Paper: A Comprehensive Framework for Securing Virtualized Data Centers

HP released a paper titled: A Comprehensive Framework for Securing Virtualized Data Centers. The paper which contains 8 pages addresses the following question: will moving to virtualization make security for the network easier or more difficult to achieve? And HP answers this question by referencing to their TippingPoint Intrusion prevention security solutions.

Tippingpoint comes from 3Com Corporation which HP acquired in November last year for $2.7 Billion, including the brands H3C, 3Com and Tippingpoint.

The paper tries to answer this question by covering the following topics:

  • Experiencing the virtualization wave, detailing the current state of virtualization used within companies.
  • Addressing virtualization security challenges, providing results of surveys on virtualization security.
  • Understanding the security hype, mentioning hypes like Hyper-jacking, VM Escape, VM Hopping, VM theft and VM sprawl.
  • Evaluating virtualization security, covering seperation of duties and by implementing trust zones.
  • Tackling the security challenge, by detailing how HP Tippingpoint Software can address the challenges mentioned earlier.

The HP TippingPoint secure virtualization framework delivers the following capabilities:

• Inspection of ingress and egress traffic with a purpose-built physical intrusion prevention system (IPS) platform

• Deployment of in-line inspection and automated threat blocking for protection from targeted hypervisor attacks

• Utilization of vulnerability shielding for zero-day protection of hypervisor and hosted workloads

• Implementation of options for virtual and physical IPS solutions to enable consistent polices, segmentation, and trust zones across both physical and virtual data center environments

• Digital Vaccine Labs (DV Labs) which is focused on conducting vulnerability research for data center virtualization tools and applications