Intrusion detection and prevention, at both the host and network layer, are staples of information security infrastructure today. With the advent of virtualization technology, however, many security professionals have realized traditional intrusion detection tools may not integrate into or operate within virtualized networks or systems as they did in traditional enterprise infrastructures.

For example, network intrusion detection may be more difficult, since the default virtual switches from major platform vendors don't allow for the creation of SPAN or mirror ports, preventing traffic from being copied to IDS sensors. Similarly, IPS systems that are placed in-line within traditional physical network areas may not be able to integrate easily into a virtual environment, particularly for traffic within the virtual networks. A host-based IDS may still function properly on virtual machines, but will now consume resources drawn from a shared pool, making installation of a security agent less desirable.

Fortunately, there are ways to adjust an IDS/IPS implementation strategy that allow for the monitoring of virtual system traffic. That's what we'll cover in this tip.