|
|
McAfee Inc. Release date: March 27, 2008
McAfee's Foundstone Professional Services Outlines Security Best Practices for Virtualized Environments
CANNES, France, Feb. 27 -- McAfee, Inc. (NYSE:MFE), the world's largest dedicated security company, today unveiled the industry's first service designed to help organizations securely deploy virtualization technologies.
As part of its strategy to provide the most complete solution for secure virtualization, McAfeeŽ FoundstoneŽ Professional Services also outlined a set of security guidelines covering people, processes and technology to educate enterprises adopting virtualization technologies.
"With the popularity of virtualization and the rush to reap its benefits, companies may not always follow the best security best practices," said Bill Hau, vice president of McAfee Foundstone Professional Services. "Many of the security practices that work in physical computing environments also work in the virtual world, yet there are some unique requirements. Our new service will help customers meet the security requirements of these new virtual environments."
"The new Foundstone Professional Services offering complements the robust security features built into VMware virtualization software," said Brian Byun, vice president of global partners and solutions at VMware. "Together, VMware and McAfee will ensure that customers can continue to run their virtualized environments with even greater security than purely physical environments."
McAfee Foundstone Professional Services helps enterprises create, deploy and maintain virtual infrastructure with the highest possible security. Foundstone consultants help identify and mitigate the risk to a virtual infrastructure by reviewing the people, processes and technology surrounding this virtual deployment.
"By formulating a holistic approach to people, process and technology, security professionals can be confident that their virtualization strategy is in line with the rest of their traditional security policy," said Hau. "Organizations can now enjoy the full benefits of virtualization with enhanced security by taking a risk based approach. This is not only recommended but critical when making any such large and revolutionary changes."
Virtualization Security Requirements
Virtualization is generating global momentum because it can deliver significant business benefits for customers: reducing capital and operating expenses, assuring business continuity, strengthening security, and going green.
However, the security implications of adding virtual machines to a corporate environment also need careful consideration. In a 2007 InformationWeek survey of IT professionals, only 12 percent said they had put strategies in place to protect their virtual machines.
Just as with physical systems, IT organizations using virtualization technologies must focus on people, processes and technological considerations associated with securing their operations. Some of the items enterprises need take note of when deploying virtualization technologies include:
o Data protection. Just as with physical systems, users should consider what data will be stored on virtual systems. A breach may expose organizations to a disclosure threat. Virtual disks are typically stored on the host in an unprotected format, so encryption and strong access controls should be considered where appropriate.
o Management controls need to be protected. Many virtual machine (VM) management Web consoles come with self-signed SSL certificates that should be replaced with certificates issued by trusted third parties, to prevent man-in-the-middle attacks. Also, just as with physical environments, organizations should understand the risk of exposing management interfaces to the Internet, or even extended populations of their own user base. The impact of management traffic being intercepted could be significant.
o It is important to consider what access users have with respect to the host. To manage such provisioning and authorization it may be wise to create and designate new roles including virtual machine (VM) administrators, VM authors and VM users.
o Administrators must understand the nuances and possible attacks on the systems they are deploying. While this is true in physical environments as well, virtualization technology has its own unique characteristics that add or change the attack surface. These must be understood given its role in the infrastructure.
o Hardware or firmware changes on a physical machine could affect confidentiality, integrity and availability of the virtual machines running on that machine. On a similar note, tried and tested patch management techniques in use today may have to be augmented to deal with virtualized infrastructures. Organizations need to track what software, including applications, is installed on their physical and virtual systems and keep up with patches, including the virtualization software itself
o Asset and inventory management. Organizations and administrators must always maintain control of the number of licenses in use especially as virtual machines are created, retired or duplicated.
o Contingency planning and disaster recovery strategies can be optimized to gain significant synergies from virtualization deployments.
McAfee's security risk management offerings are fully compatible with virtual environments and can help enterprises create a safe computing environment. ePolicy OrchestratorŽ, McAfee's award-winning security management technology, provides powerful unified management, reporting and auditing features for physical and virtual systems.
McAfee offers additional insight into securing virtual environments in "Virtualization and Risk - Key Security Considerations for your Enterprise Architecture," a new paper available at http://www.mcafee.com/virtualization/. For more information about the Foundstone Virtual Infrastructure Security Assessment service visit http://www.foundstone.com/virtualization.
Availability
Foundstone's new Virtual Infrastructure Security Assessment is available today.
About McAfee, Inc.
McAfee, Inc., headquartered in Santa Clara, California, is the world's largest dedicated security technology company. It delivers proactive and proven solutions and services that secure systems and networks around the world, allowing users to browse and shop the Web securely. With its unmatched security expertise and commitment to innovation, McAfee empowers home users, businesses, the public sector and service providers by enabling them to comply with regulations, protect data, prevent disruptions, identify vulnerabilities and continuously monitor and improve their security. http://www.mcafee.com/.
FCMN Contact: diana.williams@redconsultancy.com
Source: McAfee, Inc.
CONTACT: Joris Evers of McAfee Inc +1-650-488-7448 joris_evers@mcafee.com
or
Ian Bain of Red Consultancy +1-415-618-8806 ian.bain@redconsultancy.com, for McAfee, Inc.
Web site: http://www.mcafee.com/ http://www.foundstone.com/virtualization
Company Information:
Name: McAfee Inc.
Address: 3965 Freedom Circle
City: Santa Clara
State: CA
ZIP: 95054
Country: USA
Phone: 888-847-8766
http://www.mcafee.com
|
Other News from this company: |
 |
McAfee, Inc. to Present at the Citi Investment Research Small & Mid-Cap Conference
|
|
|
McAfee, Inc. to Present at the Morgan Stanley Technology Conference
|
|
|
McAfee, Inc.'s Foundstone Professional Services to Provide Certified Ethical Hacker Training Course
|
|
|
McAfee, Inc. to Present at the Goldman Sachs Technology Investment Symposium 2008
|
|
|
McAfee's New Secure Web Platform Steers Millions of Consumers to the Secure Internet
|
|
|
McAfee, Inc. Enhances Award Winning Support Portfolio Tailored to Meet Changing Enterprise Customer Demands
|
|
|
McAfee, Inc. Welcomes Nine New Partners to Its Security Innovation Alliance Program
|
|
|
McAfee, Inc. ePolicy Orchestrator 4.0 Gives Customers a New Way to Manage Security and Compliance
|
|
|
McAfee Partners with Cox Communications to Provide Comprehensive Security Suite That Protects High-Speed Internet Customers
|
|
|
McAfee, Inc. to Present at the Lehman Brothers Global Technology Conference
|
|
|
McAfee, Inc. Launches Premier Security Risk Management Event
|
|
|
McAfee, Inc. to Acquire SafeBoot B.V. for $350 Million
|
|
|
McAfee, Inc. to Present at Virus Bulletin 2007 Vienna
|
|
|
McAfee, Inc. Launches Security Innovation Alliance
|
|
|
McAfee, Inc. Secures Virtual Machines
|
|
|
Vulnerability Advisory: McAfee, Inc. Solutions Protect Against Four Newly Disclosed Microsoft Vulnerabilities
|
|
|
McAfee, Inc. to Present at ISACA's Information Security Management Conference
|
|
|
McAfee, Inc. to Present on Data Leakage Prevention at Infosecurity New York
|
|
|
McAfee, Inc. to Present at VMworld 2007 on 'Uncompromised Security - Virtual Machines at Work'
|
|
del.icio.us
DIGG
Facebook
Reddit
StumbleUpon
Twitter
![[Get Copyright Permissions]](http://license.icopyright.net/images/icopy-w.gif){kind=small}
