Saturday, February 18, 2012

Virtual Security; Defense in-depth

The VMware vShield product line has come of age introducing a new acronym into our vernacular "Virtual Security". It is now possible to provide a level of security around our servers and data that would be both difficult and costly without virtualization. An accepted principle in the field of security is defense in-depth. It is based on the premise that many layers of security at different locations is better than a heavily secured perimeter.

vShield has expanded into four products; Edge, App, Endpoint and Data. The difference between them is at what level in the virtual infrastructure they provide protection. vShield Edge puts a security appliance or shim between the vSphere host and the vSwitch to harden the perimeter of the virtualization environment. vShield App applies security between the virtual NIC of the vm and the vSwitching securing traffic to and from the VMs. vShield EndPoint in combination with 3rd party support reduces the attack vector or exposure of the VMs to viruses and malware. EndPoint does this is a way that reduces the overhead of scanning in a way that complements the unique characteristics of virtualization. vShield Data ensures the integrity of our critical data. It will scan our data to ensure it meets one of a number of compliance templates included in the product. It will report on any file that fails the compliance scan. Together they provide a comprehensive solution that we generally term virtual security.

In order to take advantage of virtual security we will need to broaden our virtualization expertise to incorporate security and our security teams. While vShield has made it easy to apply, you still need to ensure that the capabilities are understood and policy is developed. A defined strategy will ensure you understand how the vShield product rules can be customized to meet the requirements of your business.



- Posted using BlogPress from my iPad

No comments:

Post a Comment