Skip to main content

Kaspersky Lab: Myths of Virtualization Security

25 June 2014

When Kaspersky Lab asked business professionals about their “IT Security Priorities” for the next 12 months, 21% of Enterprise-level IT managers said securing virtualized infrastructure was one of the top 3 items on their “to-do” list.

 

How the Wrong Security Solution Can Create More Problems than it solves

When Kaspersky Lab asked business professionals about their “IT Security Priorities” for the next 12 months, 21% of Enterprise-level IT managers said securing virtualized infrastructure was one of the top 3 items on their “to-do” list.[i] This new-found focus on virtualization security for businesses is the result of virtual machines being created to handle more critical data and tasks than in previous years.

Says, Riaan Badenhorst, Managing Director and Head of Operations for Kaspersky Lab Africa; “Virtualization is no longer a “good thing to have,” or strictly a tool for IT department testing. Rather, it is becoming a mission critical business tool and so it’s imperative that virtual environments work as planned, where they have to be secure for modern businesses to be successful.”

With this growing global focus on virtualization in mind, Kaspersky Lab has identified a few common misconceptions about virtualization security – all of which will hopefully help CIOs and their IT managers make smarter decisions about their IT security policies around Virtualization.

Myth 1:

The endpoint security software used to protect PCs and servers can as effectively handle protection of the virtual environment.

Reality: This is a very common perception, and can be the root cause of many challenges that IT departments will face while trying to secure their virtual infrastructure. Most traditional endpoint security solutions are “virtual-aware” and can provide protection for virtual environments, but it will impact performance, especially in large deployments, and can create havoc within a network. However, even worse, traditional endpoint security software can create security gaps that result from slowing down the network.

Therefore, it is essential to utilise specialised security virtualization solutions that protect virtual environments without impacting performance of the network.

Myth 2:

Existing anti-malware doesn’t interfere with the operations of the virtual environment.

Reality: It certainly does, and the performance issues noted above can actually create security gaps that didn’t exist before. Traditional endpoint security uses what’s known as an “agent-based” model. It means that each physical and virtual machine has a copy of the security software on it. This works fine for physical machines, but if you have 100 virtual machines, this means you have 100 instances of these security agents, as well as 100 instances of its malware signature database running on a single virtual host. This high level of duplication wastes storage capacity, and can create some of the security problems that were to be fixed in the first place.

In this model, if a dozen of virtual machines simultaneously start running a normal security scan, all the other applications on that hypervisor will be slowed down. This applies to other aspects of security as well. If malware is detected in a network, and the policy dictates all machines should scan for infection, the virtual network will grind to a halt and limit ability to find the malware.

Even the routine task of updating the 100 different anti-malware databases can create network traffic jams (known as Update Storms) if they’re conducted all at once, meaning some virtual machines can be unprotected from the latest threats for hours during the “staggered” release of updates.

Furthermore, consider the 08h30 start of a workday, when dozens of virtual machines are activated simultaneously. These machines haven’t received updates since they were “shut down” the night before, which means each machine is trying to pull-down the latest anti-malware updates simultaneously as well. And until these updates travel through the jammed virtual host, a process which can take a lot of time, these virtual machines are all vulnerable to yesterday’s threats.

Myth 3:

Virtual environments are inherently more secure than physical environments.

Reality: This just isn’t true. Virtualization is designed to allow software, including malware, to behave as it normally would. In the end, malware-writers will target any and all weak points in a business network to accomplish their criminal goals. And the more virtual networks become hosts for critical business operations, the bigger a target they’ll become.

Just think of the types of data virtual network touches. If an attacker compromises one virtual machine and finds a way to jump to the hypervisor, and the attacker now has access to every virtual machine on that host. In addition to virtual desktops, the attacker could potentially gain access to any virtual data-backup or storage, effectively giving the attacker access to all of a business’s data.

Myth 4:

All virtual security solutions are the same.

Reality: There are actually a handful of different approaches to virtualization security, and your infrastructure will probably need a blend of available options. The above examples were about how “agent based” security relies on processing security on each individual endpoint, and hopefully IT managers and CIOs have decided that the “agent-based” model used by traditional endpoint security isn’t optimal for their virtual infrastructure.

However, the right application, or combination of applications, depends entirely on what is about to be protected. A non-web-connected server is going to have different security needs than a virtual desktop of a server that manages sensitive information. So along with “agent based” two different types of virtualization security, known as “agent-less” and “light agent”, should be reviewed to make the right choice for a specific virtual infrastructure.

Kaspersky Security for Virtualization is such a solution. To find out more about the virtualization security options, please visit: http://www.kaspersky.com/business-security/virtualization.

There’s far more to virtualization security that can be covered. This is a critical area for global business growth over the next few years, and Kaspersky Lab’s team of global experts is leading the charge to secure this new frontier of business IT.


[i] B2B International IT Survey Risks Survey 2014

 

Kaspersky Lab: Myths of Virtualization Security

When Kaspersky Lab asked business professionals about their “IT Security Priorities” for the next 12 months, 21% of Enterprise-level IT managers said securing virtualized infrastructure was one of the top 3 items on their “to-do” list.
Kaspersky logo

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Related Articles Press Releases