April 8, 2014 marks the end of XP support…but you don’t have to worry!

Note: The following material is an unedited submission to The CyberJunlge by Invincea. Posted the week of Nov 25th, 2013

With the end of support comes a situation of “infinite zero-days” – meaning that flaws in the operating system uncovered by adversaries will never be addressed through hot-fixes or patching…whatever they find and exploit will put your company at risk. This reality is leaving companies around the world scrambling to upgrade to newer operating systems – but if you can’t make this happen, you don’t have to worry!

Invincea FreeSpace™ keeps all of your users safe – whether on XP or newer operating systems.

Invincea FreeSpace™ creates a secure virtual container around highly targeted web browsers, PDF readers and the Office suite – insulating your XP machines (and all of your machines) from exploits delivered through these primary attack vectors

Invincea’s approach of containing untrusted content changes patching and upgrades from a mission critical “fire-drill” to a “good hygiene” situation

Invincea’s capabilities are proven time and again in the wild to stop zero-days in their tracks – including IE ActiveX exploits and MS Office exploits – we’ve got you covered!

Expertise From F5 Networks

Do Business Applications Need Protecting In A Virtual [Machine] World?

[Ira's Take: In order to reduce IT costs, businesses and looking towards virtual machine deployments. This expert paper looks at some of the security issues to consider when moving to a virtual machine enviroment. Note: The paper was writen in the UK, and uses the Queen's English for spelling.]

Some industry experts have claimed that there are still business applications that should not run on virtualised servers. This is surprising as Gartner comments in its research note that “several interrelated trends are driving the movement toward decreased IT hardware assets, such as virtualisation, cloud-enabled services” but the adoption of virtualisation, though widespread according to multiple surveys, still comprises less than 40 per cent of all servers in the data centre today (CDW's Server Virtualisation Life Cycle Report, January 2010 and F5 Networks’ Trends in Enterprise Virtualisation Technologies, 2009).

The need for improved agility and the increasing cost and complexity of IT, has driven many businesses into swiftly adopting virtualisation technologies. While some virtualisation experts claim that virtualised computing environments are less secure than physical computing environments, others claim that virtualisation can enable better security.

Both claims can be correct, but in reality when information security controls are improperly implemented or neglected in virtual environments, real security risks are exposed. These are the potential pitfalls of virtualisation, but the good news is that they don’t have to stop the technology being implemented. Another growing trend alongside virtualisation is delivering applications via the cloud as this reduces cost and moves application headaches outside the business. However, this does not come without risk.

Essential protection

The benefits of virtualisation are obvious. But every technology implementation needs to be weighed up in terms of the potential challenges and benefits, and virtualisation is no different. Security administrators and those who manage virtualisation, predominantly server managers, need to understand phrases such as ‘hardened operating system,’ ‘walled garden,’ and ‘network segmentation’ in the one-box-for-one-application world, as well as prepare for the new threat arena for distributed and targeted attacks. The need to understand these threats only increases as more elements of the network become virtualised and convergence blurs the boundaries between storage and server networks.

To completely protect a virtual environment many questions need to be addressed, including:

• How current analysis, debugging, and forensics tools will adapt themselves to virtualisation?
• Which tools will be necessary for security administrators to master between all of the virtualisation platforms?
• How will patch management impact the virtual infrastructure for visitors, hosts, and management subsystems?
• Will new security tools, such as hardware virtualisation built into CPUs, help protect the hypervisor by moving it out of software?
• How will security best practices, such as no-exec stacks, make a difference once fully virtualised?

These are all questions that need to be addressed before the enterprise world moves full-on into virtualisation. More than anything, we should be thinking today about where virtualisation security will take us tomorrow. We all agree that virtualisation is here to stay, but those implementing need to make sure they stay ahead of the threats and think about virtualised threat vectors before attackers have already coded for them.

Optimising Virtual Infrastructures

In addition to security concerns, leveraging the optimisation capabilities of modern load balancers – or application delivery controllers - is another way of making virtual infrastructure more efficient, as it increases virtual machine density and cancels out the impact of virtualisation overhead on application capacity and performance. Given that almost every cloud provider utilises some form of modern load balancing solution and can easily enable these optimisation capabilities, it seems unlikely that the lack of virtualisation awareness in applications would be detrimental to cloud computing adoption in the long run.

In fact, the ability to leverage both traditional and virtual resources, thus combining the local data centre with cloud computing resources, would seem to be a bonus to businesses seeking to address capacity concerns without moving their entire infrastructure to an external entity. The ability to optimise through solutions required to implement a cloud computing infrastructure ensures that organisations moving to an internal cloud deployment are not forced to essentially “rip and replace” their entire infrastructure to support virtualisation-aware applications, but to leverage the virtual infrastructure and assist server managers with the challenges of a virtual world.