Subscribe to Email Updates

Subscribe

servers-data-center.png

Doing More with Less: Leveraging Virtualization and Hyperconvergence for IT Management

By Liviu Arsene on Aug 09, 2017 | 0 Comments

Virtualizations plays a critical role in today’s data centers, as it was designed to reduce operational costs while boosting performance and efficiency. The emergence of software-defined data centers (SDDC) and hyperconverged infrastructures (HCI) that rely on an extra abstraction layer enables faster provisioning of storage, compute and networking resources while offering IT admins an automation architecture through the use of APIs and policies.

 

The benefits of such architectures are vital to businesses and security needs to promote rather than hamper the benefits of the corresponding datacenter initiatives. If the primary advantage of a SDDC is agility and single-pane-of-glass visibility across the infrastructure, security needs to meet the same kind of expectations. Integrating security out of the box with key SDDC technologies, such as the VMware stack, is key to efficiently deploying and administrating the overall security posture of the data center.

Currently deployed security technologies are built to protect physical and virtual endpoints using the same full-agent approach, when clearly virtual workloads will not be able to handle the “stress” caused by traditional security. Storage and networking are also treated as separate silos in terms of security and managing all of them becomes just as cumbersome and complex as the pre virtualization and hyperconvergence era. Because of this decentralization, companies are seeking solutions that leverage virtualization and hyperconvergence for IT management and security, so that they can become truly agile both internally and for their customers.

Building these fully integrated security solutions requires collaboration between virtualization and security vendors to create more than just secure infrastructures but also user-friendly management systems that offer single-pane-of-glass visibility across the entire company infrastructure in terms of security capabilities.

As SDDCs drive down infrastructure costs because of higher VM density, it is critical for the security solution to enable maximum VM density and continuous coverage, regardless of the location and function of virtual environments. The security solution also needs to support heterogeneous physical, virtualized and cloud environments as well as multi-hypervisor environments while offering linear stability in line with the SDDCs performance.

Organizations can fully benefit from virtualization and cloud as some security solutions have been designed to adapt to any environment (physical or virtual) and any type of infrastructure (local, cloud or hybrid cloud). Highly resilient and customizable, these security solutions can grow organically by automatically cloning virtual security appliances and balancing infrastructure and security performance.

Critical to any IT admin is a centralized management console to handle policies, monitoring and incident responses. Any security architecture should offer this, as a unified management console can provide complete visibility across any physical and virtual workloads, both on premise and in the cloud.

When deploying the feather-light agent on any workload, it can automatically morph based on the operating system of the machine, to expedite installation with minimum intervention from the IT admin. Featuring layered security technologies, the security agent can offload scanning and security updates from the machine to a security virtual appliance, to avoid impacting the overall performance of the machine or creating unnecessary network traffic or AV storms.

Fully leveraging the hypervisor, these security solutions built for hyperconverged infrastructures can offer unprecedented visibility into workloads, as they look directly into the raw memory of VMs to identify advanced threats and guarantee the integrity of in-guest applications. Memory-based hypervisor introspection will significantly increase the cost of attack for cybercriminals while boosting security of virtual workloads. Security from outside the operating system is essential for virtualized environments, as advanced malware and zero day vulnerabilities may compromise the integrity of in-guest security tools. Hypervisor introspection eliminates security blind spots virtual infrastructures, solving the “context vs. isolation” dilemma that traditional security solutions have struggled with since virtualization emerged.

With a datacenter performance improvement of up to 20% versus traditional security vendors, this type of security solution can also help organizations and companies reach HIPAA and PCI DSS compliance. Combining all the security services organizations need into a single delivery platform helps organizations build and maintain a strong security posture while reducing operational costs.

Providing universal coverage across any form factor, such as workstation, server, embedded and mobile, the security architecture uses cutting-edge security technologies to protect organizations against advanced attacks. Offering antivirus and antimalware with behavioral monitoring, zero-day threat protection, through advanced anti-exploit detection, powerful anti-ransomware defense, application control and sandboxing, firewall, device control and content control with anti-phishing, the multiple layers of security it employs increases the cost of attack for cybercriminals while enabling single-pane-of-glass visibly into security across the entire infrastructure.

Using security solutions and technologies specifically built to be fully integrated with hyperconverged infrastructures means that organizations can do more with hardware, as performance won’t be affected and security management will be streamlined. Optimizing costs, boosting security, and gainng time from efficient management, organizations can become agile and do more with less of a hassle, at least from a security perspective. 

 

Share This Post On

Author: Liviu Arsene

Liviu Arsene is a Global Cybersecurity Researcher for Bitdefender, with a strong background in security and technology. Researching global trends and developments in cybersecurity, he focuses on advanced persistent threats and security incidents while assessing their impact in critical public and private business infrastructures. His passions revolve around innovative technologies and gadgets, focusing on their security applications and long-term strategic impact.