• No results found

Secure your Virtual World with Cyberoam

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Secure your Virtual World with Cyberoam"

Copied!
6
0
0

Loading.... (view fulltext now)

Download now ( 6 Page )

Full text

(1)

Secure your Virtual World

with Cyberoam

(2)

... Rising Data Center costs

... Ever-increasing demand for data storage ... Under-utilized processors

... Break-budgeting energy costs

Organizations nowadays are crumbling under these adversities. They trigger the need for technologies which can handle the explosion of Data all over the globe. As a direct consequence technologies like Cloud Computing and Virtualization have dawned.

As stated by VMWare®, “The term virtualization broadly describes the separation of a resource or request for a service from the underlying physical delivery of that service.” In other words, virtualization decouples a resource from its underlying hardware, reducing their inter-dependency. With

virtualization, you can have more than one resource running on a single hardware platform or the other way round, multiple hardware combined to support a single resource.

Virtualization – The Why and the What

Presently, Virtualization is the buzzword among IT circles. And seeing all the benefits that virtualization offers, why should it not be? Here are some of them.

Why everyone is going nuts about it?

IT Consolidation: Disaster Recovery/High Availability:

Virtualization minimizes the very common but Since virtual machines are easily replicated,

unnecessary issue about 'Server Sprawl' backed up, and moved from one machine to

wherein a large number of server machines run another, virtualization greatly simplifies

at a very low rate of usage resulting in waste of recovery in the event of system failure and

internal as well as data center resources. It even reduces planned downtime.

facilitates consolidation of many physical

servers and storage units into one virtual server Test and Development Optimization:

or storage pool, resulting in an increase of Virtualization enables you to maintain complex

server utilization rates from 5-15% to 60-80%. development and testing environments even

with limited resources. With virtualization, you

Cost Savings: can run multiple operating systems and

Capital Cost Savings come in the form of versions on fewer servers and workstations.

reduced expenses for hardware acquisition and potential savings for data center real estate. The primary cost benefit comes from the drastically reduced number of physical servers necessary to support your

infrastructure. On the other hand, Operational Cost Savings stem from reductions in power and cooling costs, management costs and the costs associated with server downtime.

Presently, Virtualization

is the buzzword among

IT circles

(3)

We cannot ignore the security quotient –

no matter what

Virtualization has been employed by organizations far and wide. The most common virtualization setups that we see are Virtual Data Centers, Office-in-a-box setup and MSSPs. While you will find organizations sporting Virtual Data Centers mostly, Office-in-a-box setups are coming more and more into the mainstream owing to the popularity of Desktop Virtualization. On the other hand, MSSPs bank on the cost savings, scalability and ease of management that virtualization offers to provide better security management services.

Virtualization has come as a boon to organizations employing these various kinds of virtualized environments. It does cut costs and greatly enhances ease of management, yes. But, is it as sparkly and glamorous when analysed through the security dimension? After all, we cannot ignore the security quotient – no matter what.

When each kind of virtual environment is analysed on the Security front, some glaring risks come to surface:

Data Center virtualization helps organizations to achieve greater efficiency and performance, in addition to helping them reduce infrastructure complexities, management costs, power and cooling costs. But, what it falls behind on is Security. Virtual Data Centers face the following security issues.

Virtual Data Centers

Threats typical to physical networks are exploitable. Given the privileged level that the

carried over to their virtual counterparts hypervisor holds in the stack, hackers have

All the various types of threats that haunt already begun targeting this layer to potentially

physical networks target virtual ones with compromise all the resources hosted above it.

equal, if not greater, ferocity. Malware infection

in the form of legacy viruses, Trojans, rootkits, Virtual Blind Spots render existing security

keyloggers and others; Spam, cyber attacks, policy enforcement mechanisms useless

data theft, intrusion etc.: you name it and it Most virtualization platforms involve creation of

would surely be in the list. The catch lies where software-based virtual networks and switches

the physical network security solutions, inside the physical host to enable seamless,

although very capable in protecting physical direct communication among VMs. This traffic

networks from these threats, fall behind when it cannot be scanned using physical

network-comes to virtualized environments. based security protection devices, such as

network-based IPS, because they cannot be

Compromise of the Virtualization Layer placed inside the virtual environment.. This

causes havoc in all the hosted resources creates a Virtual Blind Spot which makes it

Virtualization introduces an additional layer, impossible to interpose any security scanning

Virtualization Layer, in the IT infrastructure thus by a physical device on inter-VM traffic.

widening the target space for attackers. Like any software written by human beings, this layer would inevitably contain embedded and

(4)

Resources of different trust levels are server platform. This is great for consolidation,

consolidated onto a single physical server but how will IT track user access and

In traditional network environments critical behaviour? Without this visibility, it is hard to

servers are often located in their own imagine how desktop virtualization can support

dedicated VLANs, isolated from guest networks regulatory compliance requirements.

and the WAN. However the boundary between VMs is not as clear cut as in the case of physical servers. A critical server can at times

MSSPs bear the responsibility of many be deployed on the same physical host as a

organizations' security requirements. Many VM with far lower priority. Lower priority VMs

MSSPs have migrated to virtualization because have lower security requirements and have a

it offers great ease in scalability and higher chance of being compromised.

management. However, virtualization comes Attackers can most likely use these neglected

with its own set of security concerns. Hence, VMs to gain access to the critical ones.

these MSSPs themselves tend to fall behind on the security front when they employ virtual

One malicious VM infects all others around

environments.

it

Owing to lack of defined boundaries among

Predictably, all security issues pertaining to the VMs, introduction of a single malicious

virtualization come into the picture here. software or resource into a virtualized

Additionally, MSSPs have to deal with the environment has the capability of infecting the

following. entire system. Since traditional security

systems are blind to activity between virtual

Security Infrastructure fails to grow with the

systems, they cannot detect the spread of the

business

virus among VMs in a single physical server,

MSSPs face the challenge of handling the and possibly beyond, if the VM is linked to

growth and expansion of their business or other applications on different servers.

customers' business that requires immediate capacity upgrades. Managing multiple virtual appliances for security of their or customers'

Office-in-a-box setup involves desktop networks requires a centralized security

virtualization which tends to bring almost the management solution for consistent security

entire IT infrastructure of an organization onto a policies across branch offices and customer

single server or “box”. While desktop networks.

virtualization can help lock down PC configuration and centralize data, several security challenges remain, such as:

Users may prove to be the weak link

With users accessing their entire desktop over the network, weak authentication can give hackers and social engineers easy entry to the network.

Tracking user activities in the network is difficult

In a virtual desktop environment, dozens of user desktop images can share a common

MSSP

Office-in-a-Box Setup

Many MSSPs have

migrated to Virtualization

because it offers great

ease in scalability and

management.

(5)

Cyberoam: Leading network security for virtual

environments

Cyberoam offers industry-leading network security for virtualized environments, with its range of virtual security appliances which can be deployed as UTMs or Next Generation Firewalls (NGFW). Cyberoam gives administrators the flexibility to deploy a mix of physical and virtual appliances in their network, offering a comprehensive and dual-protective layer: one outside the virtual environment and one on the inside.

Cyberoam virtual network security combats with undeterred dedication all the traditional security threats even in a virtual environment. Over and above that, Cyberoam offers:

Inter-VM traffic scanning overcomes Virtual Cyberoam's AAA provides strong

Blind Spots and inter-VM malware infection authentication and comprehensive reporting

Since Cyberoam sits right there inside of the In an office-in-a-box setup that employ desktop

virtual network, it eradicates the possibility of virtualization, since the virtual infrastructure

Virtual Blind Spots as well as inter-VM malware hosts the entire user workgroup, User-Identity

infection by tapping into all inter-VM traffic. This based control and visibility becomes even

allows administrators to apply granular firewall more important. Cyberoam's Layer 8

Identity-and security policies, Identity-and Anti Virus scanning based security policies offer user

over inter-VM traffic. authentication, service authorization and

reporting (AAA) to secure the VDI

Prevention against Hyperjacking and environments.

Virtualization Layer vulnerabilities

Cyberoam enables administrators to segment Cyberoam's vCPU-based licensing model

the hypervisor management console in DMZ facilitates flexible growth of security

and route all traffic through Cyberoam infrastructure

appliances. The Intrusion Prevention System The licensing model for Cyberoam appliances

on Cyberoam can be positioned to scan Inter- is based on the number of vCPUs, giving

VM traffic as well as VM to hypervisor traffic, deployment flexibility to organizations and

and ensures that it is clean and threat-free. MSSPs, as opposed to being based on

Web Application Firewall protection on concurrent sessions and number of users

Cyberoam blocks attacks that exploit which are difficult to predict before-hand.

vulnerabilities in the virtualized web Furthermore, Cyberoam allows easy license

applications. upgrade, providing efficient scalability. So,

even when your business expands, you don't

Role-based Administration separates out have to worry about its security.

management of resources with different

trust levels Cyberoam helps in keeping up with

Since virtualized environments do not provide regulatory compliances

hard-lined boundaries between the various In virtualized environments that hold sensitive

virtual subsystems, the decision about who is information and office-in-a-box setup,

to maintain what becomes a difficult one to compliance and privacy requirements become

take. As a solution to that, role-based difficult to achieve. By segregating and

(6)

Conclusion

Virtualization has brought in an entirely new genre of computing technology into the world of IT. It represents the ability to rapidly deploy new servers, maximum usage of hardware resources, and a more streamlined computing environment. As more and more businesses take the jump towards virtualization, the onus lies upon security providers like us to ensure that they take informed decisions and are secured once they do take the decision to switch.

The entire range of Cyberoam virtual security products includes Cyberoam virtual network security appliance (UTM, Next Generation Firewall), virtual Cyberoam Central Console and Cyberoam iView. They are Cyberoam's contribution to what is fast becoming the Virtual Revolution.

Toll Free Numbers

USA : +1-800-686-2360 | India : 1-800-301-00013 | APAC/MEA : +1-877-777-0368 | Europe : +44-808-120-3958 www.cyberoam.com | [email protected]

keep up with regulatory compliances by offering in-depth reports of activities in your virtual infrastructure.

Scalability and easy manageability via central management of hardware and virtual

appliances

Cyberoam virtual network security appliances (UTM, Next Generation Firewall) together with Virtual Cyberoam Central Console (CCCV) presents a Complete Virtual Security Solution, eradicating the need of deploying any physical security device in the network. Administrators can centrally manage their physical and virtual infrastructure using a single interface with Virtual CCC. It reduces the expense of separate

management consoles for physical and virtual environment needs as well as ensures

centralized, consistent and quick security actions across the network.

Cyberoam is backed by Veeam Backup & Replication Technology

Since data protection and recovery is becoming a major challenge in virtual environments, more and

more organizations prefer to employ backup and replication technologies such as that of Veeam. Veeam® Backup & Replication™ is Modern Data Protection™ that is built for Virtualizationwhich encourages organizations to maintain

redundancy within their network. Compatibility of Cyberoam virtual security appliances with such replication technologies provides an added advantage to administrators maintaining critical virtual environments, even in the face of disasters.

References

Download now ( PDF - 6 Page - 550.14 KB )

Related documents

Embedded Commands (NLP)

comfortable sensation in your hands, and if you feel them you think, "Of course I notice them." If you don't feel them you think, "Maybe I'm just not

Cyberoam Next-Generation Security. 11 de Setembro de 2015

The acquisition expands and deepens Sophos’ already significant product portfolio in network security, by combining Cyberoam’s Unified Threat Management (UTM), next-generation

Cyberoam Virtual Security Appliance - Installation Guide for XenServer. Version 10

There underlies a base virtual hardware configuration without which Cyberoam Virtual Security Appliance goes into “FAILSAFE” mode.. The base virtual hardware

Ut!* cash app free money generator no survey no human verification

One of the best things about cash app free money generator no survey no human verification is that this platform offers an outstanding affiliate program for people who want to

Compensation of carbon sequestration in forests : theory and practical applications

The well-established univariate optimal rotation model (Faustmann 1894, Samuelson 1976) with a net carbon subsidy (van Kooten et al. 1995) is used to evaluate the

Self-Evaluation Configuration for Remote Data Logging Systems

In this paper an attempt has been made in order to provide a system for the accurate estimation of the good operating condition of the core and of peripheral modules in data

Meeting the Challenges of Virtualization Security

Our coordinated approach to protecting virtualized environments consists of a VM-centric agent that can be deployed on individual virtual machines, as well as a security watchdog

Using Remote Operator 2/2010

However, note that if the file does not include images, Remote Operator will display a red 'X' in place of graphics.. The HMI cache files are in