1 / 8

The Dynamic Nature of Virtualization Security

The Dynamic Nature of Virtualization Security . The need for real-time vulnerability management and risk assessment. A white paper by Rapid7 August 2012. Contents. Forester Research Inc. Vulnerability Management of Virtualization Security Challenges Solutions Risk Intelligence Conclusion.

haruko
Download Presentation

The Dynamic Nature of Virtualization Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Dynamic Nature of Virtualization Security The need for real-time vulnerability management and risk assessment A white paper by Rapid7 August 2012

  2. Contents • Forester Research Inc. • Vulnerability Management of Virtualization Security • Challenges • Solutions • Risk Intelligence • Conclusion

  3. Forester Research INC, Jan 2012 • Virtualization New Norm • Deploying Physical Server  Exception • 85% Organizations x86 Server Virtualization • 2014 • 75% All Servers Virtualized

  4. Vulnerability Management Solution • Deployable as a virtual machine (VM) • Discover and scan VM’s as they spin up and down for vulnerabilities and misconfigurations • Detect snapshot rollbacks and scan after restores • Track asset migrations and proactively monitor their security postures

  5. Challenges: • ON or OFF? • Snapshot Rollbacks • Virtual Machine Migration

  6. Solutions: • Automated Discovery and Scanning • configure VMS to automatically scan critical resources when activated & send report • Rollback Detection and Automated Scanning • Automated Scanning to track migrations • Do you see a theme?

  7. Rapid7 Security Risk Intelligence • Rapid7 Security Risk Intelligence is a data-driven approach to risk assessment and vulnerability management that weighs the value of data sets when measuring risk. Rapid7 offers a powerful combination of innovative vulnerability management and penetration testing solutions along with deep security expertise to identify and prioritize the dynamic security risks of virtualized environments. • Rapid7 Nexpose is the industry’s first vulnerability management solution with capabilities, such as Continuous Discovery, designed specifically for virtualized environments. Working closely with VMware, Rapid7 continues to add virtualization-specific capabilities into Nexpose, its vulnerability management and risk-assessment solution. Nexpose is the only third party vulnerability management solution included in the VMware security reference architecture. • Additionally, Rapid7 Metasploit can be used in conjunction with Nexpose to validate risk in IT environments based on actual exploitability of vulnerabilities, both in physical and in virtual environments.

  8. Conclusion • Be wary of white papers, after all they are ONLY the opinions of the author. • Be more selective in my search for white papers.

More Related