Kaspersky Lab’s Vitaly Mzokov talks to CBR about the five big trends for virtualisation in security this year.
More attacks and more damage
The number of attacks on corporate players will continue to grow. It is not only that global companies use or do not use virtualisation (at the moment more than 75% of businesses have been virtualised), but the question is whether they are able to watch all the processes occurring in the infrastructure in terms of information security. Because of the complexity of large corporate infrastructures and complicated relationships among different systems within it, attack detection time will increase, along with the damage. This means that more and more systems will be at risk next year.
In a large corporation, everything is interconnected. If one of the interconnected systems is infected, then the infection rapidly spreads across the whole infrastructure. One can identify the symptoms and understand that something’s wrong, but identifying all the infected areas to find the source and eliminate it can be difficult. Especially if one does not get to monitor everything that is going on inside the systems. In such cases, an organisation might not even know it is under attack for months or more. A breach can be damaging, but a breach that no one has noticed is much more dangerous.
Of course, it does not mean that solutions for virtualised environments alone can eliminate all the risks associated with the infrastructure’s complexity. Corporations need to implement complex security strategies beyond an outdated perimeter-based “antivirus can protect me from everything” approach. There are tailored solutions and services available, such as penetration testing, APT reports, cybersecurity training for employees, and more.
Corporations to invest more in hybrid cloud protection
The transition from private to hybrid clouds will definitely gain more traction in the next five years, with corporate environments being composed of private IT infrastructure and public cloud infrastructure. 2017, corporations will have more systems that can and should be taken outside the corporate perimeter and placed closer to the customer. Public cloud environments make it easy to do this.
By 2020, the growth of public cloud infrastructure, and the resulting costs of the infrastructure and security solutions for it, are likely to increase by 2.5 to 3 times, compared to what industry analysts showed this year. Major cloud providers, such as Microsoft Azure, Amazon Web Services (AWS) and Google, are far ahead of competitors not only because of better reliability, availability or coverage area, but due to more sophisticated end-user experience and delivering a comprehensive set of automation and integration capabilities for workloads located in cloud.
Bringing a combination of on-premise and off-premise environments under a single architecture and unified management results in specific security requirements where traditional security solutions are a ‘no go’. This is because they do not provide a full set of security capabilities for elastic corporate hybrid clouds, nor can they immediately and effectively follow infrastructure changes and support business growth.
Mobility challenges call for unified security
The larger the enterprise, the more control it needs in order to ensure security in how users interact with different business systems. Given that users are becoming more mobile and require seamless access to business services and applications from wherever they are, many corporations will find themselves implementing enterprise mobility management software for thousands of endpoints. This will require powerful yet resource-efficient security solutions to be tightly integrated with those enterprise mobility systems.
Problems with mobile devices fall into two major categories – data loss and possible hacks through a variety of malicious applications. While implementing VDI does reduce the risk of data loss and the prevention of unwanted intrusions, there are still challenges for unified security management to ensure the same high level of protection is available and efficient across various operating systems and devices for mobile productivity.
Ransomware continues impact on VDI
In terms of specific threats, it is worth mentioning ransomware because Crypto-locker and Crypto-malware threats will become a headache for virtualised desktops.
Ransomware can hit a virtual desktop as well as a physical workstation, but when it comes to VDI, the risks are significantly higher. An infected virtual machine is linked to a data centre, which means that localization and neutralization of the malware in virtual workspace might have an impact on all infrastructure and business processes. If malware makes its way to the golden image — a template used for creation of new virtual desktops — hundreds of the infected ones will be appearing every day.
Therefore, the challenge of VDI protection will go beyond the perimeter security to the level of each virtual machine where traditional endpoint protection solutions cannot help. Organisations must find efficient solutions, designed specifically for virtualised environments.
Virtualisation security is focusing on integration
Security solutions that can be integrated into the virtualisation infrastructure at a sufficient level to detect cyber-attacks in their early stages, as well as those that deliver malicious activity information to the components of the corporate environment to make quick decisions that isolate and analyse the threat, will be those that businesses opt for in 2017.
Through the integration between the infrastructure and security solution, enterprise-level customers are aiming to increase their reaction speed in response to security incidents, with the infrastructure and its automation platform executing management decisions and applying the changes.
Finally, in constantly changing enterprise-level environments, there is always a risk of missing some virtual machines, especially offline ones, when executing an on-demand scan. Enterprises are looking at finding the easiest ways to make sure that powered off machines are not infected without powering them on.