Trending keywords: security, cloud, container,

OVERVIEW

Detection and Response: What Is Virtualized Security?

We’re living in a virtualized world. Most workloads today don’t run directly on physical infrastructure. Instead, they’re hosted using hypervisors, containers, or similar virtualization technologies. They often rely on virtual networking and storage resources, too.

How do you keep these virtualized workloads secure? The answer is virtualized security. By delivering special protections optimized for virtual infrastructure, virtualized security helps businesses stay ahead of the security risks and challenges that can arise in the complex, software-defined virtual environments that proliferate today.

What Is Virtualized Security?

Virtualized security is the tools and processes that businesses use to secure workloads hosted in virtualized environments.

For example, virtualized security protects virtual machines (VMs), which are software-defined environments in which teams can run guest operating systems and applications. Virtualized security also helps to protect software-defined network and storage resources. It applies to containerized workloads and platforms like Kubernetes, too, which represent a lightweight form of virtualization.

Why Is Virtualized Security Important?

To understand why virtualized security is important, you must first appreciate just how pervasive virtualization technology is today.

Virtualized environments are any type of IT environment where applications and infrastructure depend on virtualization technology, such as containers, virtual machines, and software-defined networks.

In cloud environments, almost all resources that users consume are delivered using virtualization technology. And even if you run workloads on-premises, there’s a good chance that you use hypervisors to divide your physical servers into multiple virtual machines, for example, or that you use software-defined storage technology to pool your various physical disks into a storage service that you can share among multiple applications or servers.

Virtualized security addresses the unique security requirements of virtualized workloads. It provides protections that aren’t possible or practical when relying just on physical security protections, and it’s optimized for easy deployment of security solutions across virtualized environments.

Virtualized vs. Physical Security

To provide more context on how virtualized security delivers unique benefits that physical security solutions lack, consider how virtualized vs. physical security is different in key areas like the following:

  • Virtual machines hypervisors: Hypervisors – meaning the software that powers virtual machines – add another layer to software stacks that needs to be secure. Vulnerabilities in hypervisors themselves, as well as overly permissive access control policies that govern which users can do what with individual VMs, can create security risks that don’t apply in a physical environment that lacks hypervisors or virtual machines. Virtualized security addresses these unique security requirements of hypervisor technology.
  • Containers: Containers – which are essentially a lightweight form of virtualization that relies on OS-level abstraction to host workloads instead of hypervisors – also create special security challenges that don’t apply to physical infrastructure. Virtualized security addresses risks like vulnerabilities inside container images or root-level access for processes running inside containers.
  • Networking: To secure a network using physical security technology, you’d have to deploy physical switches that can run firewalls to enforce network security rules on packets as they flow across physical interfaces. But with virtualized security, you can implement firewalls in software in order to protect virtual networks, even if they are not directly tied to physical network infrastructure.
  • Storage: Your ability to secure physical storage is limited to strategies like encrypting entire disks and enforcing access control rules at the file system level. With virtualized security, however, you get more flexible security policies that can be applied in a granular way to virtualized storage infrastructure. You can, for instance, apply different security rules to each object storage bucket in a scale-out storage pool, or apply different encryption policies to different disk partitions.

How Safe Are Virtual Machines and Virtualized Infrastructure?

To be clear, virtual machines and other forms of virtualized infrastructure are not inherently less secure than physical infrastructure. In fact, in some respects, virtualized infrastructure is more secure because it provides a greater ability to segment workloads from one another and apply granular security policies on a workload-by-workload basis. If you run all of your workloads directly on a physical server, it’s much harder to isolate them and define different security policies for each application or storage resource.

In other respects, however, virtual machines and virtualized infrastructure create special security challenges. The main reason why is that virtualized infrastructure is more complex than physical infrastructure. Instead of having just a few physical servers and operating systems to manage, virtualized infrastructure might leave you with dozens, hundreds, or even thousands of VMs and containers.

What’s more, the networking and security resources on which virtualized workloads rely are often configured in complex, dynamic ways that make it harder to keep track of where security risks lie or to detect anomalies. For instance, it’s more difficult to trace malicious network activity to a specific host if you have virtualized infrastructure because the packets you’re tracing could be tied to a virtual network interface whose MAC address changes every time its VM restarts. Likewise, isolating malware within a scale-out, software-defined storage system is harder because you can’t simply segment a single compromised disk or file system. Instead, all of your physical disks and partitions are pooled into a single software-defined storage infrastructure.

Virtualized security helps teams stay ahead of the special security challenges that arise in highly complex and dynamic software-defined environments. It provides more flexibility and enables faster reaction to security threats than you could achieve by using physical security solutions alone.

VM Security in Cloud Computing vs. On-Premises

As noted above, virtualization technology can be used both in the cloud and on-premises. By extension, virtualized security is important in both types of environments.

That said, virtualized security tools and methodologies tend to be a bit different in the cloud because cloud admins and security teams have a lower level of access to the infrastructure they need to secure. In the cloud, users aren’t responsible for securing hypervisors or ensuring that the underlying physical servers that host VMs are secure. Cloud providers handle those tasks as part of their shared responsibility models.

That said, cloud customers are responsible for securing any workloads that they deploy on top of VMs or other virtualized infrastructure in the cloud. They must ensure that VM operating systems and applications are free of vulnerabilities. They should also use cloud providers’ Identity and Access Management (IAM) frameworks to define access control rules for virtualized infrastructure that follow the principle of least privilege.

These practices are important in an on-prem environment, too. But because businesses with on-prem infrastructure are responsible for securing the entire hosting stack, they need to address both physical and virtual security challenges that don’t apply in the cloud. In particular, they need to be sure to secure hypervisors, container runtimes, container images, container orchestrators, and any other virtualization (or lightweight virtualization) technologies that they use to power their workloads.

VM Security Best Practices

Regardless of whether your VMs or other virtualized workloads run in the cloud or on-prem, there are a core set of best practices that can help to keep them secure:

  • Use trusted OS images: Provision VMs with images from a trusted source – like major Linux distributions or commercial OS vendors. Although even images from well-known sources could contain vulnerabilities, they are less likely on the whole to be insecure than obscure images or custom OS builds.
  • Segment workloads: To the extent possible, create a different VM for each application you need to host. This is a best practice because it minimizes the risk that security problems with one application will impact other applications. If each application runs in its own VM, any exploits associated with the app will be limited to that VM.
  • Define strict access controls: Typically, not everyone on your team needs full access rights to all VM resources – and granting excessive permissions creates security risks. Avoid those risks by defining granular access control policies on a user-by-user basis tailored to each user’s requirements. One user might only need to view VMs, for instance, while another should have the ability to create new VMs.
  • Apply automatic updates: Automatically updating all layers of your VM hosting stack – which include not just the VM itself, but also the hypervisor and the OS of the underlying physical server, if you control it – is a best practice for helping to prevent vulnerabilities from creeping into your environment.

By the way, although we’re talking here mainly about VM security, many of these practices apply to containers, too. You should also use container images from trusted sources, segment containers to the extent possible, enforce least-privilege access permissions for containers, and ensure that you update containers to protect against vulnerabilities.

Conclusion

Virtualized infrastructure is everywhere today, and virtualized security is critical for protecting that virtualized infrastructure. Although physical security controls and tools remain important for businesses that are responsible for managing physical servers, virtualized security addresses the majority of security challenges that organizations face today, including both in the cloud and on-prem.