White Paper The Dynamic Nature of Virtualization Security

Similar documents
Vulnerability Management

Leveraging Security Risk Intelligence

Continuous Network Monitoring

How To Monitor Your Entire It Environment

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

Tenable Webcast Summary Managing Vulnerabilities in Virtualized and Cloud-based Deployments

Attack Intelligence: Why It Matters

Integrated Threat & Security Management.

The Nexpose Expert System

How To Protect A Virtual Desktop From Attack

How To Test For Security On A Network Without Being Hacked

Top 20 Critical Security Controls

ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT

PCI DSS Overview and Solutions. Anwar McEntee

Extreme Networks Security Analytics G2 Vulnerability Manager

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

Cloud and Data Center Security

IMPROVING VULNERABILITY MANAGEMENT EFFECTIVENESS WITH APPLICATION SECURITY MONITORING

Trend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION

Breaking down silos of protection: An integrated approach to managing application security

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

QRadar SIEM and FireEye MPS Integration

How To Protect Your Cloud From Attack

NYS LOCAL GOVERNMENT VULNERABILITY SCANNING PROJECT September 22, 2011

IT Security & Compliance. On Time. On Budget. On Demand.

Worldwide Security and Vulnerability Management Forecast and 2008 Vendor Shares

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

CORE Security and GLBA

SECURITY FOR VIRTUALIZATION: FINDING THE RIGHT BALANCE

Production Security and the SDLC. Mark Kraynak Sr. Dir. Strategic Marketing Imperva

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Total Protection for Compliance: Unified IT Policy Auditing

ALTOR NETWORKS SECURES VIRTUALIZED DATA CENTERS WITH INDUSTRY S FIRST VIRTUAL NETWORK FIREWALL AND SECURITY ANALYZER

Vulnerability management lifecycle: defining vulnerability management

2010 State of Virtualization Security Survey

Catbird 6.0: Private Cloud Security

IBM Security Intelligence Strategy

McAfee Server Security

Streamlining Patch Testing and Deployment

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk

Redhawk Network Security, LLC Layton Ave., Suite One, Bend, OR

McAfee Database Security. Dan Sarel, VP Database Security Products

1 Introduction Product Description Strengths and Challenges Copyright... 5

PCI DSS Top 10 Reports March 2011

IBM Security QRadar Vulnerability Manager

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Virtualization Essentials

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

IBM Managed Security Services Vulnerability Scanning:

THE TOP 4 CONTROLS.

Security-as-a-Service (Sec-aaS) Framework. Service Introduction

The Benefits of an Integrated Approach to Security in the Cloud

Whitepaper. Continuous Testing of Production Web Applications

I D C A N A L Y S T C O N N E C T I O N

END TO END DATA CENTRE SOLUTIONS COMPANY PROFILE

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

Proactive Vulnerability Management Using Rapid7 NeXpose

Cisco Security Optimization Service

Securing the Cloud with IBM Security Systems. IBM Security Systems IBM Corporation IBM IBM Corporation Corporation

can you improve service quality and availability while optimizing operations on VCE Vblock Systems?

Avoiding the Top 5 Vulnerability Management Mistakes

Ecom Infotech. Page 1 of 6

LogRhythm and NERC CIP Compliance

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

Service Automation to implement and operate your Cloud initiatives

WHITEPAPER. Nessus Exploit Integration

IBM Security IBM Corporation IBM Corporation

Virtual Patching: a Proven Cost Savings Strategy

JUNIPER NETWORKS FIREFLY HOST ANTIVIRUS ARCHITECTURE

Preemptive security solutions for healthcare

eguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

Agio Remote Monitoring and Management

Scalability in Log Management

Two Great Ways to Protect Your Virtual Machines From Malware

What is Penetration Testing?

Virtual Cascade Shark

What a Vulnerability Assessment Scanner Can t Tell You. Leveraging Network Context to Prioritize Remediation Efforts and Identify Options

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions

CA Virtual Assurance for Infrastructure Managers

Standard: Vulnerability Management and Assessment

Network Access Control in Virtual Environments. Technical Note

Data Sheet: Server Management Altiris Server Management Suite 7.0 Essential server management: Discover, provision, manage, and monitor

Simply Sophisticated. Information Security and Compliance

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Managing IT Security with Penetration Testing

CA Virtual Assurance for Infrastructure Managers

ForeScout CounterACT. Continuous Monitoring and Mitigation

Convergence of Desktop Security and Management: System Center 2012 Endpoint Protection and System Center 2012 Configuration Manager

eguide: Designing a Continuous Response Architecture 5 Steps For Windows Server 2003 End of Life Success

Devising a Server Protection Strategy with Trend Micro

Copyright 11/1/2010 BMC Software, Inc 1

Sample Vulnerability Management Policy

Q1 Labs Corporate Overview

Netzwerkvirtualisierung? Aber mit Sicherheit!

Captaining datacenter security: putting you at the helm

Transcription:

White Paper The Dynamic Nature of Virtualization Security The need for real-time vulnerability management and risk assessment

Introduction Virtualization is radically shifting how enterprises deploy, deliver, and manage applications and data. It offers tremendous benefits for business efficiency and agility: resource consolidation for controlling costs, greater scalability and higher utilization of existing assets and applications, and flexibility for adapting assets to meet current business demands. Forrester asserts: Virtualization is the norm; deploying a physical server is the exception. It found that server virtualization is nearly ubiquitous, that 85 percent of organizations have adopted or are planning to adopt x86 server virtualization, and that 79 percent of firms have or are planning to institute a virtualization first policy. By 2014, Forrester predicts that 75 percent of all servers will be virtualized. ( The CISO s Guide to Virtualization Security, by Rick Holland, et al., Forrester Research, Inc., January 12, 2012.) Similarly, Information Week reports that adoption of server virtualization has grown to 97 percent in survey-respondent data centers. It also reports similar adoption rates in storage virtualization (86 percent), application virtualization (88 percent), and desktop virtualization (76 percent). ( Next-Generation VM Security, by Kurt Marko, Information Week reports, June 2012). As more enterprises virtualize their infrastructures, they also face new threat vectors. In the rush to virtualize applications and other assets and realize the fiscal and management benefits of virtualization, IT managers must continue to protect IT infrastructures from hacking incidents, inadvertent insider damage, and malware attacks. Servers, applications, networks, and end-user devices are becoming dynamic and unpredictable. Virtualized assets are susceptible to the same threats and vulnerabilities as traditional assets but traditional security devices offer limited visibility into virtualized environments, where assets and their security postures are constantly changing. Incidents in virtualized servers can escalate rapidly and cause considerable damage. Determining the risk level associated with a given vulnerability remains vital to prioritizing mitigation tasks. The cornerstones of a proactive security strategy are vulnerability management and risk assessment. However, traditional scan-and-patch vulnerability scanning approaches are inadequate for dynamic, virtualized environments. Traditional scanners cannot track changes in real time, so they cannot accurately measure constantly changing risks. Anyone charged with securing IT assets needs to understand the dynamic security risks inherent to virtualized environments, and more importantly, what to do to mitigate those risks. With security infrastructures lagging behind virtualization adoption, a vulnerability management solution that provides immediate risk assessment plays a critical role in helping security managers protect virtualized assets and data. Forrester recommends: You must extend your vulnerability management program into your virtual environment. Server hardening, including patch management and configuration management, is a core element of vulnerability management. A number of good resources are available to assist you with hardening your virtual servers. You must also ensure that you are conducting regular vulnerability assessments, including scanning and penetration testing, of the environment. You should include virtualization-specific penetration tests to validate the hardening and security controls of the environment. (Forrester, Ibid., p. 9) Scheduled scans remain useful in virtualized environments, but the dynamic character of virtualization presents new kinds of risk. The constantly fluctuating environment requires continuous and comprehensive security monitoring to detect changes as they happen.

The vulnerability management solution should include these capabilities: Deployable as a virtual machine (VM) Discover and scan VMs as they spin up and down for vulnerabilities and misconfigurations. Detect snapshot rollbacks and scan after restores Track asset migrations and proactively monitor their security postures To better understand the need for these capabilities, consider the challenges and solutions below. Challenge: On or Off? Virtual machines spin up and down all day long. Some VMs may activate many times a day, while others may spin up once a month. An IT administrator can provision, operate, and delete a VM before a traditional vulnerability scanner can check it for vulnerabilities. Periodic scans assign inactive VMs a risk score of 0. There s inherent risk if that potentially-vulnerable VM spins up again before the next periodic scan kicks off. Solution: Automated Discovery and Scanning Security managers need to know when VMs become active, so they have the option to scan them immediately and assess their risk levels. Without requiring operator intervention, the vulnerability management solution should be able to interact with the hypervisor to detect VMs as they come online and maintain an accurate database of discovered resources. More importantly, a security manager should have the option to configure the vulnerability management solution to automatically scan critical resources when they spin up and issue a scan report upon completion. Challenge: Snapshot Rollbacks Storage snapshots are a valuable data protection capability. However, a rollback or restore may expose a VM, and the system it resides upon, to a previously fixed vulnerability. For example, rollbacks may revert a VM to an older software version that needs critical patching. A periodic scan may not discover this exposure for days or weeks. Another scenario is a rollback reinstates a configuration error or other vulnerability that is exploitable by malware, and a malware attack may have caused the crash. Solution: Rollback Detection and Automated Scanning If the vulnerability management solution is in communication with the hypervisor, it should be able to detect rollbacks and restores and send an alert to the management console. The security manager should have the option to configure the vulnerability management solution to automatically scan assets after a rollback or restore and issue a scan report upon completion. For example, such scans can immediately verify that software versions remain compliant with policies after a rollback, or expose the exploitable errors or vulnerabilities and allow security managers to mitigate them.

Challenge: Virtual Machine Migration Live migrations of VMs to other hosts, using features such as VMware vmotion, helps server managers adjust server utilization and maintain performance levels without service interruption. Migrations may be a proactive management task, but more often they occur as a result of a catastrophic failure. Some failures, such as loss of an asset pool, can trigger migrations to another asset pool or even to another site. The security manager needs visibility to track migrations as they happen, verifying that security posture of migrated assets does not change. Solution: Automated Scanning Vulnerability assessments can help security managers determine the cause and type of such a failure. They need visibility not only within an asset pool or site, but among multiple pools or sites in the case of co-located or distributed data centers. The hypervisor detects the migration, and the vulnerability management solution should recognize it and send an alert to the security manager. Again, the security manager should have the option to configure the vulnerability management software to automatically scan migrated assets and issue a scan report upon completion. What About Hypervisor Security? A 2009 IBM report suggested that the hypervisor platform contained dozens of vulnerabilities. This report sparked industry discussions that securing a virtualized environment presents a new set of risks, but emphasized securing the hypervisor itself. Hypervisor vulnerabilities are static. Conventional scanners can identify these vulnerabilities, and administrators can remediate them using conventional scan-and-patch processes. The IBM study failed to address the dynamic nature of the entire virtualized infrastructure. There is general agreement that the hypervisor is an ideal location to deploy security solutions such as anti-malware systems. That said, in a 2011 report, Forrester addressed the security of the hypervisor and concluded that it introduces some marginal risk to the server environment but that concerns are largely overblown. (Forrester, Ibid., p. 6.) Solution: Rapid7 Security Risk Intelligence Rapid7 Security Risk Intelligence is a data-driven approach to risk assessment and vulnerability management that weighs the value of data sets when measuring risk. Rapid7 offers a powerful combination of innovative vulnerability management and penetration testing solutions along with deep security expertise to identify and prioritize the dynamic security risks of virtualized environments. Rapid7 Nexpose is the industry s first vulnerability management solution with capabilities, such as Continuous Discovery, designed specifically for virtualized environments. Working closely with VMware, Rapid7 continues to add virtualization-specific capabilities into Nexpose, its vulnerability management and risk-assessment solution. Nexpose is the only third party vulnerability management solution included in the VMware security reference architecture. Additionally, Rapid7 Metasploit can be used in conjunction with Nexpose to validate risk in IT environments based on actual exploitability of vulnerabilities, both in physical and in virtual environments.

How Rapid7 Can Help Rapid7 is a leader in security risk intelligence that can help you gain valuable insight into your security posture, through both products and services. Headquartered in Boston, MA, Rapid7 was founded in 2000. In response to the increasing security threat environment, the company developed its award-winning vulnerability management solution Nexpose. In 2009, Rapid7 acquired Metasploit, the leading penetration testing platform with the world s largest quality assured exploit database. The combination of both products has resulted in the company s integrated security risk intelligence portfolio, designed to provide organizations with unique insight into their threat and risk posture. Rapid7 also has a professional services unit that conducts product deployments and trainings as well as security assessments. If you have questions on how you could improve your organization s security posture, would like to evaluate Rapid7 s vulnerability management or penetration testing products, or would like to talk to Rapid7 s professional services team, please contact Rapid7 at info@rapid7.com, call +1.617.247.1717, or visit www.rapid7.com.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information