Alex - stock.adobe.com
Learn the basics of virtual server security software selection
There are multiple factors in choosing the right security software for VMs and virtual infrastructure. Get familiar with potential threats, features to have and market offerings.
Virtual server security software continuously scans environments for threats and provides alerts for any anomalies across the attack surface. Though these systems enable you to be proactive about attacks and automate specific actions, you shouldn't just pick any tool off the shelf and hope it works for your organization.
To select the best fit for virtual server security software, be sure to figure out which areas of virtual security you must address, decide what specific features to evaluate and look at the current market offerings.
For improved security, VMs and virtual infrastructure should have isolated new hosted elements, testing and review processes for all components, separate management APIs for network health, and networks that don't mix between tenants or services.
Because threat actors can access virtual infrastructure without physical data center access, there are increased risks that organizations must track and address. Possible security areas include the following:
- VM sprawl. This happens when you have more VMs than you can easily or effectively manage. You run the risk of overlooked VMs or missed updates if there are too many in your data center.
- Sensitive VM data. You should ensure that sensitive data has extra security measures to protect it within the VM.
- Offline VM security. Though offline VMs might not actively connect to your network, they're still a part of your infrastructure and can serve as an attack vector.
- Hyperjacking. This is the term for when a threat actor takes over a hypervisor to target the OS or VMs to hide any malicious presence.
- Pre-configured VMs. Automatic settings on these VMs may not be stringent enough for your organization's IT policies.
Features to evaluate during virtualization security software selection
Your organization's VM security needs depend on the size of its virtual infrastructure, knowledgeable staff availability and any data security restrictions or requirements. These requirements can help any IT team figure out the best type of software that will work for their VM security needs.
During security tool software evaluation, you must be aware of any licensing requirements, the number of supported VMs and cost. If you opt for a 30-day trial period, be sure to evaluate the following features:
- Intrusion detection. This is any tool that scans network traffic for suspicious activity and alerts. Its primary capabilities are anomaly detection and reports, but some tools can perform pre-specified actions once they identify a threat.
- Compliance and auditing. These features help you produce reports to ensure any industry-specific compliance requirements are met. Ideally, you should be able to go through logs and track any administrative changes in your VM. Be sure to thoroughly vet any compliance features if you do have specific requirements, such as HIPAA.
- Access controls. These settings let you grant and restrict user access to avoid unauthorized changes or host configurations on the VMs.
- Antivirus and antimalware protection. Like antivirus software for traditional infrastructure, these features provide a layer of protection for these specific attack types.
2021 security market offerings
Once you figure out your main security tool requirements, start to look at individual offerings in the market. Some of the sector's current options are listed below.
Oracle VirtualBox is an open source hypervisor that can virtualize x86 hardware. Its security model runs the VM as a user process on the host OS. This configuration means that the guest VM does not directly communicate with the hardware but through the virtual machine monitor instead -- and has limits on memory and processor use as well. Additional security features include network address translation, remote desktop authentication, and password authentication for remote iSCSI storage and web service access.
VMware AppDefense is a data center security service that protects virtualized apps. It has four main functions: process analysis, anomaly detection and response, application control and remediation. AppDefense uses vSphere and NSX to provide the virtualization layer and network virtualization, which helps isolate potential threats and avoid system-wide contamination. The software also uses automation to decrease the amount of manual log parsing and investigation you must do for virtualization management.
Sophos for Virtual Environments is an off-the-shelf antimalware offering that you can use with ESXi and Hyper-V hypervisors. It provides a single pane of glass to manage your virtual infrastructure and has options for on-premises or virtualized deployment. Once you install the software, you can use a centralized security VM to scan for potential threats and run the software's automated cleanup function.
McAfee MOVE Antivirus can protect virtual servers and desktops across all hypervisors and OSes, including Linux, Window and VMware VMs. As a multi-platform offering, it can be deployed on premises and the cloud so it can actively scan for anomalies or malware. With the Cloud Workload Security function, you can gain visibility into any AWS and Microsoft Azure clouds. McAfee also provides agentless monitoring, automatic offloading of security VM data and a centralized dashboard for reporting.
HyTrust CloudControl provides security for vSphere and NSX. It provides tools for you to easily isolate workloads and avoid unauthorized data access with role- and asset-based access control. It also includes templates for compliance with HIPAA, Payment Card Industry Data Security Standard and NIST guidelines if your organization has specific industry requirements. There is also a high level of automation with CloudControl, as it uses security as code for continuous integration/continuous deployment setups, and any of the software's functions can be automated with open APIs.