Virtualization is a software simulation of a physical computer, often called a virtual machine (VM). A VM runs off a hypervisor service that sits between the VM and the physical hardware or operating system. A typical example of a hypervisor is Microsoft's Hyper-V technology. Virtualized security is a flexible, software-based system that provides security to VMs. Virtual security systems secure this complex operating environment so that the hypervisor, operating system and each VM can operate in their own environment and are protected against malicious threats.
How Does Security Virtualization Work?
Virtual security software replicates the function of traditional hardware and software-based servers, plus computer security systems like firewalls, intrusion protection and anti-malware software. Operating at the hypervisor layer, software-derived virtualization security services protect each VM. This protection extends to include virtual endpoints and other software-defined interfaces that contain users and computers.
Virtual security performs similar functions in a virtual environment as physical security software does in a physical environment. This includes the need to protect the layered and more complex system of VMs. VMs use software-defined CPUs, services, RAM and hard drives, but ultimately still share the physical components of the host computer or server. Additionally, each VM, also called a guest machine, must be kept separate from other VMs. Virtualized security uses various security controls including encryption and micro-segmentation to achieve this separation and limit potential attacks.
Types of Security Virtualization
Virtualization is an effective way to reduce security risks since it segments and separates systems and applications. Security virtualization is a type of sandboxing technique where VMs are isolated from each other and are individually guarded against viruses, external malware and other threats. Other types of virtualization include:
Server virtualization is when a server is partitioned into several virtual servers or machines. Each VM will run independently of the main server. Aside from the more efficient use of physical resources, the primary benefit of server virtualization is the isolation of each VM from other machines and the physical environment, which limits the impact of compromised applications. Server virtualization generally uses a Type 1 bare-metal hypervisor that replaces the server operating system.
Desktop virtualization is a similar concept to server virtualization, except that it refers to the creation of a virtual desktop computer. This lets users log into their computers from any location. Files and data are secured on a server, not portable devices, and are protected by a central layer of security.
Storage virtualization is the creation of virtual storage servers with their associated virtual hard drives. This approach lets users store data in different formats and makes it easier for IT administrators to protect data, manage day-to-day backups and organize disaster recovery (DR) processes in the event of server failure.
Similar to a virtual private network (VPN), network virtualization combines physical and virtual resources to create a virtual corporate network. Network virtualization can connect users and devices to a private and secure network from any location via the internet. Features include virtual firewalls, intrusion protection and load balancing.
Application virtualization allows users to run applications on computers that are separate from where the software is located. Typically, application virtualization is operating-system-agnostic, so the software application can run on any machine. This allows administrators to update and patch applications centrally and control user application permissions. Virtualized applications store user and system data centrally, where it's easier to secure.
Benefits of Virtualized Security
Virtualized security solutions help administrators deal with the complexities of virtual networks. They are a better solution than traditional physical security measures because they are more flexible and easier to implement. Benefits include:
Cost-effectiveness: It is cheaper to implement virtual security solutions compared to expensive physical hardware and device-specific security software solutions.
Flexibility: Administrators can easily scale virtual security software to meet changing requirements and use it across multiple physical and hybrid data centers.
Better data protection: It's easier to secure data from attacks and recover it from data loss or corruption through Modern Data Protection techniques.
Improved operational efficiency: Centralized virtual security solutions are easier and quicker to deploy across the network compared to physical systems that need individual configurations.
Regulatory compliance: Only virtualized security systems can meet the need for regulatory compliance in organizations that use virtual and cloud-based systems.
Risks of Virtualized Security
Despite the many benefits that come with virtualized environments, the additional layers of complexity can increase overall risk. Since you can easily move workloads and applications, there's a greater chance that you’ll lose track of critical applications and run them in less secure environments. It's easy to create VMs, and unless they’re carefully cataloged and managed, users can experience a proliferation of unused and poorly protected VMs, increasing overall vulnerability. Unused firewall ports that were created for VMs is a further risk that hackers can exploit. The hypervisor layer is a single point of failure, and a successful attack at that location can bring the whole system down.
Physical Security vs. Virtual Security
Physical security relies on hardware-based protection. With a corporate network, this includes using routers and firewalls to protect network access points. While effective, physical security is inherently inflexible. Administrators must make changes one at a time, whether that’s to physical components or security software. Physical solutions aren't effective in virtual environments, where the network perimeter can dynamically change.
Virtual security systems are centralized and any changes will apply to the entire network. When you create a new VM, the system automatically will apply the appropriate security protocols. It's a straightforward process to isolate workloads on the network to prevent unauthorized access, apply security policies for specific workloads, and segment traffic and resources. Managing user access and permissions is simpler on a virtual system than on physical networks.
Choosing the Right Virtualized Security
The type of virtualized security you should choose depends upon several factors, including whether your system is hybrid, the type of hypervisor solution you use, and your organization's specific needs. Other features to consider include the type of protection available and what you should do if your system is compromised.
The type of hypervisor places some restrictions on the number of choices available for virtual security systems. For example, if you have a VMware ESXi hypervisor, you can choose an agentless security software solution that runs at the hypervisor level. Agentless solutions have minimal impact on VMs and are universally applied and easy to update. Alternatively, other hypervisor types like Microsoft Hyper-V, Azure or Citrix hypervisors may require a security solution that uses a small-footprint agent that’s installed on each VM. While this can impact performance, small-footprint agents often have additional functionalities compared to agentless solutions.
How to Get Started
Whether you've already implemented a VM solution or are considering doing so, you should evaluate your current situation and carefully plan your way forward. Ensure that your VM is as secure as possible before installing a VM security solution. Points to consider include:
Updating all firmware, operating systems and software
Verifying and log user and administrator privileges
Defining and implement user policies
Encrypting all network traffic
Keeping a register of all VMs and delete unused ones
Installing suitable agentless or small-footprint antivirus and malware software
Another important factor to consider is backup and data protection since incidences of cyber and ransomware attacks are on the upswing.
In the event of a natural or man-made disaster, Veeam® Data Platform’s enterprise-wide backup and DR solutions ensure business continuity that can get you up and running quickly after an attack. Contact Veeam for more information on our products.