Photo - Ivan Wen, Country Manager, Sourcefire Malaysia.
Modern networks have expanded. Their components constantly evolve and spawn new attack vectors including endpoints, mobile devices, web-enabled and mobile applications, virtual infrastructure, data centres, social media, web browsers and home computers.
These networks are complex to deploy, manage and secure. Any gap in protection across this extended network can have a 'ripple effect' across your entire IT environment, exposing your organisation to greater security risk.
Most IT security professionals have been tasked with doing more with less. Hence, they turn to virtualisation to take advantage of the reduced operating costs, energy savings and increased flexibility to help address fiscal pressures while enabling the business.
At the same time, according to a December 2012 Ponemon Institute survey, intrusions and data loss within virtual environments remain among the top three IT security concerns for IT practitioners.
So what can organisations do to quell these concerns and better protect not just virtual assets but all of the assets on the organisation's extended network? Using best practices and technologies to enable visibility and control across the extended network will help to realise the full benefits of virtualisation while minimising security risks.
Here are three recommendations to help organisations ensure they are moving in the right direction.
1. Remove organisational silos. A natural separation of duties occurs in the physical world where server operations own the servers; network operations owns the routers, switches and firewalls; and security owns IT security systems, including intrusion detection and prevention systems and advanced malware protection solutions. In the virtual world, however, management of these devices or functions has been consolidated and offered as part of the virtual infrastructure.
Faced with tight deadlines, many virtual system administrators don't have the time or resources to involve the network and security groups in the virtualisation process; they simply handle all aspects themselves. But a lack of subject matter expertise can lead to misconfigurations and vulnerabilities.
To better secure virtual environments, these teams must work together across virtual environments just as they do across physical environments.
By creating working groups with all stakeholders involved, IT teams can collectively assess the architecture within the broader context of the extended network to identify potential gaps in security and then create security policies and zones to close these gaps.
2. Seek security solutions designed for virtual environments. Many organisations rely on their physical appliances to protect their virtual environments and use techniques like 'hair pinning' to route virtual traffic to a physical device for inspection and then back. This creates unnecessary latency and management complexity.
Appliances designed to operate specifically in virtual environments are easier to deploy and support virtual workflows. They can also leverage the inherent benefits of virtualisation in a way that physical appliances simply can't, for example offloading redundant activities, like scanning for malware, to the service virtual machine (VM) or the cloud, further enhancing performance and easing administration.
However, just because a security solution is designed for use in the virtual world doesn't mean it can't integrate with solutions to protect physical assets. In fact, it should.
3. Target consistent security effectiveness. Securing each component of the modern network with disparate technologies that don't - and can't - work together creates gaps in protection. You need a holistic approach that provides consistent security effectiveness across physical and virtual worlds. The ability to monitor, manage and report on security activities across the entire infrastructure from a central console is critical to protecting the extended network.
Further, with the proliferation of advanced malware, visibility to specifically track malware trajectory and behaviour throughout user environments is essential to understand and stop these invasive threats. And solutions that leverage real-time cloud security intelligence to identify and discover the latest threats and vulnerabilities and then automatically and consistently update protections for all assets eliminate any gaps in defences.
The role of virtualisation in organisations will continue to grow. But attackers are savvy. All it takes is one weakness to penetrate the network and accomplish their mission - be it to gather data or simply to destroy.
To truly protect our extended networks and eliminate the ripple effect a gap in virtual security creates, it's time to better defend our weaknesses to strengthen our overall defenses.
- Ivan Wen is Sourcefire's Malaysia country manager.
Sign up for CIO Asia eNewsletters.