I recently read a Gabriel Consulting Group survey entitled 2011 Data Center Security Survey: Virtualization & Clouds. One statistic that really struck me was that approximately 65 percent of the respondents said that they were going to use “the same security mechanisms for physical and virtual systems.” This is an amazing statistic since most security solutions are not optimized for both virtualized and physical environments.
Let’s look at a couple of examples: In the physical world an IPS or firewall sits in-line with the network traffic and it can block malicious or inappropriate traffic. However, if you park one of these devices in front of a virtualized server it will never see the intra-VM traffic. So, if multiple Virtual Machines (VM) are communicating with each other (within the same physical server) the IPS or firewall will never see that virtualized network traffic. Now, let’s assume that one of those VMs contains credit card data. PCI DSS 11.4 says that you must use an IDS/IPS to monitor all traffic in the cardholder data environment. It seems to me that your traditional security, which relies on ports, protocols and IP addresses, isn’t going to keep you compliant. And, that brings me to my second point. In the virtual world VMs migrate to other physical machines for load balancing. How is that physical security device, which is rooted by IP addresses, going to migrate with your VM?
Fortunately, McAfee has many security solutions that work in both physical and virtual environments. They will not only keep you compliant but they will allow you to have a consistent security policy across both environments. And, those policies are all managed from one management console.
By: Stephen Karkula
