AOP

3490 information technology white papers from 530 companies

Search Join Download

HomeIT & Systems Management > Security Solutions > Managed Security Services > Research Abstract case studies

White Paper

< back to search results

Top 10 tips for keeping virtualised data centres secure

Company: Sophos

Sophos case study

Category: Managed Security Services

Published: June 2010

Format:

download

Overview

There has been much discussion of potential new attack vectors in virtual systems, such as Blue Pill, Red Pill and hypervisor (or virtual machine) rootkits. Any software can have vulnerabilities and the virtualization layer is no exception to this rule. Although such attacks are viable, the more common attack vector remains identical to that of physical systems. Malicious code, exploits and hackers are still the major risk – targeting the application layer and the user (through social engineering) rather than shifting to expensive and difficult new attack vectors.

Over time, an increase in attacks on the virtualization layer is likely. However, it is likely that attacks on the OS or application layer will remain the majority. Unfortunately, while many enterprises chase protection against the new class of potential threats in development, they ignore the basics, which leads to high risk of compromise. Equally, compliance standards are applicable to virtual systems, but enterprises typically overlook them.

New protection models to secure virtual systems are emerging, such as the idea of scanning multiple virtual machines from a single point using hypervisor inspection. Moving protection capabilities outside the virtual machine could make attack from malware significantly more difficult, providing more comprehensive and robust protection. Many of these new models hold great promise for delivery of better security but are still immature. There is a great deal of work to be done before these models can provide an effective, stable replacement to existing protection.

Until these areas mature and the nature of the threat evolves, enterprises need to ensure they extend their existing protection in to the virtual world. Security is not a new practice and
virtualization does not invalidate the many years of knowledge security practitioners have acquired. In short, the fundamental existing framework for IT security has not drastically changed, but there are opportunities for optimization and considerations for a virtual environment.

Tags: Security. Virtualisation, Server, Anti-virus, protection, endpoint security.

Rating: + 6

download

People who read this also read these

More from Sophos

view all from Sophos

Categories related to Managed Security Services

Our partners

  • AccountancyAge.com
  • BusinessGreen.com
  • Computing.co.uk
  • ChannelWeb.co.uk
  • FinancialDirector.co.uk
  • theINQUIRER.net
  • iwr.co.uk
  • LegalWeek.com
  • ManagementConsultancy.co.uk
  • V3.co.uk
  • Risk.net
  • waterstechnology.com

© Incisive Media Investments Limited 2013, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093.

Site Credentials:

Join our Community:

Related websites:

Accreditations: