IT security vendor Symantec Corp. and Intel Corp. are collaborating to bring the benefits of virtualization technology to desktop security, executives from the two companies announced at the Intel Developer Forum in San Francisco.
Symantec will release, next year, a new intrusion prevention system (IPS) called Virtual Security Solution, which is installed on a virtual machine running on PCs with Intel vPro technology.
Computers equipped with vPro technology, and loaded with Intel’s Core 2 Duo processor, use hypervisor to create a virtual machine running alongside the host operating system, explained Leo Cohen, vice-president and fellow at Symantec’s security technology group.
“Think about it as an IPS network appliance,” he said. “Then using Intel’s vPro technology, we have created a virtual appliance completely isolated within the same machine; it’s an isolated partition created by hypervisor that separates memory and other system resources to allow that security solution to function within that machine.”
By taking the intrusion prevention system and running it on a virtualized environment, security controls become independent of the operating environment and less vulnerable to targeted attacks aimed at weakening or disabling security controls in an operating system, said Cohen.
Virtualized IPS acts as a filter scanning network traffic for known vulnerabilities and virus signatures and blocks them from the virtual machine level before they reach the physical operating environment, he said.
Typically, security software such as Symantec’s anti-virus product resides in the host operating system on the desktop. The security controls’ ability to protect the desktop system depends on the strength of the operating system hosting it, the Symantec executive said.
The Virtual Security Solution will enable IT to keep vital security processes isolated from potential problems with the main operating system, giving IT managers better control of endpoint security.
Malicious disabling or reconfiguring of security safeguards are becoming more prevalent among targeted attacks, said Gregory Bryant, general manager, digital office platform at Intel.
Dubbed “wave-based” attacks, these offences are conducted in two stages, explained Bryant: the first wave focuses on finding and disabling the system’s security controls; the second wave does the actual damage on a weakened machine.
A recent survey of Canadian IT security managers and personnel revealed that between 63 per cent and 79 per cent are concerned about the disabling or misconfiguring of security systems by hackers and Trojans, by employees or by operating system and application patches. The survey was conducted by Applied Research West Inc. for Symantec.
In addition, an average PC user is affected by disabled or misconfigured security safeguard about 12 times per year, and it takes IT roughly seven hours to fix each affected system.
Disabling and reconfiguring of security safeguards could be either intentional or unintentional. While malicious hackers and Trojans may be responsible for exploits aimed at weakening system defences, so are employees.
According to the report, IT managers’ concern about employees disabling system defences is rising among 27 per cent of Canadian respondents. The number is higher for their U.S. counterparts, where 48 per cent of American IT managers say concern about disabling or reconfiguring of security systems by employees is increasing.
Dennis Morgan, senior Intel IT security specialist, however, said in cases involving disabling security controls, who or what is causing it is usually not the main concern.
“From an IT perspective, I’m not concerned about who is coming after us – whether it’s hacker or employee coming after the security control – I’m just worried about something coming after the security controls and disabling it,” said Morgan.
To protect against this type of threat, companies are currently deploying multi-layered security solutions, imposing strict behaviour policies to limit user actions or user account controls, and deploying external security appliances, the report stated.
“[These results] bring a strong case for a new and innovative approach to security,” said Symantec’s Cohen. “By moving security outside of the user operating environment, out of harm’s way, a more robust and tamper-resistant solution is achieved.”
Forty-seven per cent of Canadian survey respondents expressed interest in deploying a “virtual security solution”, the survey said. U.S. respondents showed more willingness with 79 per cent showing interest in virtual security tools.
Virtual security capability forms part of what the Intel Core micro-architecture strategy offers in the area of security management, said Intel’s Bryant. Another feature of the platform is the Intel Active Management Technology, which allows IT to remotely and centrally manage multiple desktop and notebook systems across the enterprise, he said.
He said another challenge facing some IT managers is having to patch hundreds of thousands of enterprise systems as quickly as possible if there is a significant vulnerability. “We are also working to solve those problems in hardware.”