April 9, 2014 By Vikash Abraham 2 min read

Optimum Cloud Security: Traffic Flowing between vSwitches Requires Monitoring

The cloud has been a major talking point for a couple of years now, and cloud security has become interesting material for gossip. We don’t need to dwell on the advantages of a cloud because we are all adept at the topic; however, the security aspect still remains something of a mystery.

It is often effective to deploy traditional security philosophies to new environments, and one of the “good” words we want more of in security is “visibility.” Whether by utilizing satellites to review national borders or installing video cameras in ATM kiosks, the idea is to have an “eye” watching over it all — with intelligence — to identify threats and mitigate them in time. A hacker focuses on finding the blind spots of the eye or disabling the eye itself.

The Blind Spot

Virtualization is one of the main components of the cloud. A virtual environment provides flexibility, allows optimization of the workloads running in the cloud and provides an essential benefit by detaching this workload from the underlying hardware. Virtualization can also be viewed as having invisible, miniature data centers that include virtual switches (vSwitches) and traffic that flows between these vSwitches. Being invisible to the physical eye, virtualization is a frequently ignored area within the cloud. Physical networks are monitored and have network protection solutions inspecting traffic; however, the traffic between vSwitches goes invisible, making it a sweet spot for hackers.

Why Is It a Risk?

In cloud environments, workloads and virtual machines (VMs) are working continuously to achieve optimal utilization or performance. This also means that infected workloads or VMs could be circulating. Therefore, logical network segmentation and security setting become imperative for cloud security. If one infected VM is communicating with another VM over the virtual layer, physical network protection solutions are not monitoring these communications and are consequently unable to disrupt the threats embedded within them. With the advanced persistent threat approach, attackers watch and wait for such opportunities.

How Do You Address It?

The answer is straightforward: Deploy that much-required visibility to monitor inter-vSwitch traffic as you would with other network traffic. There are different approaches to achieve this, one being to route inter-VM traffic through the physical network protection appliance already available on your network. This could be a tedious process, however, and could lead to a few performance concerns. A much more effective way of managing this would be to use a virtual appliance that sits on the virtual layer and is able to monitor and prevent threats within inter-vSwitch traffic and to provide logical network segmentation security settings.

More from Cloud Security

Risk, reward and reality: Has enterprise perception of the public cloud changed?

4 min read - Public clouds now form the bulk of enterprise IT environments. According to 2024 Statista data, 73% of enterprises use a hybrid cloud model, 14% use multiple public clouds and 10% use a single public cloud solution. Multiple and single private clouds make up the remaining 3%.With enterprises historically reticent to adopt public clouds, adoption data seems to indicate a shift in perception. Perhaps enterprise efforts have finally moved away from reducing risk to prioritizing the potential rewards of public cloud…

AI-driven compliance: The key to cloud security

3 min read - The growth of cloud computing continues unabated, but it has also created security challenges. The acceleration of cloud adoption has created greater complexity, with limited cloud technical expertise available in the market, an explosion in connected and Internet of Things (IoT) devices and a growing need for multi-cloud environments. When organizations migrate to the cloud, there is a likelihood of data security problems given that many applications are not secure by design. When these applications migrate to cloud-native systems, mistakes in configuration…

New cybersecurity sheets from CISA and NSA: An overview

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) have recently released new CSI (Cybersecurity Information) sheets aimed at providing information and guidelines to organizations on how to effectively secure their cloud environments.This new release includes a total of five CSI sheets, covering various aspects of cloud security such as threat mitigation, identity and access management, network security and more. Here's our overview of the new CSI sheets, what they address and the key takeaways from each.Implementing…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today