What is security virtualization?
What is security virtualization?
Virtualization is the process of running multiple virtual instances of a device on a single physical hardware resource. Security virtualization is the process, procedure and policy that ensures that the virtualized hardware infrastructure is secure and protected.
Problems Security Virtualization Addresses
Virtualization centralizes administrative tasks while improving scalability and workloads, and leads to the consolidation of network infrastructure, lower OPEX, and ease of management. However, virtualization also introduces security challenges that physical security systems cannot adequately protect against:
- File sharing between hosts and guests is not secure.
- Isolation between components such as guest OSs and applications, hypervisors, hardware are weakened.
- Multiple servers are consolidated which increases the risk that a compromise may spread from applications on the same host.
- For intrusion prevention systems (IPS), malware targeted for physical and virtual machines causes infection via the virtual network. Other security threats include unauthorized access, denial of service, and exploits.
Many organizations do not realize that using their existing legacy security solutions can expose them to these types of attacks and data loss.
What Can You Do with Security Virtualization?
Security virtualization acts as a barrier to secure perimeter access to a network. It provides dedicated security services and assured traffic isolation within the cloud, along with customizable firewall controls as an additional managed service. Enterprises and service providers can leverage their virtualization investment to create a granular security perimeter, giving dedicated security resources within a cloud construct to tenants and service subscribers.
How Does Security Virtualization Work?
A virtualization system consists of a host operating system, a hypervisor, and a guest operating system. The host is the underlying hardware of the virtualization system that provides computing resources (physical interface cards, CPUs, memory, management ports, operating system, third-party software, hypervisor). All this enables the host to contain one or more Virtual Machines (or partitions) and share physical resources with them.
Juniper Networks Implementation
The vSRX Services Gateway is a stateful firewall that integrates with a hypervisor at the kernel and inspects and secures traffic at the virtual layer. The vSRX allows administrators to provision and scale firewall protection to meet the needs of virtualized and cloud environments.
The vSRX brings the Junos operating system to x86-based virtualization environments, and includes network firewall, IPS, and VPN technologies, next-generation firewall technologies that include Layer 7 application control, availability, traffic flow optimization, web filtering, antivirus, anti-spam, and network access control enforcement. The vSRX can be used in the same way as a physical appliance and supports the Juniper Networks Contrail product, OpenContrail, Network Functions Virtualization (NFV) use cases, and third-party SDN solutions.