BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Virtual Insecurity, and Ways to Combat It

Posted May 8, 2013    Mike Puterbaugh

Stating the obvious, our customers continue to make investments in virtualization. To support them, BeyondTrust has always been on the leading edge of providing tools and solutions in that regard. Whether it for managing privileges on virtual hosts, or scanning private cloud assets for flaws, BeyondTrust has always been at the forefront of security and compliance technology, helping our customers confidently deploy their virtualization investments. Given the rapid rate of technology evolution in the virtualization arena, we thought it’d be a good idea to survey our community to see what else we could provide them by way of helping them secure their virtual environments.

Earlier this year, we designed a survey that set out to find out what technologies our customers relied upon for their virtual deployments, as well as how they managed, secured and reported on those assets.  A quick infographic on the survey results appears below this blog post.

What Did We Learn?
For one thing, we learned that virtualization admins aren’t totally outside of the security lifecycle, in fact, many of them participate willingly:

  • 58% said they use security tools regularly (but most of that is antivirus!)
  • 49% say they patch regularly
  • 30% says they scan assets weekly, at least

This told us there is an interest, if not willingness, to participate in reducing the risk of the overall organization.  The fact that well over half of respondents said “yes, we use security tools regularly” is very encouraging, but…the most often security technology cited was antivirus.  Clearly, antivirus as a security technology is not going away any time soon, but in light of the recent successful, high profile attacks, it’s been proven over and over again that AV is no longer a match for the sophisticated methods of attack being employed today.  More encouraging is the almost 50% of combined responses that indicate security scanning and configuration management is in use. The full survey is available for download here.

Retina Plug-in for VMware vCenter
The early returns from this survey served to validate our thinking when it came to our newest release, which we announced today – the Retina Plug-in for VMware vCenter.  With this new capability driven by the proven Retina Network Security Scanner, we’ve made it incredibly simple for VMware admins to help their organizations reduce the security risks that might be associated with their virtual environments.

By adding a security plug-in directly into the vCenter management interface, VMware admins don’t have to leave their current workflow and processes to quickly determine the security posture of their virtual images they’re managing. This was a big value-add noted by the early beta-testers of the tool. This newest release adds to our long list of specific capabilities, which include online and offline scanning of virtual guests, as well as the industry’s only solution for scanning virtualized applications delivered via VMware’s ThinApp technology.

One of our goals at BeyondTrust is to always ensure we’re developing highly useful security and compliance solutions, those that are easy to deploy and use on a daily basis. We’re confident this newest release fits that bill.

If you’d like to try the Retina Plug-in for VMware vCenter for yourself, you can get your license here.

Virtual Insecurity Infographic FINAL

Tags:
, , ,

Leave a Reply

5 Responses to “Virtual Insecurity, and Ways to Combat It”

  1. Mark

    Create secure VM builds via vulnerability and configuration scans. Harden the VM host to prevent the host from being compromised to hack the VMs on the host.

    May 15, 2013 1:32:00, Reply
  2. Brent

    Retina Plug-in for VMware vCenter sounds great. Previously we added virtual switches, virtual firewalls, and HBSS software.

    May 15, 2013 2:01:33, Reply
  3. Taylor

    VMware products use a default username of root for administrator authentication. A good practice is when you set the root password to make it very long and complex. Then lock the password away in storage and never use it again. You would then create a new user with root privileges and use that user for your maintenance access. Also, you never want to delete the root user account.

    May 15, 2013 2:35:15, Reply
  4. Greg

    - Getting better vm density (ROI) using a vm host-based security client that does endpoint security for all the vm guests.
    – Getting better visibility into intra-VM communication with network vm gateway devices.
    – Requiring two factor auth for vm admins.
    – Logging the vm management layer to detect suspicious behavior.
    – Getting a handle on vulnerabilities across the vm environment with the Retina plug in or Nexpose’s vm integration.

    But probably the most important thing is learning about the vm environment and then maintaining close connections with the infrastructure teams.

    May 15, 2013 4:33:47, Reply
  5. Ruggero Cozzi

    It is possible to get more information about the Retina plug-in system, and other of your products, in spanish?

    May 31, 2013 11:13:22, Reply

Additional articles

How To Implement The Australian Signals Directorate’s Top 4 Strategies

Posted October 20, 2014    Morey Haber

The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate, has developed a list of strategies to mitigate targeted cyber intrusions. The recommended strategies were developed through ASD’s extensive experience in operational cyber security, including responding to serious security intrusions and performing vulnerability assessments and penetration testing for Australian government agencies. These recommendations…

Tags:
, , , ,
asp-mvc

Exploiting MS14-059 because sometimes XSS is fun, sometimes…

Posted October 17, 2014    BeyondTrust Research Team

This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists…

Tags:
4bestpracticesaudits-blog

Four Best Practices for Passing Privileged Account Audits

Posted October 16, 2014    Chris Burd

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. Your process for delegating privileged access to desktops, servers, and infrastructure devices is a massive target for the auditor’s microscope. An audit’s findings can have significant implications on technology and business strategy, so it’s critical to make sure you’re prepared…

Tags:
, , , ,