More and more companies start to use virtualization every day. VMware is aiding companies moving to virtualization by offering two free products to support. Many users start off by using virtualization for evaluation purposes and as they realize the benefits of virtualization they plan to move to production use later.
However, one reason why users are hesitant to virtualize their production servers is the lack of network security in such an environment. By using physical servers you can place dedicated firewalls between the servers and/or the Internet for protection. This has not yet been possible in virtual environments. VMware addressed this need in their new vSphere product by adding “vShield Zones”, an integrated, statefull firewall which solves basic network security needs. But this offering has two problems:
First, it is only available in the upper, more expensive vSphere editions, which leaves SMB customers that can only afford the entry editions in the dark. Second, trying to address state of the art malware and attacks with this is like trying to use chainmail to protect police offers in their fight against modern gangs with advanced automatic guns. Basic protection does not withstand modern attacks. In order to protect your IT infrastructure, physical or virtual, you need state of the art enterprise security products to detect and neutralize modern malware, botnets and other attacks.
Besides a statefull firewall, which is a good start, you need a proven Intrusion Prevention system (IPS) as well as malware and reputation filters to protect the common attack vectors of web surfing and email reading – this includes encrypted ones. Especially small and medium sized businesses need an affordable, easy to use yet complete security solution which is able to run within a virtual environment.
The original article/video can be found at Virtualization – basic protection does not withstand modern attacks