2010 State of Virtualization Security Survey



Similar documents
managing the risks of virtualization

Protect Root Abuse privilege on Hypervisor (Cloud Security)

Securing the Cloud with IBM Security Systems. IBM Security Systems IBM Corporation IBM IBM Corporation Corporation

Netzwerkvirtualisierung? Aber mit Sicherheit!

Continuous Network Monitoring

How To Protect Virtualized Data From Security Threats

Securing the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC

White Paper The Dynamic Nature of Virtualization Security

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

ALTOR NETWORKS SECURES VIRTUALIZED DATA CENTERS WITH INDUSTRY S FIRST VIRTUAL NETWORK FIREWALL AND SECURITY ANALYZER

Mitigating Information Security Risks of Virtualization Technologies

controlling the risks and costs surrounding dormant vms

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

THE TOP 4 CONTROLS.

Meeting the Challenges of Virtualization Security

Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

Virtualization and Cloud: Orchestration, Automation, and Security Gaps

Secure Administration of Virtualization - A Checklist ofVRATECH

Vulnerability Management

Enterprise Security and Risk Management

Network Access Control in Virtual Environments. Technical Note

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

Secure Multi Tenancy In the Cloud. Boris Strongin VP Engineering and Co-founder, Hytrust Inc.

Network Segmentation in Virtualized Environments B E S T P R A C T I C E S

Database Security, Virtualization and Cloud Computing

Strategies for assessing cloud security

Making Data Security The Foundation Of Your Virtualization Infrastructure

How To Protect Your Cloud From Attack

Worldwide Security and Vulnerability Management Forecast and 2008 Vendor Shares

Privilege Gone Wild: The State of Privileged Account Management in 2015

Server Virtualization A Game-Changer For SMB Customers

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Shavlik NetChk Protect 7.1

How Data-Centric Protection Increases Security in Cloud Computing and Virtualization

Configuring Virtual Switches for Use with PVS. February 7, 2014 (Revision 1)

Managing IT Security with Penetration Testing

Monitoring Windows Workstations Seven Important Events

Privilege Gone Wild: The State of Privileged Account Management in 2015

Sarbanes-Oxley Act. Solution Brief. Sarbanes-Oxley Act. Publication Date: March 17, EventTracker 8815 Centre Park Drive, Columbia MD 21045

Safeguarding the cloud with IBM Dynamic Cloud Security

Overcoming The Blind Spots in Your Virtualized Data Center

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

White Paper. 7 Questions to Assess Data Security in the Enterprise

An overwhelming majority of IaaS clouds leverage virtualization for their foundation.

Agentless Security for VMware Virtual Data Centers and Cloud

How To Protect A Virtual Desktop From Attack

How to Achieve Operational Assurance in Your Private Cloud

A Trend Micro ebook / 2009

McAfee Server Security

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Critical Security Controls

Assuring Application Security: Deploying Code that Keeps Data Safe

THE HYPER-CONVERGENCE EFFECT: DO VIRTUALIZATION MANAGEMENT REQUIREMENTS CHANGE? by Eric Siebert, Author and vexpert

IBM Security Intrusion Prevention Solutions

Security Auditing in a Virtual Environment

2010 Virtualization and Cloud Computing Survey

International Journal of Scientific & Engineering Research, Volume 5, Issue 1, January-2014 ISSN

Ease Server Support With Pre-Configured Virtualization Systems

Avoiding the Top 5 Vulnerability Management Mistakes

Security and Cloud Computing

Trend Micro Deep Security

HP Virtual Controller and Virtual Firewall for VMware vsphere 1-proc SW LTU

Virtualization Impact on Compliance and Audit

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement... 2

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

Strategies for Protecting Virtual Servers and Desktops

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

Tenable Webcast Summary Managing Vulnerabilities in Virtualized and Cloud-based Deployments

Database Security in Virtualization and Cloud Computing Environments

Top virtualization security risks and how to prevent them

The Challenges of Securing Hosting Hyper-V Multi-Tenant Environments

The RSA Solution for. infrastructure security and compliance. A GRC foundation for VMware. Solution Brief

The Cloud, Virtualization, and Security

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

End-user Security Analytics Strengthens Protection with ArcSight

STREAM FRBC

case study Core Security Technologies Summary Introductory Overview ORGANIZATION: PROJECT NAME:

The Importance of Cyber Threat Intelligence to a Strong Security Posture

VIRTUALIZATION SECURITY IS NOT AN OXYMORON. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

5 Best Practices to Protect Your Virtual Environment

Securing Industrial Control Systems on a Virtual Platform

Stephen Coty Director, Threat Research

CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST618 Designing and Implementing Cloud Security CAST

IBM Global Small and Medium Business. Keep Your IT Infrastructure and Assets Secure

Boost your VDI Confidence with Monitoring and Load Testing

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform

CA Virtual Assurance for Infrastructure Managers

Securing Remote Vendor Access with Privileged Account Security

Barnaby Jeans Sr. Solution Architect Business Critical Applications

BEST PRACTICES. Systems Management.

Increase insight. Reduce risk. Feel confident.

Does your Citrix or Terminal Server environment have an Achilles heel?

Cloud Security Who do you trust?

Technology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection

PROTECTED CLOUDS: Symantec solutions for consuming, building, or extending into the cloud

Transcription:

2010 State of Virtualization Security Survey Current opinions, experiences and trends on the strategies and solutions for securing virtual environments 8815 Centre Park Drive Published: April, 2010 Columbia MD 21045 877.333.1433

Executive Summary Over a period of 2 weeks in March 2010, Prism Microsystems conducted a web based survey on virtualization security that was completed by 302 IT professionals across multiple industries and company sizes. The survey was designed to yield data on the current and future adoption of virtualization and to gauge opinions and experiences on virtual environment security concerns, controls, and implementation. The survey was posted on the Prism Microsystems website, and invitations to participate were sent to Prism Microsystems customers and over 50,000 subscribers to the EventSource newsletter. In addition, the survey was made available to the general public via social media platforms such as Twitter and Linkedin. All responses were automatically collected by a commercially available survey tool. Skipping of questions was not allowed. Percentages shown in some charts will not add up to 100% because of the option to select multiple responses. Page 2

Key Findings and Analysis 1. Virtualization is widespread but penetration remains low 85% of all surveyed have adopted virtualization to some degree, yet the degree of penetration for the majority (53.46%) is low with only up to 30% of production servers virtualized This is expected to increase to over 60% by the end of 2011 for the majority of respondents Only slightly more that 10% were currently solidly down the road to virtualization with more than 60% of the available production servers virtualized The buzz around desktop virtualization has not translated into adoption, with 59% having no immediate plans to implement the technology Figure 1: What percentage of your production servers is currently virtualized? 1% 30% 53.46% 31% 60% 19.61% 0% 15.00% 61% 100% 11.92% 0.00% 10.00% 20.00% 30.00% 40.00% 50.00% 60.00% Page 3

Figure 2: What percentage of your production servers do you expect to virtualize by the end of 2011? 61% 100% 45.77% 31% 60% 26.54% 1% 30% 25% 0% 2.69% 0.00% 10.00% 20.00% 30.00% 40.00% 50.00% *** Figure 3: Are you considering implementing desktop virtualization in your organization? No immediate plans to implement 59.50% Plan to implement by the end of 2011 14.10% Plan to implement by the end of 2010 13.40% Already implemented 13.00% 0% 10% 20% 30% 40% 50% 60% 70% Page 4

2. Traditional security solutions, processes and strategies are still being applied to the virtual environment Predictably 85% of respondents indicated that securing their virtual environment is as important as securing their physical environment (Fig. 4) Almost 60% of respondents indicated that they are using existing traditional security solutions to secure their virtual environments (Fig. 5) Figure 4: How important is it for you to secure your virtual environment? As important as securing the rest of my IT architecture 86.30% More important than securing the rest of my IT archiecture 9.00% Less important than securing the rest of my architecture 2.70% Not important 0% 0% 20% 40% 60% 80% 100% *** Figure 5: How are you securing your virtual environment? Using existing traditional security solutions/strategies 58.40% Using virtual environment specific security soutions/strategies 20.20% No specific solutions/strategies in place 19.10% Other 2.30% 0% 10% 20% 30% 40% 50% 60% 70% Page 5

This approach is problematic considering that virtual environments are characterized by dynamic moves and changes, making it harder for traditional security controls to keep up. Applying technologies, best practices and strategies used for securing physical environments does not provide sufficient protection for virtual environments since several areas are overlooked completely, such as: Separation of duty for administrative activity: Over 65% of respondents indicated that they have not implemented separation of duty between IT personnel responsible for the provisioning of virtual machines / virtual infrastructure and other administrator groups (Fig. 6), as such giving too much privilege and capability to administrators. This raises the risk for abuse by privileged insiders a concern that is shared by 34.9% of respondents, who acknowledged the greater potential for abuse resulting from an extended span of control available to administrators (Fig. 7). Beyond the insider issue, compromise of the credentials of the virtual administrator can also provide an outside hacker with the keys to the castle. Figure 6: have you implemented separation of duty best practices so that IT personnel responsible for the provisioning of virtual machines and the virtual infrastructure are separate from other admin groups? No 65.20% Yes 31.20% Other 3.60% 0% 10% 20% 30% 40% 50% 60% 70% Page 6

Protection of the virtualization layer: The introduction of virtualization creates a new platform that needs to be secured (the Hypervisor and VM Management applications). While industry pundits believe that a massive failure associated with a hypervisor based attack is somewhat theoretical, for respondents it is a real concern. o The top 2 security concerns related directly to the virtualization layer: 56.6% identified The introduction of a new layer that can be attacked as a concern, and 58.1% indicated The potential for the Hypervisor to create a single point of entry into multiple machines instances as a concern (Fig. 7) o Only 16% of those surveyed indicated that they had no specific security concern with virtualization (Fig. 7) Figure 7: Which of the following are security concerns for you when it comes to virtualization? (Multiple selections allowed) Potential for the Hypervisor to create a singlepoint of entry into multiple machines Introduction of a new layer that can be attacked VM sprawl and flexible deployment capabilities leading to unmonitored/inivisble machines Extended span of control available to admins leading to greater potential for insider abuse 34.90% 58.10% 56.60% 53.90% No specific concern 16.30% Other 1.20% 0% 10% 20% 30% 40% 50% 60% 70% Page 7

Figure 8: Rank each of the statements below to the best of your knowledge Strongly Agree Agree Unsure Disagree Strongly Disagree Virtual environments are inherently less secure than physical environments 2.70% 23.50% 21.80% 48.20% 3.80% Traditional security solutions are sufficient to provide security insight into all layers of the virtual environment (Hardware, Hypervisor, Guest OS) 3.40% 20.80% 24.50% 46.20% 5.10% Threats exposed by virtualization can be mitigated by using existing processes and technology 5.10% 41.00% 29.50% 20.50% 3.80% Monitoring the virtualization layer (Hypervisor, VM management apps) of the virtual environment is important for risk mitigation 22.20% 57.30% 16.20% 4.30% 0.00% Tracking and reporting on unauthorized user activity, data access and privileged user activity is important across the enterprise 44.00% 45.30% 9.00% 1.30% 0.40% Invisible machines: Flexible deployment and migration capabilities of virtual machines can often lead to a problem of sprawl where VMs grow uncontrollably both inside and outside the IT organization. These invisible/unmonitored machines are a security hazard, especially if they are accessing sensitive corporate data. o 53.9% of respondents indicated VM sprawl and flexible deployment capabilities leading to unmonitored/invisible machines as a security concern related to virtualization (Fig 7). What s most interesting is that the majority of respondents seem to be aware that traditional solutions are insufficient to provide security insight into all layers of the virtual environment (Figure 8), yet they still continue to use these solutions, which brings us to ask why? When queried about the primary inhibitors to effectively securing their virtual environment, the top 3 options selected were: (Fig. 9) Lack of budget for virtual environment specific solutions (51%) Lack of staff expertise (48.1%) Licensing, deployment and support models of security vendors not optimized for virtual environments (40.2%) Page 8

Figure 9: What are the primary inhibitors to securing your virtual environment? (Multiple selections allowed) Lack of budget for virtual environment specific security solutions Lack of staff expertise Licensing, deployment and support models of security vendors not optimized for virtual Limited visibility provided by traditional security management consoles into the virtualization Increased management complexity Insufficient error/logging information provided by the virtualization layer 51.00% 48.10% 40.20% 35.20% 28.80% 20.90% Other 5% 0% 20% 40% 60% 3. Adequate controls on the Hypervisor layer are lacking Virtualization software is no different than any other piece of software application. It is bound to contain exploitable vulnerabilities and become a target of attack by hackers as the usage of virtualization technology increases within the enterprise. Considering the privileged level that this layer holds within the virtual architecture, a compromised Hypervisor can provide unfettered access to all hosted machines on a physical server. Complicating the situation is that: Security tools and procedures implemented at the Operating System level are blind to issues within the virtualization layer unless they have been designed to specifically talk to this layer Traffic between virtual machines on the same box never hits the physical network where network monitoring tools such as intrusion prevent/detection systems reside, rendering them ineffective. Further, log monitoring/siem systems that gather data for compliance purposes from these network tools, and not directly from the virtualization layer, receive incomplete information While 79.5% of respondents agreed that monitoring the virtualization layer is important for risk mitigation (Fig. 8), when queried about the implementation of specific security activities and tools at this layer: Page 9

Only 29% of respondents indicated that they are directly collecting logs from the Hypervisor and only 21% from the virtual management application. (Fig. 10) Only 16.90% are reporting on activities and controls at the Hypervisor level, and only 15.70% at the virtual management application level. (Fig 10) This goes against established best practices, such as those recommended by Gartner for the virtualization layer: Activate full auditing and logging and link these into security information and event management systems. (Gartner, Addressing the most common security risks in data center virtualization projects, January 2010, Neil MacDonald) The introduction of virtualization also results in the collapse of separation of duties, as mentioned earlier in this document, (Fig. 6) potentially resulting in escalation of privilege, abuse and fraud especially risky at the virtualization layer because of the critical support it provides to the rest of the virtual infrastructure. Therefore, it is essential that administrative and user access to this layer be carefully monitored and controlled. However, respondents to this survey are largely ignoring this bestpractice: Only 22.70% are monitoring user activity at the Hypervisor level, and 14.9% at the virtual management application level (Fig. 10) Only 17.80% are tracking access to critical data and assets at the hypervisor level and 12.40% at the virtual management application level. A majority (52.70%) have not implemented tracking procedures for any layer of the virtual architecture. (Fig. 10) Figure 10: Which of the following have you implemented for the various layers of the virtual environment? Hardware (e.g. Dell OpenManage) Hypervisor (e.g. VMWare, Hyper V) Embedded Hypervisor (e.g. ESXi) Virtual Management Appplication (E.g. Vcenter) Operating System Not Impleme nted Log collection 22.70% 29.30% 13.60% 21.10% 54.50% 24.80% Automated Log Management/SIEM 14.50% 18.20% 9.90% 10.30% 26.90% 52.50% User/privileged user activity monitoring 13.60% 22.70% 10.70% 14.90% 45.90% 34.30% Tracking access to critical data and assets 14.50% 17.80% 7.90% 12.40% 36.00% 46.70% Reporting on controls and activities for compliance and internal policies 12.80% 16.90% 7.90% 15.70% 41.70% 39.70% Page 10

4. Virtualization is not inherently insecure, however, confidence in virtual environment security is low 52% of respondents disagreed with the statement that virtual environments are inherently less secure than their physical counterparts (Fig. 8) However, only 28.4% expressed confidence that their virtual environment is as secure as the rest of their IT architecture (Fig. 11) Only 19.5% expressed satisfaction with the logging and auditing capabilities for their virtual environment compared to 53.1% satisfied with the logging and auditing capabilities for their non virtual environment. Figure 11: Which of these apply or are true for your organization? (Multiple selections allowed) We are satisied with the logging and auditing capabilities for our non virtual environment 53.10% None of these are true for my organization We are confident our virtual environment is as secure as the rest of our IT architecture We are satiisfied with the logging and auditing capabilities for our virtual environment 19.50% 33.20% 28.40% 0% 10% 20% 30% 40% 50% 60% While we agree that virtualization is not inherently insecure, its introduction does change the playing field when it comes to security. There are new attack vectors, new operational patterns and complexity, changes in the IT architecture, and changes in deployment life cycles consequently approaches to security monitoring and breach prevention must adapt. The low level of confidence expressed in the security of their virtual environments by survey respondents indicates that with the rush to adopt virtualization, many known issues are being overlooked, and in many cases best practices are being ignored whether it is because of the immaturity of existing security tools, or a lack of staff expertise and budget. Page 11

Demographics What is your job function? 2.98% 1.66% 3.64% 13.58% 46.69% System/Network Admin IT Manager/Director CXO Security Officer/Manager 31.46% Auditor Other Which industry do you operate in? 30.00% 25.00% 20.00% 15.00% 10.00% 5.00% 4.64% 8.28% 18.54% 12.91% 6.95% 7.95% 6.29% 26.49% 3.31% 4.64% 0.00% Page 12

How many employees does your company support worldwide? 35.00% 31.20% 30.00% 25.00% 21.70% 25.40% 21.70% 20.00% 15.00% 10.00% 5.00% 0.00% 1 99 100 499 500 4,999 Over 5,000 Conclusion Is security a hidden cost of virtualization? A majority of respondents agree that traditional security products and solutions are inefficient to provide visibility into the virtual environment. Yet they continue to use these solutions, citing lack of budget as a primary inhibitor. The implications are two fold: There is a significant gap between the speed at which companies are willing to deploy virtualization and their security readiness to address the added complexity that virtualization introduces In the rush to adopt virtualization, security investments are not being factored in to project budgets. Hidden expenses are never welcome, and by ignoring what could later add up to be significant collateral costs, companies may not realize the ROI and cost savings initially calculated for their virtualization projects. The responses to this survey also indicate that security is an afterthought while respondents are mostly aware of the security implications of virtualization and the need to change management approaches, the current stance seems be one of reactive firefighting rather than proactive implementation of best practices. As more and more critical applications are migrated to the virtual environment, companies will need to rethink their processes and draft strategies to address risks across both physical and virtual environments in order to ensure compliance and security visibility in an increasingly hybrid datacenter. Page 13

About Prism Microsystems Prism Microsystems delivers business critical solutions that transform high volume cryptic log data into actionable, prioritized intelligence to detect and deter costly security breaches and comply with multiple regulatory mandates. EventTracker, Prism s leading Security Information and Event Management (SIEM) solution provides coverage for both physical and virtual environments, delivering a single point of control to monitor the entire IT infrastructure from servers to workstations, operating systems to applications, network devices to hosts, and physical assets (including USB devices, racks, and server hardware) to hypervisors (i.e. those from VMware, Microsoft s Hyper V, and management applications such as Dell OpenManage, VSphere, and System Center). Page 14

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information