Virtual Insecurity, and Ways to Combat It

Mike Puterbaugh, May 8th, 2013

Stating the obvious, our customers continue to make investments in virtualization. To support them, BeyondTrust has always been on the leading edge of providing tools and solutions in that regard. Whether it for managing privileges on virtual hosts, or scanning private cloud assets for flaws, BeyondTrust has always been at the forefront of security and compliance technology, helping our customers confidently deploy their virtualization investments. Given the rapid rate of technology evolution in the virtualization arena, we thought it’d be a good idea to survey our community to see what else we could provide them by way of helping them secure their virtual environments.

Earlier this year, we designed a survey that set out to find out what technologies our customers relied upon for their virtual deployments, as well as how they managed, secured and reported on those assets.  A quick infographic on the survey results appears below this blog post.

What Did We Learn?
For one thing, we learned that virtualization admins aren’t totally outside of the security lifecycle, in fact, many of them participate willingly:

  • 58% said they use security tools regularly (but most of that is antivirus!)
  • 49% say they patch regularly
  • 30% says they scan assets weekly, at least

This told us there is an interest, if not willingness, to participate in reducing the risk of the overall organization.  The fact that well over half of respondents said “yes, we use security tools regularly” is very encouraging, but…the most often security technology cited was antivirus.  Clearly, antivirus as a security technology is not going away any time soon, but in light of the recent successful, high profile attacks, it’s been proven over and over again that AV is no longer a match for the sophisticated methods of attack being employed today.  More encouraging is the almost 50% of combined responses that indicate security scanning and configuration management is in use. The full survey is available for download here.

Retina Plug-in for VMware vCenter
The early returns from this survey served to validate our thinking when it came to our newest release, which we announced today – the Retina Plug-in for VMware vCenter.  With this new capability driven by the proven Retina Network Security Scanner, we’ve made it incredibly simple for VMware admins to help their organizations reduce the security risks that might be associated with their virtual environments.

By adding a security plug-in directly into the vCenter management interface, VMware admins don’t have to leave their current workflow and processes to quickly determine the security posture of their virtual images they’re managing. This was a big value-add noted by the early beta-testers of the tool. This newest release adds to our long list of specific capabilities, which include online and offline scanning of virtual guests, as well as the industry’s only solution for scanning virtualized applications delivered via VMware’s ThinApp technology.

One of our goals at BeyondTrust is to always ensure we’re developing highly useful security and compliance solutions, those that are easy to deploy and use on a daily basis. We’re confident this newest release fits that bill.

If you’d like to try the Retina Plug-in for VMware vCenter for yourself, you can get your license here.

Virtual Insecurity Infographic FINAL