Best of Times, Worst of Times: Is Virtualization in the Data Center a Problem or an Opportunity?
As I travel the world, I ask my customers two simple questions:
First, are you virtualizing your data center? (Universally the answer is yes.)
Second, have you deployed any virtual security solution? (Universally the answer is no.)
Wow. How can this be? Does a virtual data center not need security? Not a chance. It needs security more than ever. Most customers are confining their virtualized infrastructure into secure zones, or virtual local area networks (VLANs). That’s useful for a first phase, but excessive VLAN segmentation holds us back from achieving the efficiencies of the utility computing model—and it also gets really complicated really quickly.
To best leverage the next phase of virtualization, in which companies begin to roll out large-scale utility computing models, we can’t simply repackage today’s security tools by wrapping them in a virtual machine (VM) or retrofitting them to chop up the infrastructure into thousands of VLANs. We need to re-imagine virtual security—not simply repackage it. This project is not a small body of work.
Solving the virtual data center segmentation problem is an important first step in creating the virtual security suite. But moving beyond segmentation and basic access control, the virtual world provides opportunities for innovative security that the physical world simply cannot fathom.
Consider, for example, the interesting area of advanced threat defense in a virtual environment. Today’s most dangerous threats are highly targeted—custom crafted and launched in a population of one at a specific application. (Think Koobface, the massive attack on Facebook users that hit a few months ago.) These threats successfully bypass many conventional security systems, which rely on signatures. Stopping these attacks requires a new approach.
Virtualization offers some compelling new capabilities to deal with these attacks. For starters, a virtual data center provides excellent awareness of what application is actually running. This capability helps because it provides important context for a security device to make a more accurate decision about friend vs. foe. (For example: “Gee, I know this is an Oracle financial application, and I see a user repeatedly accessing and downloading data from a machine that I also notice was in contact with a malicious website. Hmmm…maybe this action should be blocked.”) Another capability provided by a virtual data center is enhanced application profiling, which is made possible in a virtualized environment. Techniques such as extracting operating parameters, comparing application profiles across VMs (to look for signs that one has been successfully attacked), and analyzing application behavior in memory (as opposed to just code stored on disk) are far easier in a virtual environment and provide a huge advantage for stopping the most sophisticated threats. We might even spawn a copy of a suspect application and move it to the “threat lab” for further analysis by security specialists.
The net-net is that virtualization in the data center is a really big deal. It will redefine the nature of security solutions, and therefore it’s likely to redefine the vendor landscape. Virtual security is both a big challenge and a big opportunity for the security industry.