Virtual Visibility

Virtual Visibility

vmwareVirtualization introduces new challenges for enterprises to monitor and secure virtual networks. Because virtual-machine-to-virtual-machine (VM2VM) communications inside a physical server cannot be monitored by traditional network and security devices, this lack of visibility complicates problem identification and resolution, potentially erasing any cost savings associated with virtual environments. Virtualization raises the following questions.

How do I:

  • Protect the cost savings gained by migrating to the virtual environment?
  • Identify when a virtual server is generating an excessive amount of traffic?
  • Determine services consumed or served by each VM?
  • Secure VMs without introducing undue administrative burden or performance issues?
  • Track and identify network events that trigger VMotion?
  • Baseline the virtual network to better understand traffic patterns and anomalous traffic?
  • Manage virtual networks to limit VM sprawl?
  • Discover misconfigured firewalls?

Just as internal security and post-admission controls are necessary elements of any security strategy, so too are monitoring and securing virtual environments. When VM2VM communications should not occur, as is often the case, only a monitoring tool can alarm on this activity, which can be indicative of VM compromise or security policy violation, such as unauthorized VM access. In addition, the ability to mitigate via the VM infrastructure offers efficient and expedient resolution for virtual network incidents.

Virtualization Blind Spots Results Lancope’s StealthWatch Solution

Intra-virtual machine communications (VM2VM) go unnoticed

Out of the line-of-site of traditional security and network tools

Compliance issues

General inability to audit communications between virtual resources

Capture and export all communications information from the virtual environment to restore troubleshooting, forensics and compliance capabilities

Inability to monitor and troubleshoot network service levels within the virtual environment

• Finger pointing

• SLA violations

• Slow fault reaction time

 

Capture key network performance metrics that detail service levels, notify operators when policy violations occur, and provide reports designed to troubleshoot virtual network issues

Host security postures go unmonitored and unaccounted

• Rogue virtual machines

• Undetected VM2VM attacks

• License violations

• Unauthorized applications and/or OSs

Apply over 160 flow-based behavioral algorithms to the virtual environment, enabling detection of a wide range of network attacks and policy violations