There is plenty of hype and confusion about how to properly secure virtual infrastructures and the state of the netsec industry relative to the growth of virtualization. I would like to step up and take a few swings at the issues and offer up a new Gartner webcast in an effort to dispel some of the myths and hype.
For example, some netsec experts argue that nothing changes with virtualization. They’ll be using their existing firewall and IPS technologies in a combination with restrictive policies in an attempt to secure these highly-fluid, mutating environments. Lot’s of luck. While this may be the end-game promoted by mainstream security vendors, it will end up restricting virtualization to a level where the payoff is minimized.
The “Inflexibility Policy” Myth
Imagine investing in a virtual environment then hamstringing it with all of the inflexibility, manual labor and kluge of the infrastructure it replaced. The inflexibility policy myth means that policies and procedures could be used to make virtual infrastructures behave like physical ones. In short, effective security would mean ineffectual virtualization. That delusion is bound to eventually cost a few jobs, either on the ops team or the netsec team… depending on who gets blamed for the decision.
If the netsec team is figuring that policies to limit flexibility (prohibit offline/online/VMotion or snapshot/revert) are the best approach to compensating for netsec hardware shortcomings, you may want to educate them about why you’re virtualizing in the first place. Flexibility is one of the key drivers of the payoff. You might also want to advise them that “inflexibility policies” will be harder to enforce in a virtual infrastructure that delivers… unprecedented flexibility.
The NetSec Hardware Myth
Some netsec pros might also think that their existing firewalls and intrusion prevention systems will be up to the task, despite expert advice to the contrary, including the recent Gartner report on virtsec firewall limitations covered in Network World. Most existing perimeter security appliances will not be able to see or secure inter-VM traffic. They were never architected with the level of protocol fluency to understand the traffic flows, and their form factors will continue to require specialized hardware, a flashback to the recently departed past.
So until netsec solutions transform themselves into software only form factors that can accurately inspect and correct traffic without false alarms and fat footprints, leading vendors depending on product strengths for revenue might as well plan an HQ move to a lower labor cost country.
Netsec hardware is about to be commoditized by the coming virtualization of its shrinking habitat. No more pipes. No more custom hardware. No more false alarms. No more services revenue stemming from the noise and mayhem that these older systems generate looking for suspicious patterns and permutations.
Virtualization represents a sea change for the network hardware business, not unlike the impact that the emergence of the desktop OS had on the mainframe. Yes, we still have mainframes. Yes, virtualization is a kind of return to the days of hold. If you’re thinking about emailing me that there are still mainframes or that virtualization is really a return to the mainframe (and therefore nothing new) you’re not getting my point. The hardware infrastructure that emerged with the rise of desktop computing and the internet is about to collapse back into the server.
That model is infinitely more scalable, more dynamic and more flexible than the world of pipes, racks and screwdrivers. That is why virtualization will win out over daisy chains of specialized hardware.
The Hypervisor Attack Vector Myth
Some deep security experts suggest that there are new hypervisor-specific attacks that pose real, catastrophic threats. As I commented while on an InformationWeek panel last month, the hypervisor is modern code with a very lean attack surface. Compare that lean hypervisor code to the layers of code and sizable population of known vulnerabilities in any leading operating system or application/database. Then look at the rate of change now possible in a virtual infrastructure. The risks related to VM state changes, sprawl and even VM theft (using existing attacks against existing vulnerabilities) are much higher than an attack against the hypervisor itself.
Existing vulnerabilities in a fluid environment are the real issue. Existing netsec hardware wasn’t ever intended to defend this kind of environment, and most solutions are exploit-centric and protocol/application unaware. They cannot stop an attack that they cannot see. They cannot see traffic between VMs. And in the meantime they could generate exponential increases in false alarms as suspicious traffic ripples through interconnected, fluid VM meshes as they architect “klugeworks” into VM traffic meshes.
So where do we go from here? Rather than repeat points made in earlier Archimedius blogs I thought I would add this new Gartner virtsec webcast to the conversation.
Gartner Webcast: Virtualization- A Secure Approach
The background: In an effort to bring clarity to the virtsec debate AMD and Blue Lane asked Gartner to produce a definitive webcast to take viewers through key topics and issues. What are the real risks and considerations? What should be done about them?
Three leading experts were assembled to share their viewpoints: Neil MacDonald at Gartner, Leendert van Doorn at AMD and Blue Lane’s Allwyn Sequeira.
Neil kicks off the session by talking about the critical security issues and challenges inherent with virtualization, what aspects are usually underestimated or overestimated, building blocks for the trusted hypervisor and the growing specter of unmanaged VMs. Neil also offers many of his security recommendations for virtual infrastructures.
Neil is followed by AMD Fellow Leendert van Doorn who talks about the risks and challenges in securing the hardware layer (including VM theft) and AMD’s perspective.
Blue Lane SVP Allwyn follows Leendert and talks specifically about VM-specific virtsec issues and Blue Lane’s protocol-centric approach. Allwynn also talks about the issues I’ve just discussed.
Don’t let the 53 minute length intimidate you. The slide manager on the left side of the presentation allows you to click through at your own pace. You can advance, repeat and listen at your own leisure.
Disclosure: I'm the VP Marketing at Blue Lane Technologies.