virtualisation &
cloud computing
Safety First
Virtualisation has many benefits when it comes to scaling and money saving, but leaves many
organisations facing security challenges. So, does virtualisation necessarily mean vulnerability?
Liviu Arsene, senior e-threat analyst at Bitdefender, discusses how businesses can defend their
virtual environments against advanced attacks.
V
irtualisation is at the heart of
today’s data centres because
it enables better hardware
resource management and
eases costs, empowering
businesses to optimise performance
and remain agile when scaling
resources or building new services.
Security challenges
addressing virtual environments
are both network related and
in-guest related, as traditional
endpoint security solutions were
not built for the performance
requirements of virtualisation.
For example, AV storms caused
by security solutions in virtual
machines when simultaneously
fetching updates can cause
significant network downtimes
and VM performance issues.
26 | July 2017
With advanced and
sophisticated threats leveraging
zero-days in commonly deployed
applications, the risk of having an
entire cluster of VMs infected if one
is infected is significantly higher.
This means that, although VMs
are isolated from each other by
the hypervisor, the context that a
security solution has is still limited
to the virtual endpoint.
Virtualisation and
advanced threats
The issue with advanced threats is
that they leverage vulnerabilities
in either popular applications or
within the operating system itself,
to gain persistency on the machine.
Persistency means that, regardless
of whether the VM is running a
traditional security solution, the
advanced piece of malware can
evade detection and even disable
security mechanisms to exfiltrate
data or perform cyberespionage.
Rootkits and bootkits are two
examples that can compromise
guest VMs and remain persistent,
potentially for a long time. Detecting
these threats is usually problematic
as the traditional security solution
‘tricks’ the operating system into
giving false information to the
security solution. Consequently,
traditional security solutions don’t
have sufficient context to identify
advanced threats.
Since traditional security
solutions and advanced malware
usually ‘fight’ for the same level