Hezi Moore, co-founder and CTO of Reflex Security, has a nice 3-part primer on how to start thinking about your virtual networks as a guest post on VMblog. While Hezi does mention virtual appliances, he avoids turning this into an ad for Reflex.
However, virtualized environments face unique network security challenges that can affect the entire organization. Adding
security to your virtual network, such as a virtual security appliance,
can protect critical resources from intrusion, theft, service denial,
regulatory compliance conflicts or other consequences.
Fortunately, by combining prudent security measures with advancing virtualization technologies, organizations can adopt
and deploy “defense in depth” best practices without the traditional
high costs and complexities associated with physical infrastructure and enjoy the benefits of a virtualized architecture while avoiding excessive risks. …
Virtualized environments are difficult to visually
inspect and due to virtual server mobility and related issues, they
often have dynamic configurations and server populations. In this context, threats can easily spread, devices can be overlooked, and inappropriate activity can be concealed. To
prevent configuration oversights, rogue devices, auditing omissions and
other issues, the security system should maintain persistent awareness
of all virtualized devices, services and communications.
Primarily, organizations have four alternative or
complementary approaches to secure virtualized environments: physical
network security devices, physical device / VLAN configurations, host
intrusion prevention systems and virtualized network security systems.
Leverage virtualization platform to enable security
virtualization can present new security challenges, it is a powerful
technology that can have a significant impact on an organization’s
ability to become more efficient, effective and productive. Organizations
should determine not only what business applications can benefit from
virtualization but also what IT applications can benefit from
virtualization and use this trusted platform as an enabler. Determine
which physical devices make most sense to deploy in virtualization and
utilize complementary software like virtual security appliances to
provide the following capabilities in the virtual environment:
- Policy enforcement
(And thanks, Dave, for getting this kind of original article out alongside the comprehensive industry and blog news you can find at VMblog.com)