Virtualization is a critical technology for midsize businesses, both those considering a move to the cloud and those tired of the local server stack. But despite advancements in data storage, agility, and recovery, security remains a top concern for midsize IT pros, as the "virtual" nature of a virtual machine (VM) often makes it more susceptible to an attack. While a number of standard protocols exist to predict, combat, and eliminate security threats, security firm Bromium floats a new idea: Let the hackers think they've won.
The phrase describes most of the security measures currently available on the market, which aim to scan incoming messages, attachments, and files for known "attack signatures." Take McAfee, a well-known virus protection company, as an example. A recent Help Net Security post discusses their new Data Center Security Suites for servers and databases, which offer "a unique combination of whitelisting, blacklisting, and virtualization technologies for protecting servers and virtual desktops."
The idea here is in line with industry standards: Create a list of "accepted" senders and file types that a server will allow and a set of "no-go" attachments. When a user attempts to download a file or open an email, McAfee or a similar program, checks to make sure it contains no blacklisted code signatures and then allows it through. The problem with such a system is twofold: First, malicious code gets created at a faster rate than security systems can be updated. The security industry is, in many respects, reactive, not proactive and can act only after identifying a problem. Second, while the option for greater protection exists, it typically bogs down a desktop or virtual server, meaning that IT pros have to decide between security and performance.
Start of the Bromance
Security provider Bromium thinks they have another option: microvisors. According to an article atInformationWeek, Bromium's new vSentry product relies on isolating suspect activity and placing it in its own virtual bubble. Instead of denying blacklisted files that want access to a Windows kernel or overwrite a DLL, the Bromium solution creates a tiny VM that is handed off to a tiny hypervisor; the microvisor. Separate from the main server instance, the suspect file can attempt to do whatever it wants and never harm any virtual infrastructure. Instead, the access attempt gets written into the VM's cache to make it appear as though it has succeeded, while a log records the sequence of access events. When shut down, the system flushes the micro VM but the log remains, allowing midsize admins to examine the malware's signature. Simon Crosby, the company's chief technology officer, argues that with Bromium "you don't need to detect malware early to be protected." A bold claim, and one that could certainly free up resources on already-stressed servers, but is vSentry really so perfect?
Probably not, but using a system's supposed vulnerability as its defense is a clever idea. In this case, the reactive nature of IT security actually benefits instead of hampering a defense. Still, questions remain. For example, what if the system green-lights an access that's actually malware and no micro VM gets created? The beauty of the separate VM process is the log it creates for later examination but if security measures never get spun up, what's left for an IT pro to assess?
While standard protocols like those offered by McAfee provide excellent perimeter defense, new security measures like Bromium's vSentry hope to give midsize IT admins a leg up. By letting security threats get closer to protected data, cordoning them off, and analyzing what they ask for and how they want access, IT pros may be able to learn more about who's trying to steal their data and keep them at arm's length.
Subscribe to the blog to receive updates about:
AltaFlux understands what you and your organization need to excel, and can deliver rapid innovation to unleash your full workforce potential. Together, we can empower your business by streamlining, transforming, and optimizing your key HCM and talent processes with industry-leading SAP SuccessFactors technology—enabling you to adapt at the speed of change.
AltaFlux Corporation is a global HCM cloud consulting partner based in Troy, Michigan. We empower organizations by streamlining, transforming, and optimizing key human capital management (HCM) processes with industry-leading HCM cloud solutions like SAP SuccessFactors, Benefitfocus, WorkForce Software and Dell Boomi.