Introduction to Virtualized Security

Virtualized Security or Security Virtualization refers to the software technologies designed to secure a virtualized IT environment. 

Compared to hardware-based security systems, security virtualization is either:

• Programmatically implemented as a software system on the hypervisor. 

• Hosted as a standalone application on the virtual machine it aims to protect. 

Put simply, virtualized security takes your existing security and operational policies, and applies them uniformly across the virtual environments.

Security challenges in virtual environments

To be clear, security virtualization is different from security systems that are tightly coupled with the hardware such as networking devices and servers running the software applications. This tight coupling causes two key challenges for the security of Virtual Machine (VM)-based workloads running in a multi-cloud environment: 

• The need to install multiple platform-specific security tools.

• Non-uniform security capabilities and protection due to different functionality, integration issues and variations in configuration.

Virtualization introduces its own set of challenges as well. In fact, replicating the same security policies from a physical hardware system to a VM based system may expose unnecessary security risk. 

Virtualization systems share the same server resources with other services and applications and VMs can be migrated dynamically due to the fault tolerance and load balancing functions in a software-defined IT environment. 

The security policies should also be designed specifically to address hypervisor vulnerabilities — any configuration at the hypervisor may expose all running VMs to unauthorized access and bypassing security policies. 

Rapid provisioning of Virtual Machines, known as VM sprawl, makes it difficult to manage consistent security policies across all users. Virtualized systems involve added abstraction layers that introduce administrative overhead, which may lead to misconfiguration errors and expose VMs to unnecessary security risks.

Modalities for virtualized security

Let’s now review two common modalities for security virtualization:

Agent-based Virtualization Security

Agent-Based Virtualization Security involves the installation of security tools on individual VMs as a software component. These agents interact with the underlying hypervisor and monitor the following:

• Networking behavior

• Data access

• Data transmission

• Log data

• Software behavior within the VM

Threat detection and policy enforcement capabilities may be built into these agents, although a common modality of agent-based security involves communication with a backend centralized security command and control center. Security analytics and data processing happens at the backend, and the agent executes on the designed security policies.

An obvious security limitation of agent-based security solutions is that it requires as many agent deployments as the number of VMs. 

It may also require as many anti-malware signature database installments as the number of VMs. The wasteful data duplication degrades computing performance and storage ROI of the virtualized systems.

Agentless security virtualization 

Agentless Virtualization Security involves the use of tools and mechanisms that analyze the behavior of the VM and its underlying computing resources. 

A dedicated monitoring agent deployed on each VM is not required for agentless security virtualization. Instead, external security monitoring and analysis tools capture real-time computing transactions, data transmission, access and network logs for nodes running the VM. 

These solutions integrate directly with the hypervisor and gain visibility into computing operations and apps running within the VM via the hypervisor APIs and interfaces. A network-based security system may integrate any or all of these components:

• Network security controls

• Traffic analysis

• Intrusion Detection System (IDS)

• Intrusion Prevention System (IPS)

• Data-driven behavioral analysis tools

A key limitation of the agentless virtualization security system is the lack of granularity for endpoint detection and vulnerability management. 

Agentless systems typically lack context and visibility into individual VMs to monitor user-level activity. They also have limited security controls and enforcement options. The security analysis problem is typically data intensive, often requiring advanced third-party AI capabilities to extract meaningful insights. 

Finally, the lack of granular details into VM operations and user-level monitoring also leads to compliance and auditing challenges, as these computing tasks are hidden under the abstraction layer of a virtualized environment.

Small footprint agents

In order to overcome the limitations of agent-based and agentless virtualized security systems, some vendors offer the so-called Small Footprint Agents. These may be lightweight software components and interfaces that run within the VM, but a majority of compute processing nevertheless takes place at the backend. The components deployed on the VM may be tasked with simple operations, such as:

• Memory scanning

• Control execution 

• Host-based intrusion prevention functions

Security virtualization is platform-centric

These security virtualization methods are inherently platform centric. The security policies and protection rules conform to the specifications of the technologies running the VMs and the software-defined architecture. 

The modern cloud-based service delivery model requires organizations to follow a user-centric security model that enables uniform, unified and homogeneous security. This model decouples the security protection from the underlying platforms, and is instead governed by:

• The users

• Their access privileges 

• Security sensitivity of data and apps accessed via the virtual machine

Such a security model is more data driven than conventional virtualized security tools, and accounts for the platform and cloud service delivery model heterogeneity.

Perhaps such a virtualized security model could emerge as the next front of data-driven agentless virtualized security capabilities that are entirely platform agnostic and allow organizations to dynamically allocate VM resources from multi-cloud environments without worrying about the common security challenges of virtualized environments.