DCN July 2017 - Page 26

virtualisation & cloud computing Safety First Virtualisation has many benefits when it comes to scaling and money saving, but leaves many organisations facing security challenges. So, does virtualisation necessarily mean vulnerability? Liviu Arsene, senior e-threat analyst at Bitdefender, discusses how businesses can defend their virtual environments against advanced attacks. V irtualisation is at the heart of today’s data centres because it enables better hardware resource management and eases costs, empowering businesses to optimise performance and remain agile when scaling resources or building new services. Security challenges addressing virtual environments are both network related and in-guest related, as traditional endpoint security solutions were not built for the performance requirements of virtualisation. For example, AV storms caused by security solutions in virtual machines when simultaneously fetching updates can cause significant network downtimes and VM performance issues. 26 | July 2017 With advanced and sophisticated threats leveraging zero-days in commonly deployed applications, the risk of having an entire cluster of VMs infected if one is infected is significantly higher. This means that, although VMs are isolated from each other by the hypervisor, the context that a security solution has is still limited to the virtual endpoint. Virtualisation and advanced threats The issue with advanced threats is that they leverage vulnerabilities in either popular applications or within the operating system itself, to gain persistency on the machine. Persistency means that, regardless of whether the VM is running a traditional security solution, the advanced piece of malware can evade detection and even disable security mechanisms to exfiltrate data or perform cyberespionage. Rootkits and bootkits are two examples that can compromise guest VMs and remain persistent, potentially for a long time. Detecting these threats is usually problematic as the traditional security solution ‘tricks’ the operating system into giving false information to the security solution. Consequently, traditional security solutions don’t have sufficient context to identify advanced threats. Since traditional security solutions and advanced malware usually ‘fight’ for the same level