Contents

• Summary of Findings
• Analysis
  • Protection of Virtual Infrastructure: An Architectural View
    • Traditional Security Mechanisms
    • Virtualization Objects and Events to Protect
  • The Concerns
    • Zoning
    • Workloads in Motion
    • Anti-Malware and Patch Management
    • Storage-Layer Security
    • Administrative Privilege Controls
    • Configuration Management
    • Denial-of-Service Controls
  • Vendor Ecosystem
  • Standards Environment
  • Customer Experiences
  • Strengths
  • Weaknesses
• Recommendations
  • Weigh the Value of the Ecosystem
  • Be Cautious About Hypervisor Isolation, but Recognize That Security Concerns Are Decreasing
  • Prepare for Anomalies in the Future?
  • Be Cautious in the DMZ
  • Reconnect Security Architects and Operations
  • Secure the Control VM
  • Consider All Communication Channels
  • Beware the "VM in Flight" That Crosses (Physical) Borders
  • Ask Third-Party Virtualization Security Vendors A Lot of Questions
• The Details
  • Vendor Solutions
    • Virtualization Platforms
    • Third Parties
  • Virtualization Security Backgrounder
    • The Benefits of Virtualized Security
    • The Drawbacks of Virtualized Security
• Recommended Reading

Tables

Figures