizations overlook upgrades and patches. Managing multiple servers this way may also hurt performance, said Mark Bermingham, virtualization evangelist, Kaspersky Lab North America.
“With each virtual machine having the same redundant anti-virus protection, there is excessive resource consumption in the RAM (random access memory) and CPU (central processing unit),” Bermingham said, which degrades performance and may crash systems.
Yet many IT administrators use the agent-based approach anyway. Kaspersky said that’s often because they have little or no understanding of security options for virtualized environments.
Many IT managers are starting to catch up, though. With virtualization now considered a strategic initiative, “the reality of shared infrastructure has driven the addition and adoption of specific security controls to manage and reduce risk,” Erlin said.
Bermingham said that better alternatives are agentless, although they work only for VMware machines and their Windows-based guests. A typical installation may not protect Web-based functions like email.
Morris said that the IT community is unsure whether it is more secure than agent-based options. “Assuming it is at least as good as agent-based security, agentless options are worth developing because they require less time to maintain.”
Light-agent security may be a better option. It adds capabilities that the current agentless option lacks. For example, it protects the three major virtualized systems, VMware, Citrix and Hyper-V, as well as instant messaging, email and Web activities.
In light agent models, a virtual tool at the hypervisor level addresses the majority of security processes. Companies are able to channel network traffic and files through this tool and use frequent security updates to protect their virtual servers. One of the byproducts is that companies can avoid redundant use of anti-malware across different networks.
Because it uses centralized scanning and installs a light agent on each virtual machine, this approach also reduces the maintenance workload to keep virtual machines secure and uses computing resources more efficiently by eliminating redundancies.
While agentless and light agent security options are still underused for virtual machines, Morris predicted that will change. “What’s happening is similar to what happened with backup infrastructure that initially worked with only a limited number of configurations,” he said. “The list of configurations grew as backup infrastructure became more common.”