VMware Vulnerability
If the threat landscape wasn’t challenging enough, CrowdStrike reports that cybersecurity researchers are highlighting a surge in Ransomware-as-a-Service (RaaS) attacks targeting VMware ESXi vSphere hypervisors, typically under-secured assets running virtual machines. What exacerbates this trend and issue is the fact that ESXi is a very popular and widely used virtualization platform that does not support 3rd party agents or antivirus software.
The wide-spread accessibility of RaaS platforms as well as known vulnerabilities in the VMware environment equips threat actors with all the necessary tools for a ransomware attack primarily through credential theft and virtual machine access.
CrowdStrike recommends that organizations running VMware ESXi hypervisors must update systems, harden servers, and strengthen configurations. Beyond these recommendations to secure ESXi, we believe that IT organizations must implement a comprehensive security strategy that not only protects their cloud infrastructure, but also delivers visibility and protection for VMs and inter-VM traffic.
Microsegmentation for Cloud Protection
Security in the cloud is a major challenge, with workloads and data potentially sitting exposed due to lack of visibility and controls in a dynamic and elastic environment. And given that VMware is the ubiquitous vendor in most of these virtual deployments, it’s no wonder it’s a ripe target.
Hillstone’s CloudHive Microsegmentation solution addresses gaps in cloud security and delivers the protection needed to secure a VMware ESXi environment and its associated VMs. Here’s how:
- CloudHive provides micro-segmentation for inter-VM or inter-network communication. East-West traffic is secured with L2-L7 security services, including firewall features such as policy control and session limits, advanced security features such as Intrusion Prevention, System (IPS), Antivirus and Attack Defense (AD), as well as fine-grained application control. These capabilities come with minimal performance impact.
- CloudHive delivers deep visibility and insights into all north-south as well as east-west traffic in the virtualized network.
- CloudHive is ESXi hypervisor-aware and sits deep in the virtual environment, protecting traffic across virtual resources as they are deployed, scaled up or down, and migrated across the infrastructure.
- CloudHive provides network performance management from a business point of view due to the complexity of business systems and services in cloud environments. CloudHive automatically discovers and defines service dependencies both within and external to the datacenter and establishes references across the services of a given business, delivering complete monitoring of service chains in terms of service quality, network quality and computing resources. It also provides rapid troubleshooting capability with advanced data analysis.
The first step is to harden the VMware environment, the second is to leverage the Hillstone integrative security solutions to ensure effective iron-clad protection of the entire virtualized environment, from application services to the infrastructure.