I was just reading an article by Ted Julian talking about what he thought was a real highlight at Gartner’s IT Security Summit; Neil MacDonald’s presentation titled “Radically Transforming Security in a Virtualized World.” I wish I could have been there as I imagine that this was an excellent presentation where Neil laid out some new ideas around Virtualization Security and how Security Vendors will need to start thinking of new ways to approach security in a virtualized environment where there are management layers and encapsulated network layers that we’ve never had in IT before.
Some of the ideas that Neil presents such as Virtual Security appliances from the vendors (and opensource communities) are perfect for virtualized environments. You need to run a spot check vulnerability scan of your VMs? just bring a VA appliance online, run the scan, collect your results and take the appliance back offline, it’s doing nothing but consuming a little disk space again. Sounds better to me than purchasing a rack appliance, finding power and net access for it and keeping it powered on so you can access it when you need it, same could be said of other ‘occassional’ use technologies like physical asset discovery tools, etc.
Another idea he presents around the notion of ‘VM-spanning’ security applications makes a lot of sense. Being able to install and manage a security application at the hypervisor layer that has access to all the managed VMs (whether they are online, offline, templates, etc.) would be so much easier (and probably somewhat less costly) than having to install and manage sec apps on every managed VM, especially when you think about how quickly you can bring up and burn down VMs. If security apps were managed at the hypervisor layer, new VMs could simply inherit the proper setup and configurations automatically… I’ll bet there is not a Security Admin out there that wouldn’t gladly give up some of their action figure collection for that kind of functionality :).