- Dave Shackleford, Voodoo Security
Enterprises are increasingly adopting virtualization, according to researchers, who estimate that 70% of organizations in 2015 will have implemented virtual servers. In the past, malware that detected that it had entered a virtual environment would self-destruct or otherwise shutdown. This, though, no longer happens and security experts aren't entirely sure why. It's important not to assume this is a positive development and malware is going to become less of a threat. The opposite could well be true. Therefore, virtualized environments must still be protected by the best virtualization security tools available.
Shackleford looks at how malware is adapting to virtual networks. He then delves into a review of what tools exist to secure virtualized environments and how these security tools are likely to develop as virtualization becomes even more common. This Beyond the Page will help enterprise security pros understand the evolving malware threat and how tools to protect virtual environments work. Readers will develop an understanding of the best ways to secure virtualized environments today, and develop an approach that best secures the virtualized environments so common today.
"Most malware today does not self-destruct or encrypt itself when it detects a virtual environment," says Dave Shackleford. The problem is experts do not agree on whether this is a positive development or something to worry about. In this webcast, Shackleford examines how malware is behaving differently these days and why.
Some malware has acquired the means to infect a virtual disk file, which is one reason IT professionals should be concerned about learning as much as possible about the virtualization security tools now available. Shackleford reviews the latest vendor offerings and how they provide endpoint security against modern malware. Some of the available antimalware tools are traditional products upgraded to work with virtual environments but there are also entirely new security tools available that Infosec pros need to be aware of.
Enterprises adopt more virtualization, but malware manages to adapt
Because virtual machines were once used by security pros to isolate and examine it, malware used to self-destruct or otherwise disappear when it sensed it was in a virtual environment. But no more. As enterprise systems increase use of virtualization technology beyond sandboxing, malware authors are responding. Now hackers are creating malware that seeks out virtual systems and tries to infect them.
In this feature, Dave Shackleford explains malware's virtualization detection capabilities and four ways in which they work. His feature also considers what security pros can expect in coming years, and the need for new virtualization security tools, as malware adapts to the world of virtualized IT.
How to choose the virtualization security tools to protect endpoints
Malware is evolving quickly in the age of virtualization, but so is the market for virtualization security tools. As more network infrastructure becomes virtualized, endpoint security technology must evolve. In this tip, Dave Shackleford reviews key functionality, including developments in more traditional tools like standalone antivirus products. Security tools specially developed for virtual environments are not yet as common, but they do exist; Shackleford considers several, including whitelisting and file integrity monitoring agents and endpoint forensics agents.
One key concern security pros should have is how whatever virtualization security tool they choose uses system resources; be aware of the ramifications on system performance if resources are overused. Shackleford covers this issue and suggests some virtualization-friendly antivirus tools with comparatively lightweight deployment options. Readers will also come away equipped with a list of key criteria for evaluating virtualization security tools, such as ease of integration.
About the Author: Dave Shackleford is the owner and principal consultant of Voodoo Security LLC; lead faculty at IANS; and a SANS analyst, senior instructor and course author. He previously worked as CSO at Configuresoft; as CTO at the Center for Internet Security; and as a security architect, analyst and manager for several Fortune 500 companies. He currently serves on the board of directors at the SANS Technology Institute and helps lead the Atlanta chapter of the Cloud Security Alliance.