SlideShare une entreprise Scribd logo
1  sur  12
Télécharger pour lire hors ligne
IBM Software                     January 2011
Thought Leadership White Paper




Securing virtualization in
real-world environments
2    Securing virtualization in real-world environments




Contents                                                              However, the key to successful virtualization is providing bene-
                                                                      fits like energy efficiency and performance without compromis-
    2 Introduction                                                    ing security. Organizations typically struggle to stay ahead of
    3 Virtualization: Enjoy the ride, but don’t forget to buckle up   today’s threats while also addressing various regulatory-based
                                                                      compliance standards. Adding new technologies such as
    5 Security implications of virtualization                         virtualization exacerbates this problem, making it essential
                                                                      for organizations to identify and address the new security gaps
    7 Securing virtualization
                                                                      that are introduced by virtualized environments.
    8 Virtualization security solutions from IBM
                                                                      For example, in a physical server environment, if someone com-
11 Summary                                                            promises the security of one server, most organizations have the
                                                                      security tools in place to address and contain that breach. But
12 For more information
                                                                      in a virtual server environment, where a single physical server
                                                                      can be running multiple applications from different resources, a
Introduction                                                          breach of one virtual server can potentially be a breach across
IT organizations are under increasing pressure to deliver more        a multitude of virtualized servers. And traditional security tools
functionality faster and with smaller budgets. Increasing costs       can’t help, because they weren’t designed to address virtualiza-
attributed to power and cooling of servers, coupled with the          tion. It’s only a matter of time before a tremendous security
headache of managing an expanding number of servers, makes            breach associated with server virtualization makes headlines.
this a serious challenge requiring new advancements within the
data center.                                                          Given the potential for catastrophe, organizations must act now.
                                                                      The first step is to take the time to understand how to properly
At the heart of many data center transformations is virtualiza-       integrate, deploy and manage security in virtualized environ-
tion. Through its ability to consolidate workloads and reduce the     ments. Without a baseline plan or a real understanding of virtu-
amount of time and energy IT spends purchasing, installing and        alization and security, IT groups may decide to disable many
maintaining racks of servers, virtualization allows the organiza-     of the advanced features of virtualization for fear of unintended
tion to satisfy its goals with fewer physical resources and reduced   consequences, or even worse, they might introduce more risk
operational costs. Early adopters of virtualization are also          into the process.
attaining additional returns on their investment through
simplified systems management, automation and optimized
server utilization. In short, both the expectations and benefits
are very real.
IBM Software   3




This white paper examines many of the security concerns associ-       However, in addition to providing these benefits, virtualization
ated with virtualization and helps you understand and prioritize      significantly impacts security. As data centers evolve into shared
these risks, as well as describing the IBM security solutions         and dynamic infrastructures, security concerns increase. The
that can help you secure virtual environments and position your       industry has already expressed anxiety over physical-to-virtual
organization to reap the full rewards of this exciting technology.    migrations, security of the virtualization management stack, and
                                                                      visibility into the virtual network. As virtual data centers become
Virtualization: Enjoy the ride, but don’t                             more complex, additional concerns around workload isolation,
forget to buckle up                                                   multi-tenancy, mobility, virtual machine sprawl and trust rela-
Virtualization has tremendous appeal for a variety of reasons.        tionships are gaining visibility. Negatively impacting the overall
Most notably, organizations are successfully reducing capital and     security posture and increasing risk are never the intentions of
operating expenses through server consolidation. By breaking          IT groups deploying virtualization, but that potential readily
down silos of physical resources, organizations can simplify          exists.
data center management and reduce server sprawl.
                                                                      Concerns over risk have the potential to limit the benefits an
While reducing data center costs has become the primary suc-          organization will realize from virtualization. For example, many
cess metric for organizations, investments in server virtualization   companies have seen no change in the number of resources
also come with greater expectations. Organizations have addi-         needed to manage virtual environments (see Figure 1). This is
tional goals of increased availability, automation and flexibility     likely the result of organizations not enabling automation
that are possible only with virtualization. Realizing these goals     capabilities such as dynamic resource allocation and mobility.
is a critical step towards greater levels of service management       Additionally, adopters of virtualization may not be changing—
through virtualization, including advanced IT service delivery        and ultimately improving—the efficiency of server provisioning
and strong business alignment. It also helps break the lock           processes for fear of introducing risk or of moving out of com-
between IT resources and business services—freeing you to             pliance with security policies. Until these organizations enable
exploit highly optimized systems and networks to further              more advanced virtualization features, they will not realize
improve efficiency.                                                   the enhanced manageability and availability benefits that
                                                                      virtualization brings.
4   Securing virtualization in real-world environments




                                                         The security challenges of virtualization

            Traditional threats
                                                               Traditional threats can attack
            New threats to VM                                  VMs just like real systems
            environments

                                                                                                                                   Virtual server sprawl

                                                                              APPLICATIONS                                         Dynamic state
                                                                                                           VIRTUAL                 Dynamic relocation
          Management
          vulnerabilities                                                                                  MACHINE
                                                                                OPERATING
          Secure storage of VMs
                                                                                 SYSTEM
          and the management
          data                                     MANAGEMENT                                                                      Resource sharing

          Requires new                                                                                                             Single point of failure
          skill sets                                                                   VMM OR HYPERVISOR
                                                                                                                                   Loss of visibility
          Insider threat

                                                                                                HARDWARE                           Stealth rootkits




                                                           MORE COMPONENTS = MORE EXPOSURE


Figure 1: The unique security challenges of virtualized infrastructures generate new risks for IT organizations, and the risk increases with the number of
components involved.
IBM Software   5




On the other hand, many early adopters have rushed to take             controls, strengthen the platform and increase awareness of
advantage of these technologies, often without fully understand-       potential security implications, organizations will be able to real-
ing the security concerns. For example, server consolidation           ize more benefits without adding new risk.
increases overall efficiency, but also complicates matters by
introducing a new architecture with various technical and              Before we examine the solutions offered for virtualization
organizational complexities. Both IT and security professionals        security, let’s take an in-depth look at the major concerns.
must adapt as consolidation forces change.
                                                                       Security implications of virtualization
As network and server administration begin to converge, physi-         Some characteristics and attributes of virtualization have inad-
cal security devices and other security tools become less effective.   vertent yet influential consequences on information security.
Even the most basic features of virtualization greatly impact the      Physical servers and other computer resources are heavily
day-to-day security responsibilities and processes used to achieve     shared, barriers between virtual machines are logical, and
and maintain compliance.                                               workloads can move around the data center—en route to new
                                                                       servers or geographic locations in real time.
Perhaps a lesson can be learned from the automobile industry in
that safety and security increase with maturity. The first modern       Understandably, people, processes and technology must adapt.
automobiles were available in the late 19th century, but seat belts    To do so, we must fully understand the new risks and security
were not offered as standard equipment until 1958. Clearly,            challenges unique to this technology. The following sections
technological advances allowing cars to travel much farther and        describe several major security concerns of virtualized
faster outpaced advances in safety. Likewise, new virtualization       environments.
capabilities are currently being introduced at a pace that chal-
lenges risk mitigation solutions. While mature virtualization          Isolation
platforms have strengthened their inherent security capabilities       In order to safely consolidate servers and allow a single physical
over time, new virtualization products with widespread appeal          server to host multiple virtual machines, virtualization uses logi-
and poorly understood security capabilities are now on the             cal isolation to provide the illusion of physical independence.
highway.                                                               No longer able to verify that machines are separated by network
                                                                       cables and other physical objects, we rely on the hypervisor and
In response, organizations must buckle up. They should under-          other software-based components to provide these assurances.
stand the new security risks that are introduced in virtualized        This becomes increasingly important when workloads from
environments, and then evaluate new security solutions specifi-         users of different trust levels share the same hardware. In
cally designed to address these new virtualization security            order to properly contain information, administrators must pay
challenges. Yes, virtualization introduces new concerns, but it        special attention to configuration settings that affect virtual
also provides an opportunity to extend defense-in-depth to             machines and network isolation, as well as continuously monitor
new and unique areas of integration. As we optimize security           the entire infrastructure for changes that could result in leakage
                                                                       of sensitive data.
6   Securing virtualization in real-world environments




Server lifecycle and change control                                     configuration protocol (DHCP) environments. Static policies
Patch management and change control windows are vital to                and other security mechanisms designed for traditional servers
keeping operations running smoothly and safely. This is done by         and networks may become easily confused. The ability of secu-
applying important security fixes in a timely manner. In fact, this      rity products to operate intelligently across multiple physical and
is so important that many IT organizations have built an exact          virtual environments, as well as to be more infrastructure-aware
science around server maintenance. Without question, a great            through integration of platform and management APIs, will
amount of time and money are invested annually to maintain              allow administrators to enforce control over the mobility of
servers in the data center. Virtualization adds to this complexity      virtual machines within various security zones.
by changing the rules of the game. Servers are no longer con-
stantly running; virtual machines can be stopped, started, paused       Virtual network security
and even rolled back to a previous state. The speed at which            Networks and servers are no longer two separate, distinct layers
machines are configured and deployed also dramatically                   of the data center. Virtualization allows for the creation of
increases. What used to take hours now takes seconds or                 sophisticated network environments, completely virtualized
minutes. The result is a highly dynamic environment where               within the confines of the server itself. These virtual networks
machines can be quickly introduced into the data center with            facilitate communications for virtual machines within the server
little oversight, and security flaws can be absent or reintroduced       and share many of the same features used by physical switches
based on virtual machine state. Security professionals must             and other traditional networking gear. A physical port in the data
fully understand what virtual machines are being deployed,              center that used to represent a single server now represents tens
which are currently running, when they were last patched and            or hundreds of virtual servers and drastically affects how we
who owns them.                                                          secure data center networks. Network traffic between virtual
                                                                        machines within the same physical server does not exit the
Virtual machine mobility                                                machine and is not inspected by traditional network security
Mobility, in the language of virtualization, refers to the ability of   appliances located on the physical network. These blind spots,
a virtual machine to automatically relocate itself and its resources    especially between virtual machines of varying trust levels, must
to an alternate location. This capability, while highly desirable,      be properly protected with additional layers of defense running
can also create problems. In a traditional data center, physical        within the virtual infrastructure.
server ‘A’ might be located on Row 5, Rack 8, Slot 3. In the
hybrid data center, virtual machine ‘B’ is not as easily locatable.     Separation of operational duties
As part of a resource pool, server ‘B’ could be spread across           Separation of duties and the policy of least privilege are
multiple physical resources. If configured for mobility, the virtual     important security principles used to limit the capabilities of IT
machine could relocate to another physical server, either auto-         administrators as they manage resources and perform routine
matically as part of a disaster preparedness plan or in response        tasks. Server management is usually handled by the server
to a performance threshold.                                             administrator, and network management by the network
                                                                        administrator—while security professionals work with both
The mobile aspect of virtual machines means flexibility, time            teams and handle their own specific tasks. Virtualization has
and cost savings for the data center, but it also introduces secu-
rity concerns similar to laptop and large-scale dynamic host
IBM Software   7




changed the natural boundaries and lines of demarcation that          the same security technology. The reason we cannot is due to a
built these divisions. Both server and network tasks can be           fundamental shift in the way organizations plan, deploy and
managed from a single virtualization management console,              manage virtualization platforms. This shift requires, in some
which introduces new operational challenges that must be              instances, a simple adaptation, and in others, a completely new
overcome. Organizations must clearly define proper identity and        way of operating.
access management policies, allowing administrations and secu-
rity professionals to properly maintain and secure the virtual        For example, it is true that some of the threats exposed by
environment without granting excessive authority to those who         virtualization can be mitigated or reduced by using existing
do not require it.                                                    people, processes and technology. Traditional network and host
                                                                      security products for example, can be used to protect the net-
Additional layers of software                                         work, desktops and servers. Given a small adaptation, host intru-
As virtualization is introduced into the data center, so are addi-    sion prevention systems (HIPS) can also be installed on each
tional lines of code that make up the software needed to              virtual machine. However, what cannot be effectively protected
implement it—from the management consoles that control                by traditional processes and technologies is the virtual fabric
virtual machines to the hypervisors that provide the foundation       composed of the hypervisor, management stack, inter-VM traffic
for the technology itself. As such, new vulnerabilities related to    and virtual switch. While people, processes and technology are
virtualization software can be introduced, with some attributed       recyclable, they also need to evolve to the new architecture and
to the popularity, accessibility and relative immaturity of x86       concepts exposed by virtualization.
virtualization. In addition, there is a heightened sensitivity from
vendors to analyze and disclose vulnerabilities. Many disclosures     Change control and patching procedures are good examples.
can be attributed to third-party code that is packaged with the       The patching procedures for virtual machines certainly need to
virtualization software stack, and vendors are taking measures to     adapt to fluctuating running states and dormancy. Furthermore,
reduce the footprint of their software and dependency on uncon-       how do organizations use virtualization management suites to
trolled code. However, it goes without saying that fault-free code    reclaim the separation of duties lost when network and host
is largely unattainable, especially as vendors integrate complex      administration merge onto the virtualization platform?
features into their platforms. Organizations should treat virtual-
ization as they would any critical application and apply proper       Deploying access control and applying the policy of least privi-
defenses to stay ahead of these threats.                              lege to the management console, administrative roles and virtual
                                                                      images are certainly not unique concepts; however, slowing the
Securing virtualization                                               growth of virtual networks and preventing virtual server sprawl
IBM believes that a foundation in security is the basis from          is. Administrators must also adapt to the concept of shared
which organizations can reap the most benefit from virtualiza-         resources and ensuring a fair distribution of RAM, CPU,
tion. If many of today’s virtualization security challenges simply    storage and bandwidth.
mirror yesterday’s challenges, logically, we should be able to use
8   Securing virtualization in real-world environments




All of these practices are used in today’s networks—in some              Virtualization security products
form—to mitigate risk. Since even virtual networks are really            IBM’s virtualization security product offerings fall into three
hybrid networks, these traditional solutions are still absolute          areas within the virtualization spectrum: Virtual environment
necessities in the fight for security. However, organizations             ready, virtual appliances and virtual infrastructure protection.
should keep in mind that organizational security is only as good
as the sum of its parts. Defense-in-depth must be extended from          Virtual environment ready solutions utilize IBM security
physical to virtual environments. In today’s era of reduced cost         offerings to protect virtual environments. With these solutions,
and complexity, the value of a single suite of centrally managed         IBM can protect virtual environments with proven technologies
security products that protects both physical and virtual net-           that incorporate recommended policies from the IBM X-Force™
works and hosts is critical to achieving organizational security         team, which is one of the oldest and best-known commercial
and maximum return on investment.                                        security research groups in the world. Certified by the
                                                                         International Computer Security Association (ICSA), and
Virtualization security solutions from IBM                               developed according to National Security Services (NSS)
Most organizations are running hybrid infrastructures with               libraries for cross-platform security development, these
varying percentages of physical and virtual hosts, applications          solutions have the ability to block threats and provide seamless
and devices. While many are rushing headlong into virtualiza-            integration with no interruption of your workflows.
tion, others are testing in laboratories or waiting until the value
of their servers and appliances have amortized. Regardless, the          Virtual appliances such as IBM Security Network Intrusion
stark reality of virtualization is that there is an adoption period.     Prevention System help reduce operational expenses while
Current investments in security will not be thrown away but will         increasing flexibility for your security infrastructure by allowing
be recycled and reused. Without question, organizations will             the reuse of assets you already own. These solutions can easily
look to cannibalize their existing investment in security in order       migrate from older technologies without changing hardware,
to effectively extend their investment.                                  and they provide a foundation for future expansion. The same
                                                                         policies of the physical appliance can be reused, and there can
It is critical to understand that the true value of security is not in   be numerous virtual appliances running on every virtualization
point products that address virtualization only, but in solutions        server.
that extend security to the new risks exposed by virtualizing
production servers. Organizations interested in reducing cost            Virtual infrastructure protection solutions include IBM Security
and complexity while achieving enterprise-grade security must            Virtual Server Protection for VMware, an integrated threat miti-
pay close attention to how solutions will fill the coverage gaps          gation solution designed to allow organizations to fully exploit
introduced by virtualization.                                            the benefits of server virtualization while protecting critical
                                                                         virtualized assets (see Figure 2). It provides the same intrusion
IBM is focused on providing best-of-breed, end-to-end security           prevention capabilities of other network IPS solutions, but with
solutions for key control points—network, endpoint and server.           the advantage of being integrated into the hypervisor through
IBM provides a range of virtualization security products, serv-          the VMsafe interface made available by VMware—which means
ices, and leading-edge expertise to help organizations maintain          you need to install only one instance for each virtualization server
security while realizing the promise of virtualization.                  in order to protect the entire virtualized infrastructure.
IBM Software   9




                                       IBM Security Virtual Server Protection for VMware

                    IBM Security                          VM                                 VM                              VM
                   Virtual Server                      Web Server                       Host Desktop                    Web Application
               Protection for VMware

                         Policy
                      Response                         Applications                      Applications                      Applications
                       Engines




                    Hardened OS                             OS                                OS                                OS




                        Rootkit                      Firewall              VMsafe                 Intrusion                     Virtual
                       Detection                                                                 Prevention                      NAC




                                                                         Hypervisor




                                                                         Hardware




Figure 2: IBM Security Virtual Server Protection for VMware helps organizations operate more securely and cost-effectively by delivering integrated and
optimized security capabilities for virtual data centers.
10 Securing virtualization in real-world environments




IBM Security Virtual Server Protection for VMware automati-            ●   IBM Security SiteProtector System offers the industry’s largest
cally protects virtual machines as they come online or move                portfolio of centrally managed security products and is sup-
across the data center, and it monitors traffic between virtualized        ported on VMware ESX. Designed for simplicity and flexibil-
servers with a holistic view of the virtual network. In addition to        ity, Security SiteProtector System can provide centralized
delivering IPS capabilities, the solution enables the security team        configuration, management, analysis and reporting for select
to search for malware by looking for rootkit activity in virtual-          IBM security products.
ized systems and to configure firewall rules and network access          ●   IBM virtualized infrastructure security provides virtual envi-
control (NAC) rules.                                                       ronment awareness and forms a transparent plug-and-play
                                                                           threat protection solution to address security concerns associ-
IBM Security SiteProtector™ System is integrated into Virtual              ated with virtual machine sprawl, lack of virtual network
Server Protection for VMware, providing a simple, cost-effective           visibility, and mobility. Through integration with virtualization
way to manage security solutions for physical and virtualized              platforms, IBM provides consolidated network-level intrusion
systems across the entire IT environment. Security SiteProtector           prevention and auditing of the virtual environment, reducing
System provides a central management point to control security             the need for network traffic analysis in the guest operating
policy, analysis, alerting and reporting.                                  system. Through this approach, organizations can limit the
                                                                           security footprint per guest OS, thereby eliminating redundant
Security management solutions                                              resource consumption and reducing security management
IBM provides a wide range of security management offerings,                complexity.
from managed services to plug-and-play solutions:
                                                                       Solutions backed by IBM X-Force
●   IBM Managed Security Services offers the option to outsource       IBM security excellence is driven by the world-renowned
    the deployment and management of your security products,           X-Force team, which provides the foundation for IBM’s preemp-
    thus reducing the cost and complexity of training and main-        tive approach to Internet security. This leading group of security
    taining in-house staff. IBM Managed Security Services also         experts researches and evaluates vulnerabilities and security
    offers an innovative and simple way to secure the virtual          issues, develops assessment and countermeasure technology for
    infrastructure by choosing to have IBM manage your security        IBM security products, and educates the public about emerging
    operations from one of eight IBM operation centers around          Internet threats.
    the world. Called the IBM Virtual-Security Operations Center
    (Virtual-SOC), this service is designed to ensure that all
    physical and virtual security solutions are active and updated
    with the latest patches and software updates, including security
    intelligence provided by the IBM X-Force research and
    development team.
IBM Software 11




The X-Force team delivers security intelligence that customers       Summary
can use to improve the security of their networks and data.          Without a doubt, virtualization has changed—and is changing—
Regardless of whether the product is a physical 1U appliance or      how organizations run, manage and store applications and data.
a piece of software installed on a virtual machine, the same secu-   New, complex technologies are rapidly increasing the potential
rity intelligence and threat content developed by the X-Force        for more gaps in protection.
team is installed on that IBM security device and helps manage
the threat mitigation process.                                       Virtualization security need not mean scrapping current security
                                                                     investments in IPS technology, firewalls or multifunction
In addition to providing security content updates to IBM secu-       devices. Networks will always have some amount of physical
rity products, the X-Force team also provides the IBM X-Force        hardware, and virtual security will always be limited by a finite
Threat Analysis Service (XFTAS). The XFTAS delivers cus-             amount of resources. But you do need to plan now and consider
tomized information about a wide array of threats that could         how to best protect your physical and virtual resources.
affect your network through detailed analysis of global threat
conditions.                                                          IBM continues to develop solutions that not only help protect
                                                                     capital investments and confidential data, but also make it easy to
                                                                     track, monitor, automate and manage your critical infrastructure
                                                                     resources, including those in the virtualization stack.
For more information
To learn how IBM can help you enable secure virtualization,
contact your IBM representative or IBM Business Partner,
or visit ibm.com/tivoli/security. To learn more about
IBM virtualization solutions, visit ibm.com/services/us/iss/
html/virtualization-security-solutions.html                    © Copyright IBM Corporation 2011

                                                               IBM Corporation Software Group
                                                               Route 100
                                                               Somers, NY 10589
                                                               U.S.A.

                                                               Produced in the United States of America
                                                               January 2011
                                                               All Rights Reserved

                                                               IBM, the IBM logo, ibm.com and X-Force are trademarks or registered
                                                               trademarks of International Business Machines Corporation in the United
                                                               States, other countries, or both. If these and other IBM trademarked terms
                                                               are marked on their first occurrence in this information with a trademark
                                                               symbol (® or ™), these symbols indicate U.S. registered or common law
                                                               trademarks owned by IBM at the time this information was published.
                                                               Such trademarks may also be registered or common law trademarks in other
                                                               countries. A current list of IBM trademarks is available on the web at
                                                               “Copyright and trademark information” at ibm.com/legal/copytrade.shtml

                                                               Other company, product and service names may be trademarks or service
                                                               marks of others.

                                                               References in this publication to IBM products and services do not
                                                               imply that IBM intends to make them available in all countries in which
                                                               IBM operates.

                                                               No part of this document may be reproduced or transmitted in any form
                                                               without written permission from IBM Corporation.

                                                               Product data has been reviewed for accuracy as of the date of initial
                                                               publication. Product data is subject to change without notice. Any statements
                                                               regarding IBM’s future direction and intent are subject to change or
                                                               withdrawal without notice, and represent goals and objectives only.

                                                               The information provided in this document is distributed “as is” without any
                                                               warranty, either express or implied. IBM expressly disclaims any warranties
                                                               of merchantability, fitness for a particular purpose or noninfringement.
                                                               IBM products are warranted according to the terms and conditions of
                                                               the agreements (e.g. IBM Customer Agreement, Statement of Limited
                                                               Warranty, International Program License Agreement, etc.) under which they
                                                               are provided.

                                                               The customer is responsible for ensuring compliance with legal
                                                               requirements. It is the customer’s sole responsibility to obtain advice of
                                                               competent legal counsel as to the identification and interpretation of any
                                                               relevant laws and regulatory requirements that may affect the customer’s
                                                               business and any actions the customer may need to take to comply with
                                                               such laws. IBM does not provide legal advice or represent or warrant that its
                                                               services or products will ensure that the customer is in compliance with any
                                                               law or regulation.


                                                                        Please Recycle




                                                                                                                     SEW03016-USEN-01

Contenu connexe

Tendances

NCCE 2011 - Virtualization 101: The Fundamentals of Virtualization
NCCE 2011 - Virtualization 101: The Fundamentals of VirtualizationNCCE 2011 - Virtualization 101: The Fundamentals of Virtualization
NCCE 2011 - Virtualization 101: The Fundamentals of Virtualizationncceconnect
 
Types of Virtualization Solutions
Types of Virtualization SolutionsTypes of Virtualization Solutions
Types of Virtualization Solutions Array Networks
 
Virtualization 2.0: The Next Generation of Virtualization
Virtualization 2.0: The Next Generation of VirtualizationVirtualization 2.0: The Next Generation of Virtualization
Virtualization 2.0: The Next Generation of VirtualizationEMC
 
Virtualization Explained | What Is Virtualization Technology? | Virtualizatio...
Virtualization Explained | What Is Virtualization Technology? | Virtualizatio...Virtualization Explained | What Is Virtualization Technology? | Virtualizatio...
Virtualization Explained | What Is Virtualization Technology? | Virtualizatio...Simplilearn
 
Microsoft Virtualization Overview
Microsoft Virtualization OverviewMicrosoft Virtualization Overview
Microsoft Virtualization Overviewwebhostingguy
 
Server virtualization
Server virtualizationServer virtualization
Server virtualizationofsorganizer
 
Virtualization concept slideshare
Virtualization concept slideshareVirtualization concept slideshare
Virtualization concept slideshareYogesh Kumar
 
Cloud computing using virtualization (Virtual Data Center)
Cloud computing using virtualization (Virtual Data Center)Cloud computing using virtualization (Virtual Data Center)
Cloud computing using virtualization (Virtual Data Center)Sarbjeet Singh
 
Cloud Computing using virtulization
Cloud Computing using virtulizationCloud Computing using virtulization
Cloud Computing using virtulizationAJIT NEGI
 
Virtualization
VirtualizationVirtualization
VirtualizationYansi Keim
 
Virtualization & cloud computing
Virtualization & cloud computingVirtualization & cloud computing
Virtualization & cloud computingSoumyajit Basu
 
Virtualization VMWare technology
Virtualization VMWare technologyVirtualization VMWare technology
Virtualization VMWare technologysanjoysanyal
 
Virtualization
VirtualizationVirtualization
Virtualizationimp_satish
 
cloud virtualization technology
 cloud virtualization technology  cloud virtualization technology
cloud virtualization technology Ravindra Dastikop
 

Tendances (20)

NCCE 2011 - Virtualization 101: The Fundamentals of Virtualization
NCCE 2011 - Virtualization 101: The Fundamentals of VirtualizationNCCE 2011 - Virtualization 101: The Fundamentals of Virtualization
NCCE 2011 - Virtualization 101: The Fundamentals of Virtualization
 
Types of Virtualization Solutions
Types of Virtualization SolutionsTypes of Virtualization Solutions
Types of Virtualization Solutions
 
Virtualization 2.0: The Next Generation of Virtualization
Virtualization 2.0: The Next Generation of VirtualizationVirtualization 2.0: The Next Generation of Virtualization
Virtualization 2.0: The Next Generation of Virtualization
 
Virtualization 101
Virtualization 101Virtualization 101
Virtualization 101
 
Virtualization Explained | What Is Virtualization Technology? | Virtualizatio...
Virtualization Explained | What Is Virtualization Technology? | Virtualizatio...Virtualization Explained | What Is Virtualization Technology? | Virtualizatio...
Virtualization Explained | What Is Virtualization Technology? | Virtualizatio...
 
Microsoft Virtualization Overview
Microsoft Virtualization OverviewMicrosoft Virtualization Overview
Microsoft Virtualization Overview
 
Virtualization
VirtualizationVirtualization
Virtualization
 
Server Virtualization
Server VirtualizationServer Virtualization
Server Virtualization
 
Server virtualization
Server virtualizationServer virtualization
Server virtualization
 
Virtualization
VirtualizationVirtualization
Virtualization
 
Virtualization concept slideshare
Virtualization concept slideshareVirtualization concept slideshare
Virtualization concept slideshare
 
Virtualization
VirtualizationVirtualization
Virtualization
 
Cloud computing using virtualization (Virtual Data Center)
Cloud computing using virtualization (Virtual Data Center)Cloud computing using virtualization (Virtual Data Center)
Cloud computing using virtualization (Virtual Data Center)
 
Cloud Computing using virtulization
Cloud Computing using virtulizationCloud Computing using virtulization
Cloud Computing using virtulization
 
Virtualization
VirtualizationVirtualization
Virtualization
 
Virtualization & cloud computing
Virtualization & cloud computingVirtualization & cloud computing
Virtualization & cloud computing
 
Virtualization
VirtualizationVirtualization
Virtualization
 
Virtualization VMWare technology
Virtualization VMWare technologyVirtualization VMWare technology
Virtualization VMWare technology
 
Virtualization
VirtualizationVirtualization
Virtualization
 
cloud virtualization technology
 cloud virtualization technology  cloud virtualization technology
cloud virtualization technology
 

En vedette

Rewriting the rules of patch management
Rewriting the rules of patch managementRewriting the rules of patch management
Rewriting the rules of patch managementArun Gopinath
 
Ibm app security assessment_ds
Ibm app security assessment_dsIbm app security assessment_ds
Ibm app security assessment_dsArun Gopinath
 
Centralizing security on the mainframe
Centralizing security on the mainframeCentralizing security on the mainframe
Centralizing security on the mainframeArun Gopinath
 
Cloud computing white paper who do you trust
Cloud computing white paper who do you trustCloud computing white paper who do you trust
Cloud computing white paper who do you trustArun Gopinath
 
Ibm xiv storage your ideal cloud building block
Ibm xiv storage   your ideal cloud building blockIbm xiv storage   your ideal cloud building block
Ibm xiv storage your ideal cloud building blockArun Gopinath
 
Strategies for assessing cloud security
Strategies for assessing cloud securityStrategies for assessing cloud security
Strategies for assessing cloud securityArun Gopinath
 
Realizing business value with iam
Realizing business value with iamRealizing business value with iam
Realizing business value with iamArun Gopinath
 
Secure by design building id based security
Secure by design building id based securitySecure by design building id based security
Secure by design building id based securityArun Gopinath
 
Anexo 4 itens contábeis em aberto (1)
Anexo 4   itens contábeis em aberto (1)Anexo 4   itens contábeis em aberto (1)
Anexo 4 itens contábeis em aberto (1)Miguel Rosario
 
Vocabulario animales de granja
Vocabulario animales de granjaVocabulario animales de granja
Vocabulario animales de granjaVirginia Villalba
 
Wind Power Hr Brochure Web
Wind Power Hr Brochure   WebWind Power Hr Brochure   Web
Wind Power Hr Brochure Webgm330
 
A delação de Machado que cita Aécio Neves
A delação de Machado que cita Aécio NevesA delação de Machado que cita Aécio Neves
A delação de Machado que cita Aécio NevesMiguel Rosario
 
Libguide template
Libguide templateLibguide template
Libguide templategranimal
 
облачные сервисы. для образования, управления и личного пользования
облачные сервисы. для образования, управления и личного пользованияоблачные сервисы. для образования, управления и личного пользования
облачные сервисы. для образования, управления и личного пользованияFordzon Putilovez
 

En vedette (15)

Rewriting the rules of patch management
Rewriting the rules of patch managementRewriting the rules of patch management
Rewriting the rules of patch management
 
Secure by design
Secure by designSecure by design
Secure by design
 
Ibm app security assessment_ds
Ibm app security assessment_dsIbm app security assessment_ds
Ibm app security assessment_ds
 
Centralizing security on the mainframe
Centralizing security on the mainframeCentralizing security on the mainframe
Centralizing security on the mainframe
 
Cloud computing white paper who do you trust
Cloud computing white paper who do you trustCloud computing white paper who do you trust
Cloud computing white paper who do you trust
 
Ibm xiv storage your ideal cloud building block
Ibm xiv storage   your ideal cloud building blockIbm xiv storage   your ideal cloud building block
Ibm xiv storage your ideal cloud building block
 
Strategies for assessing cloud security
Strategies for assessing cloud securityStrategies for assessing cloud security
Strategies for assessing cloud security
 
Realizing business value with iam
Realizing business value with iamRealizing business value with iam
Realizing business value with iam
 
Secure by design building id based security
Secure by design building id based securitySecure by design building id based security
Secure by design building id based security
 
Anexo 4 itens contábeis em aberto (1)
Anexo 4   itens contábeis em aberto (1)Anexo 4   itens contábeis em aberto (1)
Anexo 4 itens contábeis em aberto (1)
 
Vocabulario animales de granja
Vocabulario animales de granjaVocabulario animales de granja
Vocabulario animales de granja
 
Wind Power Hr Brochure Web
Wind Power Hr Brochure   WebWind Power Hr Brochure   Web
Wind Power Hr Brochure Web
 
A delação de Machado que cita Aécio Neves
A delação de Machado que cita Aécio NevesA delação de Machado que cita Aécio Neves
A delação de Machado que cita Aécio Neves
 
Libguide template
Libguide templateLibguide template
Libguide template
 
облачные сервисы. для образования, управления и личного пользования
облачные сервисы. для образования, управления и личного пользованияоблачные сервисы. для образования, управления и личного пользования
облачные сервисы. для образования, управления и личного пользования
 

Similaire à Securing virtualization in real world environments

IT Security Risk Mitigation Report: Virtualization Security
IT Security Risk Mitigation Report: Virtualization SecurityIT Security Risk Mitigation Report: Virtualization Security
IT Security Risk Mitigation Report: Virtualization SecurityBooz Allen Hamilton
 
Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec
 
HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2JD Sherry
 
Closing The Virtual IO Management Gap
Closing The Virtual IO Management GapClosing The Virtual IO Management Gap
Closing The Virtual IO Management GapJohn McDonald
 
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...Acrodex
 
Symantec VMworld 2011 News
Symantec VMworld 2011 NewsSymantec VMworld 2011 News
Symantec VMworld 2011 NewsSymantec
 
Automation white paper-nextgendc
Automation white paper-nextgendcAutomation white paper-nextgendc
Automation white paper-nextgendcMike Kuhn
 
The Evolution Of Server Virtualization By Hitendra Molleti
The Evolution Of Server Virtualization By Hitendra MolletiThe Evolution Of Server Virtualization By Hitendra Molleti
The Evolution Of Server Virtualization By Hitendra MolletiHitendra Molleti
 
Protecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest ThreatsProtecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest Threatswhite paper
 
Risk Analysis and Mitigation in Virtualized Environments
Risk Analysis and Mitigation in Virtualized EnvironmentsRisk Analysis and Mitigation in Virtualized Environments
Risk Analysis and Mitigation in Virtualized EnvironmentsSiddharth Coontoor
 
Support you Microsoft cloud with Microsoft services By Anis Chebbi)
Support you Microsoft cloud with Microsoft services By Anis Chebbi)Support you Microsoft cloud with Microsoft services By Anis Chebbi)
Support you Microsoft cloud with Microsoft services By Anis Chebbi)TechdaysTunisia
 
ITIL Virtualization - ITSM Academy Webinar
ITIL Virtualization - ITSM Academy WebinarITIL Virtualization - ITSM Academy Webinar
ITIL Virtualization - ITSM Academy WebinarITSM Academy, Inc.
 
VMware vCloud Director 1.5 - What's New
VMware vCloud Director 1.5  - What's NewVMware vCloud Director 1.5  - What's New
VMware vCloud Director 1.5 - What's New1CloudRoad.com
 
Virtualization security threats in cloud computing
Virtualization security threats in cloud computingVirtualization security threats in cloud computing
Virtualization security threats in cloud computingNitish Awasthi (anitish_225)
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS RealityKVH Co. Ltd.
 
3529 v mware_solution_brochure_final
3529 v mware_solution_brochure_final3529 v mware_solution_brochure_final
3529 v mware_solution_brochure_finalVictor Diaz Campos
 

Similaire à Securing virtualization in real world environments (20)

IT Security Risk Mitigation Report: Virtualization Security
IT Security Risk Mitigation Report: Virtualization SecurityIT Security Risk Mitigation Report: Virtualization Security
IT Security Risk Mitigation Report: Virtualization Security
 
Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012
 
HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2
 
Closing The Virtual IO Management Gap
Closing The Virtual IO Management GapClosing The Virtual IO Management Gap
Closing The Virtual IO Management Gap
 
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
 
Symantec VMworld 2011 News
Symantec VMworld 2011 NewsSymantec VMworld 2011 News
Symantec VMworld 2011 News
 
Automation white paper-nextgendc
Automation white paper-nextgendcAutomation white paper-nextgendc
Automation white paper-nextgendc
 
The Evolution Of Server Virtualization By Hitendra Molleti
The Evolution Of Server Virtualization By Hitendra MolletiThe Evolution Of Server Virtualization By Hitendra Molleti
The Evolution Of Server Virtualization By Hitendra Molleti
 
Protecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest ThreatsProtecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest Threats
 
Risk Analysis and Mitigation in Virtualized Environments
Risk Analysis and Mitigation in Virtualized EnvironmentsRisk Analysis and Mitigation in Virtualized Environments
Risk Analysis and Mitigation in Virtualized Environments
 
Support you Microsoft cloud with Microsoft services By Anis Chebbi)
Support you Microsoft cloud with Microsoft services By Anis Chebbi)Support you Microsoft cloud with Microsoft services By Anis Chebbi)
Support you Microsoft cloud with Microsoft services By Anis Chebbi)
 
ITIL Virtualization - ITSM Academy Webinar
ITIL Virtualization - ITSM Academy WebinarITIL Virtualization - ITSM Academy Webinar
ITIL Virtualization - ITSM Academy Webinar
 
null Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Securitynull Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Security
 
VMware vCloud Director 1.5 - What's New
VMware vCloud Director 1.5  - What's NewVMware vCloud Director 1.5  - What's New
VMware vCloud Director 1.5 - What's New
 
Virtualization security threats in cloud computing
Virtualization security threats in cloud computingVirtualization security threats in cloud computing
Virtualization security threats in cloud computing
 
Keeping IT Real Webinar
Keeping IT Real WebinarKeeping IT Real Webinar
Keeping IT Real Webinar
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS Reality
 
Data sheet
Data sheetData sheet
Data sheet
 
3529 v mware_solution_brochure_final
3529 v mware_solution_brochure_final3529 v mware_solution_brochure_final
3529 v mware_solution_brochure_final
 

Dernier

Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 

Dernier (20)

Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 

Securing virtualization in real world environments

  • 1. IBM Software January 2011 Thought Leadership White Paper Securing virtualization in real-world environments
  • 2. 2 Securing virtualization in real-world environments Contents However, the key to successful virtualization is providing bene- fits like energy efficiency and performance without compromis- 2 Introduction ing security. Organizations typically struggle to stay ahead of 3 Virtualization: Enjoy the ride, but don’t forget to buckle up today’s threats while also addressing various regulatory-based compliance standards. Adding new technologies such as 5 Security implications of virtualization virtualization exacerbates this problem, making it essential for organizations to identify and address the new security gaps 7 Securing virtualization that are introduced by virtualized environments. 8 Virtualization security solutions from IBM For example, in a physical server environment, if someone com- 11 Summary promises the security of one server, most organizations have the security tools in place to address and contain that breach. But 12 For more information in a virtual server environment, where a single physical server can be running multiple applications from different resources, a Introduction breach of one virtual server can potentially be a breach across IT organizations are under increasing pressure to deliver more a multitude of virtualized servers. And traditional security tools functionality faster and with smaller budgets. Increasing costs can’t help, because they weren’t designed to address virtualiza- attributed to power and cooling of servers, coupled with the tion. It’s only a matter of time before a tremendous security headache of managing an expanding number of servers, makes breach associated with server virtualization makes headlines. this a serious challenge requiring new advancements within the data center. Given the potential for catastrophe, organizations must act now. The first step is to take the time to understand how to properly At the heart of many data center transformations is virtualiza- integrate, deploy and manage security in virtualized environ- tion. Through its ability to consolidate workloads and reduce the ments. Without a baseline plan or a real understanding of virtu- amount of time and energy IT spends purchasing, installing and alization and security, IT groups may decide to disable many maintaining racks of servers, virtualization allows the organiza- of the advanced features of virtualization for fear of unintended tion to satisfy its goals with fewer physical resources and reduced consequences, or even worse, they might introduce more risk operational costs. Early adopters of virtualization are also into the process. attaining additional returns on their investment through simplified systems management, automation and optimized server utilization. In short, both the expectations and benefits are very real.
  • 3. IBM Software 3 This white paper examines many of the security concerns associ- However, in addition to providing these benefits, virtualization ated with virtualization and helps you understand and prioritize significantly impacts security. As data centers evolve into shared these risks, as well as describing the IBM security solutions and dynamic infrastructures, security concerns increase. The that can help you secure virtual environments and position your industry has already expressed anxiety over physical-to-virtual organization to reap the full rewards of this exciting technology. migrations, security of the virtualization management stack, and visibility into the virtual network. As virtual data centers become Virtualization: Enjoy the ride, but don’t more complex, additional concerns around workload isolation, forget to buckle up multi-tenancy, mobility, virtual machine sprawl and trust rela- Virtualization has tremendous appeal for a variety of reasons. tionships are gaining visibility. Negatively impacting the overall Most notably, organizations are successfully reducing capital and security posture and increasing risk are never the intentions of operating expenses through server consolidation. By breaking IT groups deploying virtualization, but that potential readily down silos of physical resources, organizations can simplify exists. data center management and reduce server sprawl. Concerns over risk have the potential to limit the benefits an While reducing data center costs has become the primary suc- organization will realize from virtualization. For example, many cess metric for organizations, investments in server virtualization companies have seen no change in the number of resources also come with greater expectations. Organizations have addi- needed to manage virtual environments (see Figure 1). This is tional goals of increased availability, automation and flexibility likely the result of organizations not enabling automation that are possible only with virtualization. Realizing these goals capabilities such as dynamic resource allocation and mobility. is a critical step towards greater levels of service management Additionally, adopters of virtualization may not be changing— through virtualization, including advanced IT service delivery and ultimately improving—the efficiency of server provisioning and strong business alignment. It also helps break the lock processes for fear of introducing risk or of moving out of com- between IT resources and business services—freeing you to pliance with security policies. Until these organizations enable exploit highly optimized systems and networks to further more advanced virtualization features, they will not realize improve efficiency. the enhanced manageability and availability benefits that virtualization brings.
  • 4. 4 Securing virtualization in real-world environments The security challenges of virtualization Traditional threats Traditional threats can attack New threats to VM VMs just like real systems environments Virtual server sprawl APPLICATIONS Dynamic state VIRTUAL Dynamic relocation Management vulnerabilities MACHINE OPERATING Secure storage of VMs SYSTEM and the management data MANAGEMENT Resource sharing Requires new Single point of failure skill sets VMM OR HYPERVISOR Loss of visibility Insider threat HARDWARE Stealth rootkits MORE COMPONENTS = MORE EXPOSURE Figure 1: The unique security challenges of virtualized infrastructures generate new risks for IT organizations, and the risk increases with the number of components involved.
  • 5. IBM Software 5 On the other hand, many early adopters have rushed to take controls, strengthen the platform and increase awareness of advantage of these technologies, often without fully understand- potential security implications, organizations will be able to real- ing the security concerns. For example, server consolidation ize more benefits without adding new risk. increases overall efficiency, but also complicates matters by introducing a new architecture with various technical and Before we examine the solutions offered for virtualization organizational complexities. Both IT and security professionals security, let’s take an in-depth look at the major concerns. must adapt as consolidation forces change. Security implications of virtualization As network and server administration begin to converge, physi- Some characteristics and attributes of virtualization have inad- cal security devices and other security tools become less effective. vertent yet influential consequences on information security. Even the most basic features of virtualization greatly impact the Physical servers and other computer resources are heavily day-to-day security responsibilities and processes used to achieve shared, barriers between virtual machines are logical, and and maintain compliance. workloads can move around the data center—en route to new servers or geographic locations in real time. Perhaps a lesson can be learned from the automobile industry in that safety and security increase with maturity. The first modern Understandably, people, processes and technology must adapt. automobiles were available in the late 19th century, but seat belts To do so, we must fully understand the new risks and security were not offered as standard equipment until 1958. Clearly, challenges unique to this technology. The following sections technological advances allowing cars to travel much farther and describe several major security concerns of virtualized faster outpaced advances in safety. Likewise, new virtualization environments. capabilities are currently being introduced at a pace that chal- lenges risk mitigation solutions. While mature virtualization Isolation platforms have strengthened their inherent security capabilities In order to safely consolidate servers and allow a single physical over time, new virtualization products with widespread appeal server to host multiple virtual machines, virtualization uses logi- and poorly understood security capabilities are now on the cal isolation to provide the illusion of physical independence. highway. No longer able to verify that machines are separated by network cables and other physical objects, we rely on the hypervisor and In response, organizations must buckle up. They should under- other software-based components to provide these assurances. stand the new security risks that are introduced in virtualized This becomes increasingly important when workloads from environments, and then evaluate new security solutions specifi- users of different trust levels share the same hardware. In cally designed to address these new virtualization security order to properly contain information, administrators must pay challenges. Yes, virtualization introduces new concerns, but it special attention to configuration settings that affect virtual also provides an opportunity to extend defense-in-depth to machines and network isolation, as well as continuously monitor new and unique areas of integration. As we optimize security the entire infrastructure for changes that could result in leakage of sensitive data.
  • 6. 6 Securing virtualization in real-world environments Server lifecycle and change control configuration protocol (DHCP) environments. Static policies Patch management and change control windows are vital to and other security mechanisms designed for traditional servers keeping operations running smoothly and safely. This is done by and networks may become easily confused. The ability of secu- applying important security fixes in a timely manner. In fact, this rity products to operate intelligently across multiple physical and is so important that many IT organizations have built an exact virtual environments, as well as to be more infrastructure-aware science around server maintenance. Without question, a great through integration of platform and management APIs, will amount of time and money are invested annually to maintain allow administrators to enforce control over the mobility of servers in the data center. Virtualization adds to this complexity virtual machines within various security zones. by changing the rules of the game. Servers are no longer con- stantly running; virtual machines can be stopped, started, paused Virtual network security and even rolled back to a previous state. The speed at which Networks and servers are no longer two separate, distinct layers machines are configured and deployed also dramatically of the data center. Virtualization allows for the creation of increases. What used to take hours now takes seconds or sophisticated network environments, completely virtualized minutes. The result is a highly dynamic environment where within the confines of the server itself. These virtual networks machines can be quickly introduced into the data center with facilitate communications for virtual machines within the server little oversight, and security flaws can be absent or reintroduced and share many of the same features used by physical switches based on virtual machine state. Security professionals must and other traditional networking gear. A physical port in the data fully understand what virtual machines are being deployed, center that used to represent a single server now represents tens which are currently running, when they were last patched and or hundreds of virtual servers and drastically affects how we who owns them. secure data center networks. Network traffic between virtual machines within the same physical server does not exit the Virtual machine mobility machine and is not inspected by traditional network security Mobility, in the language of virtualization, refers to the ability of appliances located on the physical network. These blind spots, a virtual machine to automatically relocate itself and its resources especially between virtual machines of varying trust levels, must to an alternate location. This capability, while highly desirable, be properly protected with additional layers of defense running can also create problems. In a traditional data center, physical within the virtual infrastructure. server ‘A’ might be located on Row 5, Rack 8, Slot 3. In the hybrid data center, virtual machine ‘B’ is not as easily locatable. Separation of operational duties As part of a resource pool, server ‘B’ could be spread across Separation of duties and the policy of least privilege are multiple physical resources. If configured for mobility, the virtual important security principles used to limit the capabilities of IT machine could relocate to another physical server, either auto- administrators as they manage resources and perform routine matically as part of a disaster preparedness plan or in response tasks. Server management is usually handled by the server to a performance threshold. administrator, and network management by the network administrator—while security professionals work with both The mobile aspect of virtual machines means flexibility, time teams and handle their own specific tasks. Virtualization has and cost savings for the data center, but it also introduces secu- rity concerns similar to laptop and large-scale dynamic host
  • 7. IBM Software 7 changed the natural boundaries and lines of demarcation that the same security technology. The reason we cannot is due to a built these divisions. Both server and network tasks can be fundamental shift in the way organizations plan, deploy and managed from a single virtualization management console, manage virtualization platforms. This shift requires, in some which introduces new operational challenges that must be instances, a simple adaptation, and in others, a completely new overcome. Organizations must clearly define proper identity and way of operating. access management policies, allowing administrations and secu- rity professionals to properly maintain and secure the virtual For example, it is true that some of the threats exposed by environment without granting excessive authority to those who virtualization can be mitigated or reduced by using existing do not require it. people, processes and technology. Traditional network and host security products for example, can be used to protect the net- Additional layers of software work, desktops and servers. Given a small adaptation, host intru- As virtualization is introduced into the data center, so are addi- sion prevention systems (HIPS) can also be installed on each tional lines of code that make up the software needed to virtual machine. However, what cannot be effectively protected implement it—from the management consoles that control by traditional processes and technologies is the virtual fabric virtual machines to the hypervisors that provide the foundation composed of the hypervisor, management stack, inter-VM traffic for the technology itself. As such, new vulnerabilities related to and virtual switch. While people, processes and technology are virtualization software can be introduced, with some attributed recyclable, they also need to evolve to the new architecture and to the popularity, accessibility and relative immaturity of x86 concepts exposed by virtualization. virtualization. In addition, there is a heightened sensitivity from vendors to analyze and disclose vulnerabilities. Many disclosures Change control and patching procedures are good examples. can be attributed to third-party code that is packaged with the The patching procedures for virtual machines certainly need to virtualization software stack, and vendors are taking measures to adapt to fluctuating running states and dormancy. Furthermore, reduce the footprint of their software and dependency on uncon- how do organizations use virtualization management suites to trolled code. However, it goes without saying that fault-free code reclaim the separation of duties lost when network and host is largely unattainable, especially as vendors integrate complex administration merge onto the virtualization platform? features into their platforms. Organizations should treat virtual- ization as they would any critical application and apply proper Deploying access control and applying the policy of least privi- defenses to stay ahead of these threats. lege to the management console, administrative roles and virtual images are certainly not unique concepts; however, slowing the Securing virtualization growth of virtual networks and preventing virtual server sprawl IBM believes that a foundation in security is the basis from is. Administrators must also adapt to the concept of shared which organizations can reap the most benefit from virtualiza- resources and ensuring a fair distribution of RAM, CPU, tion. If many of today’s virtualization security challenges simply storage and bandwidth. mirror yesterday’s challenges, logically, we should be able to use
  • 8. 8 Securing virtualization in real-world environments All of these practices are used in today’s networks—in some Virtualization security products form—to mitigate risk. Since even virtual networks are really IBM’s virtualization security product offerings fall into three hybrid networks, these traditional solutions are still absolute areas within the virtualization spectrum: Virtual environment necessities in the fight for security. However, organizations ready, virtual appliances and virtual infrastructure protection. should keep in mind that organizational security is only as good as the sum of its parts. Defense-in-depth must be extended from Virtual environment ready solutions utilize IBM security physical to virtual environments. In today’s era of reduced cost offerings to protect virtual environments. With these solutions, and complexity, the value of a single suite of centrally managed IBM can protect virtual environments with proven technologies security products that protects both physical and virtual net- that incorporate recommended policies from the IBM X-Force™ works and hosts is critical to achieving organizational security team, which is one of the oldest and best-known commercial and maximum return on investment. security research groups in the world. Certified by the International Computer Security Association (ICSA), and Virtualization security solutions from IBM developed according to National Security Services (NSS) Most organizations are running hybrid infrastructures with libraries for cross-platform security development, these varying percentages of physical and virtual hosts, applications solutions have the ability to block threats and provide seamless and devices. While many are rushing headlong into virtualiza- integration with no interruption of your workflows. tion, others are testing in laboratories or waiting until the value of their servers and appliances have amortized. Regardless, the Virtual appliances such as IBM Security Network Intrusion stark reality of virtualization is that there is an adoption period. Prevention System help reduce operational expenses while Current investments in security will not be thrown away but will increasing flexibility for your security infrastructure by allowing be recycled and reused. Without question, organizations will the reuse of assets you already own. These solutions can easily look to cannibalize their existing investment in security in order migrate from older technologies without changing hardware, to effectively extend their investment. and they provide a foundation for future expansion. The same policies of the physical appliance can be reused, and there can It is critical to understand that the true value of security is not in be numerous virtual appliances running on every virtualization point products that address virtualization only, but in solutions server. that extend security to the new risks exposed by virtualizing production servers. Organizations interested in reducing cost Virtual infrastructure protection solutions include IBM Security and complexity while achieving enterprise-grade security must Virtual Server Protection for VMware, an integrated threat miti- pay close attention to how solutions will fill the coverage gaps gation solution designed to allow organizations to fully exploit introduced by virtualization. the benefits of server virtualization while protecting critical virtualized assets (see Figure 2). It provides the same intrusion IBM is focused on providing best-of-breed, end-to-end security prevention capabilities of other network IPS solutions, but with solutions for key control points—network, endpoint and server. the advantage of being integrated into the hypervisor through IBM provides a range of virtualization security products, serv- the VMsafe interface made available by VMware—which means ices, and leading-edge expertise to help organizations maintain you need to install only one instance for each virtualization server security while realizing the promise of virtualization. in order to protect the entire virtualized infrastructure.
  • 9. IBM Software 9 IBM Security Virtual Server Protection for VMware IBM Security VM VM VM Virtual Server Web Server Host Desktop Web Application Protection for VMware Policy Response Applications Applications Applications Engines Hardened OS OS OS OS Rootkit Firewall VMsafe Intrusion Virtual Detection Prevention NAC Hypervisor Hardware Figure 2: IBM Security Virtual Server Protection for VMware helps organizations operate more securely and cost-effectively by delivering integrated and optimized security capabilities for virtual data centers.
  • 10. 10 Securing virtualization in real-world environments IBM Security Virtual Server Protection for VMware automati- ● IBM Security SiteProtector System offers the industry’s largest cally protects virtual machines as they come online or move portfolio of centrally managed security products and is sup- across the data center, and it monitors traffic between virtualized ported on VMware ESX. Designed for simplicity and flexibil- servers with a holistic view of the virtual network. In addition to ity, Security SiteProtector System can provide centralized delivering IPS capabilities, the solution enables the security team configuration, management, analysis and reporting for select to search for malware by looking for rootkit activity in virtual- IBM security products. ized systems and to configure firewall rules and network access ● IBM virtualized infrastructure security provides virtual envi- control (NAC) rules. ronment awareness and forms a transparent plug-and-play threat protection solution to address security concerns associ- IBM Security SiteProtector™ System is integrated into Virtual ated with virtual machine sprawl, lack of virtual network Server Protection for VMware, providing a simple, cost-effective visibility, and mobility. Through integration with virtualization way to manage security solutions for physical and virtualized platforms, IBM provides consolidated network-level intrusion systems across the entire IT environment. Security SiteProtector prevention and auditing of the virtual environment, reducing System provides a central management point to control security the need for network traffic analysis in the guest operating policy, analysis, alerting and reporting. system. Through this approach, organizations can limit the security footprint per guest OS, thereby eliminating redundant Security management solutions resource consumption and reducing security management IBM provides a wide range of security management offerings, complexity. from managed services to plug-and-play solutions: Solutions backed by IBM X-Force ● IBM Managed Security Services offers the option to outsource IBM security excellence is driven by the world-renowned the deployment and management of your security products, X-Force team, which provides the foundation for IBM’s preemp- thus reducing the cost and complexity of training and main- tive approach to Internet security. This leading group of security taining in-house staff. IBM Managed Security Services also experts researches and evaluates vulnerabilities and security offers an innovative and simple way to secure the virtual issues, develops assessment and countermeasure technology for infrastructure by choosing to have IBM manage your security IBM security products, and educates the public about emerging operations from one of eight IBM operation centers around Internet threats. the world. Called the IBM Virtual-Security Operations Center (Virtual-SOC), this service is designed to ensure that all physical and virtual security solutions are active and updated with the latest patches and software updates, including security intelligence provided by the IBM X-Force research and development team.
  • 11. IBM Software 11 The X-Force team delivers security intelligence that customers Summary can use to improve the security of their networks and data. Without a doubt, virtualization has changed—and is changing— Regardless of whether the product is a physical 1U appliance or how organizations run, manage and store applications and data. a piece of software installed on a virtual machine, the same secu- New, complex technologies are rapidly increasing the potential rity intelligence and threat content developed by the X-Force for more gaps in protection. team is installed on that IBM security device and helps manage the threat mitigation process. Virtualization security need not mean scrapping current security investments in IPS technology, firewalls or multifunction In addition to providing security content updates to IBM secu- devices. Networks will always have some amount of physical rity products, the X-Force team also provides the IBM X-Force hardware, and virtual security will always be limited by a finite Threat Analysis Service (XFTAS). The XFTAS delivers cus- amount of resources. But you do need to plan now and consider tomized information about a wide array of threats that could how to best protect your physical and virtual resources. affect your network through detailed analysis of global threat conditions. IBM continues to develop solutions that not only help protect capital investments and confidential data, but also make it easy to track, monitor, automate and manage your critical infrastructure resources, including those in the virtualization stack.
  • 12. For more information To learn how IBM can help you enable secure virtualization, contact your IBM representative or IBM Business Partner, or visit ibm.com/tivoli/security. To learn more about IBM virtualization solutions, visit ibm.com/services/us/iss/ html/virtualization-security-solutions.html © Copyright IBM Corporation 2011 IBM Corporation Software Group Route 100 Somers, NY 10589 U.S.A. Produced in the United States of America January 2011 All Rights Reserved IBM, the IBM logo, ibm.com and X-Force are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml Other company, product and service names may be trademarks or service marks of others. References in this publication to IBM products and services do not imply that IBM intends to make them available in all countries in which IBM operates. No part of this document may be reproduced or transmitted in any form without written permission from IBM Corporation. Product data has been reviewed for accuracy as of the date of initial publication. Product data is subject to change without notice. Any statements regarding IBM’s future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only. The information provided in this document is distributed “as is” without any warranty, either express or implied. IBM expressly disclaims any warranties of merchantability, fitness for a particular purpose or noninfringement. IBM products are warranted according to the terms and conditions of the agreements (e.g. IBM Customer Agreement, Statement of Limited Warranty, International Program License Agreement, etc.) under which they are provided. The customer is responsible for ensuring compliance with legal requirements. It is the customer’s sole responsibility to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law or regulation. Please Recycle SEW03016-USEN-01