Skip to main content

Emerging Technologies - Virtual Security | Optiv

November 21, 2011

Virtual Security is garnering a lot of attention these days. With the mass adoption of virtualization technologies, traditional security tools are proving ineffective or providing significant architecture challenges to be deployed in a scalable manner. We all know why we need this technology. The benefits of virtualization, savings and efficiency gains have been pored over and beaten into our heads. But how many of us are thinking about how we architect virtualization to meet not only business needs and application requirements but to do so in a way that maintains or improves our security posture?

Virtualization drives cultural and political changes. We all know that change is hard. But if during this change it allows information security, security operations and security policy personnel to get involved from the introduction, we can minimize the very real risk to relapse to a less secure posture. Key technologies like firewalls and IPS can become blind or bypassed altogether when virtualization is introduced to the environment. Network segmentation often falters, resulting in the comingling of security zones. Compliance becomes more challenging as auditors now tell you, “Everything under the same hypervisor is created equal.” Uh-oh.

Many vendors are working to solve the vSec problem, and there are a few different ways that the issues are being addressed through hypervisor integration, virtual appliances and virtual/physical networking. All can ultimately offer about the same end result, but usually at some cost — physical hardware (which we’re trying to eliminate), overhead on the virtual environment (which is supposed to be faster, more scalable and cost less) or potentially the compromise of inspection capabilities.

In the virtual/physical networking scenario, traffic is routed out of the virtualized environment to traditional security tools and then back into the environment. While this can allow you to leverage the same security fabric you have deployed, it can also cause additional latency and overhead on the network and Virtualized platform.

Virtual Security 1

Virtual appliances also have similar effects. For the most part, these technologies leverage “slow-path” processing where network traffic must be routed through the virtual network to reach the tool and then back to the original destination. This causes additional overhead on the entire platform; however, a majority of vendors currently support virtual appliances as a deployment method to enable familiar tools and management components to be leveraged.

Virtual Security 2

Hypervisor integration is the ideal solution for network security tools in the virtualized environment. Today, there are a limited number of tools that integrate to this degree. These technologies typically still require a virtual appliance. However, the traffic is intercepted via the hypervisor or kernel and passed through the inspection engine with no visible changes to the architecture. Deployment is much more seamless, and the processing impact is minimized to the virtualized environment.

Virtual Security 3

In short, there’s no silver bullet. No matter what the fancy marketing slicks say, no one technology is going to lock down a virtualized environment, check all the compliance check boxes and make you invincible. But, if we stick to the things we know — identifying critical assets and data and then applying the proper segmentation, access control, logging and detection technologies, we can leverage virtualization in a secure manner while still harnessing (almost all) of the benefits.

Related Information:

Five Best Practices to Protect Your Virtual Environment by Juniper

When Desktops Go Virtual – Addressing Security Challenges in VDI by Trend Micro

Related Blogs

September 05, 2012

Security in the Virtual World | Optiv

There is a popular saying among Texas residents who are not native to the state: “I wasn’t born in Texas, but I got here as fast as I could.” That pit...

See Details

March 16, 2015

Create a Budget-Friendly Virtual Private Server with a Metasploit Instance

Whether a requirement for anonymity arises during a penetration test or simply to stand up another Metasploit instance, we can do so easily with VPS p...

See Details

December 14, 2010

Virtualized Security Works Best on the Basics | Optiv

Industry analyst firm Gartner says that virtualization projects are currently the number one priority for CIOs.  Yet Gartner also reports that, “Throu...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

July 21, 2015

Data Security Solutions

Learn how we can help secure your date throughout its lifecycle.

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

July 21, 2015

Application Security Solutions

Learn how Optiv can help with web, email and application protection.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.