By David Phillips, product manager, Wick Hill
So
you have you a shiny new virtual environment up and running. You may
have virtualised all your servers, so that your business-critical
databases, CRM systems, ERP applications and email all reside in a
virtual environment. It has been a long project, but now it is complete
and you are experiencing the operational, performance and cost gains.
Stop! Think! Have you covered all the bases? Have you thought about
security?
I
ask the security question a lot, and in most cases the response is
either: "Security is not my responsibility." or ‘"Yes I have considered
this and we have implemented the same security as we had in our physical
environment."
These
responses illustrate a common misconception - that a virtual
environment is inherently more secure than a physical one. This is
wrong. A malware attack doesn't distinguish between a physical or
virtual device. Cybercriminals pay little regard to the environment.
They are just looking for the easiest way in! There are even Trojan attacks designed specifically to attack virtual machines.
Another
objection I hear to my security questions is that malware cannot
survive the decommissioning of non-persistent virtual machines (VM).
Again, rubbish. Some malware can jump from VM to VM and from host to
host.
Finally,
cyber-crime does not stand still. There has been a massive increase in
the volume of malware and the attacks are constantly evolving, leaving
physical and virtual environments at risk.
There
are three options for securing your virtual infrastructure - that is,
of course, excluding the fourth option of having no security at all!
1. Traditional ‘agent-based' security
This
can provide you with a good solution, although there are some
significant drawbacks. Consider the reasons you moved to a virtual
environment in the first place. Cost savings and optimisation are
likely to be included in your rationale. By installing software not
optimised for a virtual estate, you are loading a separate copy of
anti-malware, software and signature updates on every endpoint. This
duplication is massively wasteful in a VM environment.
On
top of this you have the resource nightmare of potential ‘AV storms'.
All your VMs updating at the same time slows everything down and can
even bring your environment to a complete halt. You can also leave your
systems vulnerable through what's known as an ‘Instant On Gap,' the
window of time after a VM spins up, but before the agent on that VM
downloads the latest security updates.
For
virtual systems, optimum consolidation ratios ( the greatest possible
density of VMs for your money) is the main goal. Traditional protection
is inefficient in virtual environments, taking up resources which could
be used to add more VMs. However, at least with this approach, you are
protected and have not left your systems vulnerable to attack.
2. ‘Agentless' Security
This
is the next option. Now we are moving on to protection that is
designed to optimise security in a virtual infrastructure. The security
software is loaded onto its own secure virtual machine and no agent
resides on the other VMs in the estate. This allows them to run
smoothly with no duplication or redundancies, helping to make the most
of your investment. It also means you can get the security up and
running very quickly and there is no need for time consuming reboots.
This
approach is at the other end of the spectrum to the ‘agent-based'
approach, addressing most, if not all, of the downsides. However, you
don't get something for nothing and if you look at this approach in more
detail, there are a few drawbacks.
Firstly,
you are relying on your security vendor integrating with the
virtualisation vendor. This means that the range of advanced features
such as application control, device control and web control may not be
available to you. Also, some virtualisation vendors don't have the
technology inbuilt to enable this approach. You are moving back to pure
anti-virus/anti-malware protection, with none of the enhanced options
endpoint security gives you.
So
if ‘agent- based' is at one end of the spectrum and ‘agentless' is at
the other, is there another option that gives you the best of both
worlds? The answer is yes - with ‘light-agent' security.
3. ‘Light-agent' security
In
this architecture, the security software is still loaded onto a secure
virtual machine, but an additional lightweight agent is installed on
each VM. This unlocks the potential for deeper, multi-layered
protection, including features such as web, device and application
policy enforcement. Now you have achieved most of the benefits of the
‘agent-based' and ‘agentless' approach, giving you the flexibility to
setup the most appropriate security posture for your environment.
You
may now be scratching your head and wondering how you are supposed to
manage all of this and your workstations, laptops and mobile devices.
You are managing enough different consoles at the moment. You want to
keep things as simple and straightforward as possible because complexity
is the enemy of security.
There
are security vendors out there that enable you to manage all types of
endpoints from one single console. This allows you to effectively
manage your security policies and close any gaps that would exist, when
using multiple products and management consoles. However, be aware that
not all ‘single' consoles are identical. Some provide a portal into
multiple other consoles (with different interfaces).
Conclusion
Kaspersky Lab has a platform that supports all of these options Kaspersky Endpoint Security for Business
is ‘agent-based' and offers a full range of endpoint security features
including: application, web and device control; mobile security and
mobile device management; encryption; systems management; and of course
award winning, multi-layered, anti-malware technology. This can be
installed on a wide range of virtual platforms. Kaspersky also have Kaspersky Security for Virtualization, if you decide to go for the ‘agentless' and ‘light agent' approach.
Whichever
you choose you can manage everything through one single console, the
Kaspersky Security Center, giving you the flexibility to have a mixed
physical and virtual environment managed from one place.
There
are other solutions out there that provide many of the above benefits.
However, with the rapid changes in the threat landscape over the last
nine months, one thing is certain - doing nothing is no longer a viable
option.