Page 2 of 2   « previous page

Cyber criminals can capture very valuable information including social security numbers, passwords, and credit card information, and with financial motives like these, they will pull out all the stops to gather information without being detected by traditional anti-malware technologies. These days, the approach to developing incredibly effective malicious code has changed to include extremely sophisticated exploits that target emerging zero-day vulnerabilities in more then just Microsoft Windows. For example: a recent black hat conference presentation discussed hardware virtualization rootkits that will surely subvert the existing hypervisor. Subvirt and Bluepill are examples of rootkits that can implement a malicious hypervisor and remain undetected by anti-malware software.

So what should IT do when it comes to security and virtualization?

The most important thing to remember when creating a secure virtual system is to take a holistic approach. Technologies such as system hardening, regular behavioral analysis, proactive end-point security, IPS firewall, and heuristics technologies are key to a fortified virtual environment. Included below are some tips on how to ensure you are meeting all of these requirements.

Harden System on Host and Virtual Machines
When designing what controls should be implemented and where, it’s necessary to harden the operating system on both the host and virtual machines from common run-of-the mill exploitation. It’s also critical to ensure that patches remain up-to-date. System hardening (locking down the operating system) should be a mandatory requirement; it will eliminate most malware that tends to exploit the zero-day vulnerabilities that exist in common application platforms.

For example, it’s not necessary that Adobe Acrobat spawns a command shell or executes any other arbitrary system command. Or is it necessary that VMWare do the same. However, the operating system and most security software aren’t intelligent enough to make this decision for you.

Monitor Your System Regularly
It’s absolutely essential to conduct regular security assessments that include detecting both vulnerabilities and active threats. If your servers run Web-based applications check them to ensure that exploitation such as SQL injections and input validation attacks cannot occur.

Ensure Proactive End-Point Security with Herd Intelligence
The best way to ensure you are proactively capturing as much malicious data as possible is to employ a security system that utilizes “herd intelligence,” also known as “collective intelligence.” This innovative and relatively new end-point security solution automates and enhances the malware collection, classification and vaccination process by gathering detections from the Internet community at large, rather than locally. What’s more, by reducing the manual effort required to process the thousands of samples received daily, herd intelligence increases the capacity and visibility that the AV lab has. This is done by deploying technologies within “the cloud” to automate and enhance the malware collection, classification, and remediation involved with a standard cycle.

The Yankee Group expects herd intelligence and other cloud-based technologies to become mainstream quickly. Andrew Jaquith, security and risk management program manager for the Yankee Group recommends that businesses “make herd intelligence central to their long-term survival strategies.” This technology allows companies like Panda to expand the number of malware samples they collect to 15,000 a day, and according to Jaquith, “Anti-virus companies that are not taking steps today to plan for malware volumes 100 times their current load, are not thinking hard enough about the problem.” (“Herd Intelligence Will Reshape the Anti-Malware Landscape,” By Andrew Jaquith, Yankee Group, December 2007.)

It’s imperative that we take a proactive approach when developing a security plan for a virtual network, because the rate at which new malware emerges outweighs the capabilities of anti-malware labs to keep up and process new threats. The best end-point security solution should include more than just signature based detection for malicious code.

All of these technologies – system hardening, behavioral analysis, behavioral blocking, herd intelligence, IPS firewall, and heuristics – if used in a standalone fashion won’t protect you from advanced threats; but in combination they provide a robust layer of defense against sophisticated attacks.

Page 2 of 2   « previous page