Securing a virtual IT environment can pose challenges to enterprises that may not have full visibility of the data within their infrastructure.
Take virtual machines, or VMs, for example. Traffic between VMs residing on the same hypervisor is difficult to monitor because inter-VM traffic is switched locally on a virtual switch, says Dave Palmer, director of technology at Darktrace.
Palmer added that while companies can see the information running in and out of the server, the traffic inside is invisible, thus creating blind spots that can cause operational challenges – particularly in high frequency or tightly regulated environments.
“Many organisations today require overall visibility of all their data, including the packets passing between VMs, to strengthen their ability to pinpoint early indicators of cyber-threat in real time, and reduce operational risks.
“The challenge is to provide a solution that gives visibility of inter-VM traffic, while not impacting on performance of the server, and allowing for scalability,” he says.
To address this challenge, Darktrace has recently launched the vSensor virtual appliance that rides on its Enterprise Immune System capability to provide greater visibility into virtualised environments.
According to Palmer, vSensors bring a self-learning approach to security, which can permeate and retrieve data throughout the entire virtualised environment, so can even detect threats that have penetrated a multi-layer “stack”.
“When combined with Darktrace’s OS-sensors for cloud environments, lightweight, host-based server agents extend the immune system’s core visibility further. This self-learning approach can be applied to any network and all end points in the virtual-cloud environment,” he adds.
Although most major vendors in the virtual infrastructure space already tout some security management capabilities, Palmer says these are mostly products with improved perimeter defences that scan, detect and block malicious code on virtual machines.
However, he noted that they rely on regular admin monitoring and patching, and are secured on a piece-by-piece basis which means that malware can fall through the cracks. Furthermore,Palmer says individual protection technologies looking for specific code can fail, as malware can embed itself in the abstraction layer and re-image to avoid detection.
“Thus, there is a need for a holistic ability to detect attacks and maintain visibility across the entire digital network. This is the challenge that Darktrace’s Enterprise Immune System solves.
“Using machine learning and mathematics developed by specialists from the University of Cambridge, Darktrace’s immune system approach spots attacks early, giving security teams time to respond to threats before an incident becomes a crisis.”