Welcome!

CRM Authors: Xenia von Wedel, Ian Khan, PR.com Newswire, Steve Mordue

Blog Feed Post

Securing Your Virtual Environment

By David Phillips, product manager, Wick Hill

So you have you a shiny new virtual environment up and running. You may have virtualised all your servers, so that your business-critical databases, CRM systems, ERP applications and email all reside in a virtual environment. It has been a long project, but now it is complete and you are experiencing the operational, performance and cost gains. Stop! Think! Have you covered all the bases? Have you thought about security?

I ask the security question a lot, and in most cases the response is either: "Security is not my responsibility." or '"Yes I have considered this and we have implemented the same security as we had in our physical environment."

These responses illustrate a common misconception - that a virtual environment is inherently more secure than a physical one. This is wrong. A malware attack doesn't distinguish between a physical or virtual device. Cybercriminals pay little regard to the environment. They are just looking for the easiest way in! There are even Trojan attacks designed specifically to attack virtual machines.

Another objection I hear to my security questions is that malware cannot survive the decommissioning of non-persistent virtual machines (VM). Again, rubbish. Some malware can jump from VM to VM and from host to host.

Finally, cyber-crime does not stand still. There has been a massive increase in the volume of malware and the attacks are constantly evolving, leaving physical and virtual environments at risk.

There are three options for securing your virtual infrastructure - that is, of course, excluding the fourth option of having no security at all!

1. Traditional 'agent-based' security
This can provide you with a good solution, although there are some significant drawbacks. Consider the reasons you moved to a virtual environment in the first place. Cost savings and optimisation are likely to be included in your rationale. By installing software not optimised for a virtual estate, you are loading a separate copy of anti-malware, software and signature updates on every endpoint. This duplication is massively wasteful in a VM environment.

On top of this you have the resource nightmare of potential 'AV storms'. All your VMs updating at the same time slows everything down and can even bring your environment to a complete halt. You can also leave your systems vulnerable through what's known as an 'Instant On Gap,' the window of time after a VM spins up, but before the agent on that VM downloads the latest security updates.

For virtual systems, optimum consolidation ratios ( the greatest possible density of VMs for your money) is the main goal. Traditional protection is inefficient in virtual environments, taking up resources which could be used to add more VMs. However, at least with this approach, you are protected and have not left your systems vulnerable to attack.

2. 'Agentless' Security
This is the next option. Now we are moving on to protection that is designed to optimise security in a virtual infrastructure. The security software is loaded onto its own secure virtual machine and no agent resides on the other VMs in the estate. This allows them to run smoothly with no duplication or redundancies, helping to make the most of your investment. It also means you can get the security up and running very quickly and there is no need for time consuming reboots.

This approach is at the other end of the spectrum to the 'agent-based' approach, addressing most, if not all, of the downsides. However, you don't get something for nothing and if you look at this approach in more detail, there are a few drawbacks.

Firstly, you are relying on your security vendor integrating with the virtualisation vendor. This means that the range of advanced features such as application control, device control and web control may not be available to you. Also, some virtualisation vendors don't have the technology inbuilt to enable this approach. You are moving back to pure anti-virus/anti-malware protection, with none of the enhanced options endpoint security gives you.

So if 'agent- based' is at one end of the spectrum and 'agentless' is at the other, is there another option that gives you the best of both worlds? The answer is yes - with 'light-agent' security.

3. 'Light-agent' security
In this architecture, the security software is still loaded onto a secure virtual machine, but an additional lightweight agent is installed on each VM. This unlocks the potential for deeper, multi-layered protection, including features such as web, device and application policy enforcement. Now you have achieved most of the benefits of the 'agent-based' and 'agentless' approach, giving you the flexibility to setup the most appropriate security posture for your environment.

You may now be scratching your head and wondering how you are supposed to manage all of this and your workstations, laptops and mobile devices. You are managing enough different consoles at the moment. You want to keep things as simple and straightforward as possible because complexity is the enemy of security.

There are security vendors out there that enable you to manage all types of endpoints from one single console. This allows you to effectively manage your security policies and close any gaps that would exist, when using multiple products and management consoles. However, be aware that not all 'single' consoles are identical. Some provide a portal into multiple other consoles (with different interfaces).

Conclusion
Kaspersky Lab has a platform that supports all of these options Kaspersky Endpoint Security for Business is 'agent-based' and offers a full range of endpoint security features including: application, web and device control; mobile security and mobile device management; encryption; systems management; and of course award winning, multi-layered, anti-malware technology. This can be installed on a wide range of virtual platforms. Kaspersky also have Kaspersky Security for Virtualization, if you decide to go for the 'agentless' and 'light agent' approach.

Whichever you choose you can manage everything through one single console, the Kaspersky Security Center, giving you the flexibility to have a mixed physical and virtual environment managed from one place.

There are other solutions out there that provide many of the above benefits. However, with the rapid changes in the threat landscape over the last nine months, one thing is certain - doing nothing is no longer a viable option.

ENDS

For further press information, please contact Annabelle Brown on 01326 318212, email pr@wickhill.com. For reader queries, contact Wick Hill on 01483 227600. Web www.wickhill.com

Source: RealWire

Read the original blog entry...

More Stories By RealWire News Distribution

RealWire is a global news release distribution service specialising in the online media. The RealWire approach focuses on delivering relevant content to the receivers of our client's news releases. As we know that it is only through delivering relevance, that influence can ever be achieved.

IoT & Smart Cities Stories
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...
The standardization of container runtimes and images has sparked the creation of an almost overwhelming number of new open source projects that build on and otherwise work with these specifications. Of course, there's Kubernetes, which orchestrates and manages collections of containers. It was one of the first and best-known examples of projects that make containers truly useful for production use. However, more recently, the container ecosystem has truly exploded. A service mesh like Istio addr...
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how to navigate through this time of disruption. He is also the founder of The Institute for Digital Transformation and a sought after keynote speaker. He has been a regular contributor to both InformationWeek and CIO Insight...
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitoring and Cost Management … But How? Overwhelmingly, even as enterprises have adopted cloud computing and are expanding to multi-cloud computing, IT leaders remain concerned about how to monitor, manage and control costs across hybrid and multi-cloud deployments. It’s clear that traditional IT monitoring and management approaches, designed after all for on-premises data centers, are falling short in ...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...