Virtualization and Security Overview
Total Page:16
File Type:pdf, Size:1020Kb
SOLUTION OVERVIEW » Virtualization and Security Overview Virtualization and Security Overview Virtual Overview » Effi ciency: 60–80% utilization rates for x86 provide users computing resources such as RAM Until recently, hardware systems were designed servers (up from 5-15% in non-virtualized and hard drives. Consequently, the ability to exploit to run one operating system, and normally only systems) vulnerabilities in a physical environment presents one application per server. This approach left » Cost savings: More than $3,000 annually for a signifi cant threat to virtualized environments many hardware resources (CPU, RAM, storage, every workload virtualized as well. In addition, virtual environments are also targets for unique threats. network interface) vastly underutilized. With » Performance: Ability to provision new the introduction of x86 virtualization technology applications and systems in minutes instead Specifi c threats targeting virtual environments: in the late ‘90s, IT administrators started to of days or weeks » Communication blind spots – Network security eliminate the “one server, one application” model » Reliability: 85% improvement in recovery appliances cannot monitor communication by creating many virtual machines (VMs) residing time from unplanned downtime between VMs on the same host. Some on a physical server (hardware host). SMB Virtual Trends admins work around this by re-routing all communication through the appliance, but this » Server-virtual-cloud is analogous; SMBs introduces time lag. interchanging form factor across workloads » Inter-VM attacks – Once one virtual machine » 50+ seats, nearly all SMBs have a server (VM) is compromised, the rest of the VMs » Over 60% of SMBs are adopting virtualization become vulnerable. for servers and desktops » Hypervisor Compromises – Through less » SMBs that deploy a server for the fi rst time secure API, or by hyperjacking, a VM can be are more likely to deploy a virtual, cloud- used to attack the hypervisor. This new approach provided the ability for based server » Mixed trust Level VMs – VMs mixed with » 43% of mid-sized businesses are eliminating a single physical server to handle several mission critical and non-mission critical data, local, on-premise servers and moving to different application workloads while ensuring results in mixed trust levels. optimal performance and effi ciency of hosted, cloud-based virtual infrastructures » Instant On Gaps – This occurs when existing resources. Since then, a majority of IT » Hosted infrastructure is the largest and one admins rapidly deploy, clone, provision and organizations have deployed virtualization and of the fastest growing cloud services decommission VMs (e.g., test environments). have realized 50-70% cost savings on their Deploying and maintaining endpoint security in overall IT costs (source: VMware). Virtualization and Security Aside from form factor, virtual systems are not this scenario can be challenging. VMware customers report dramatic results when very different from physical systems. They use » Dormant VMs – Security defi nitions can become they adopt virtual infrastructure solutions, including: the same operating systems and applications and outdated. Reactivating these VMs can present a threat to the rest of the VMs on the host. Copyright © Webroot Inc. > December 2013 1 SOLUTION OVERVIEW AT LAST – PROFITABLE ENDPOINT SECURITY FOR MSPs Deploying virtual systems to achieve significant efficiency, performance and Summary cost savings is a step most IT administrators have taken or are considering 1. SMBs are moving towards virtual, cloud-based servers and desktops in the future. With over 60% of small to midsized businesses (1-1,000 2. Revenue growth areas exist in Virtualization, SaaS and Server Security products employees) and even more enterprises adopting virtualization, admins need to consider how best to utilize both physical and virtual systems, without 3. Virtual environments require protection that doesn’t impact performance adding complexity or negating the benefits offered by virtualization. or efficiency 4. Competitive approaches, i.e., agentless or signature-based solutions, are Virtual Protection Requirements not ideal for maximum protection in these environments » Protection that won’t impact performance or efficiency » Lightweight client for minimal impact to CPU and storage Webroot SecureAnywhere® Business Endpoint Protection » Endpoint solution must sit on each virtual machine and detect threats that do not exist as files, e.g., malware in memory Webroot SecureAnywhere® Business Endpoint Protection provides virtualized environments uncompromising security and maximum » Easy to manage performance using an innovative cloud-based design and resource aware - No dedicated infrastructure client technology. Webroot brings together innovative file pattern and - Same solution across all endpoints, including physical, virtual predictive behavior recognition technology, with the almost limitless power and even mobile of cloud computing, to stop known threats and prevent unknown zero-day - No constant, network-intensive signature updates attacks more effectively than anything else. Competing Solutions Using the world’s lightest and fastest endpoint security agent, scans occur in Agentless Approach minutes and never slow users down. In addition, because detection is in real Most of the major competitors have server- and virtual-specific products. time, it is always up to date, and provides protection against the latest threats For virtual environments, the top security vendors recommend deploying and attacks without the hassle of daily signature and definition updates. an agentless solution. This solution sits on top of the hypervisor and Webroot SecureAnywhere Business Endpoint Protection has an extremely depends on file system and network information passed on by the virtual small footprint on virtual machines, so it can be deployed to hundreds of infrastructure. No agent is deployed on the individual virtual machines. VMs without impacting performance or storage. Additionally, once installed This approach exposes systems to sophisticated threats because agentless on individual virtual machines, Webroot SecureAnywhere Business Endpoint methods do not account for threats in memory or that don’t exist as files on protection sits deeper on the Operating System, to enable maximum disk. Other negative consequences of agentless virtual protection: protection. Further, this superior protection secures physical and virtual » Workaround for overbearing signature-based protection solutions servers and desktops, so admins only have to manage one solution. » Higher costs KEY BENEFITS » Separate security application for admins to manage Revolutionary Security » Each VM depends on outside communication to remain secure Webroot cloud security intelligence virtually removes the window of » Not ideal for cloud-based servers since IT does not have access to the vulnerability that exists with other, signature-based endpoint security virtualization infrastructure solutions, and delivers real-time protection against all types of online threats. Signature Approach » Virtually eliminates the vulnerability exposure time between when an Customers also use signature-based security for their virtual environments. exploit is released and the time when it’s detected and can be removed The challenges experienced with signature-based security on a single system include high CPU usage, storage space consumption, long scan » Unique file pattern and behavior recognition technology determines if times, etc. Randomization or grouping scans and updates can help reduce endpoint activity is benign or malicious the resource intensiveness, but still requires significant downtime for a full » Instantly checks changed and new files and processes against our scan cycle. cloud malware intelligence database, the Webroot® Intelligence Network (WIN), to determine file and execution behaviors and track Sacrificing performance with traditional, signature-based endpoint security and understand their intent or exposing virtual environments to vulnerabilities through an agentless » Advanced threat intelligence detects known threats and those that approach are not ideal solutions. 2 Copyright © Webroot Inc. > December 2013 SOLUTION OVERVIEW AT LAST – PROFITABLE ENDPOINT SECURITY FOR MSPs have never been seen before, protecting against all known and zero- FAST FACTS day threats » Offline protection secures endpoints that are not connected to the Best unknown malware prevention Internet and offers powerful heuristics and the ability to manage ports » Revolutionary file pattern and behavior recognition technology and devices such as USB, CD and DVD drives » Predictive intelligence accurately detects if any file activity is » WIN constantly collects information on new and potentially malicious benign, or malicious files from across the globe, sharing it instantly to ensure up-to-the- » Virtually eliminates the window of vulnerability from minute protection emerging threats » No signature or definition file updates required Extremely fast and easy to deploy1 Ultimate Performance1 » World’s smallest endpoint security client/agent (<750KB) Webroot SecureAnywhere Business – Endpoint Protection sets new » Takes under 16 seconds to install standards in deployment time, scan speeds, system resources usage, and » Works alongside other security and software applications overall endpoint footprint size, to ultimately save you time and money.