Home » Topics » Cybersecurity » IBM sounds virtual warning

IBM sounds virtual warning

by Brigette Bard

A leading IT security expert has spoken out to dispel the idea that virtualised environments are inherently more secure than conventional IT systems. In fact, says the direct or of IBM Internet Security Systems X-Force research group, Kris Lamb, virtualised environments pose unique threats to the corporate IT security, and risk of such threats being exploited is growing as an increasing number of flaws are surfacing in products from market leading vendors such as VMware.

In a blog posted on Friday, Lamb notes that due to the growing popularity of virtualisation “vulnerability discovery energies have increasingly focussed on finding ways of to exploit virtualisation technologies.” This increased effort is being rewarded by the discovery of an increasing number of vulnerabilities in virtualisation products, including those of the market leader, VMware.

According to Lamb, since 1999 of the 100 vulnerabilities that have been discovered in VMware products and associated third-party products and components the majority – 62% – have been found in third-party code. However, 72% of these vulnerabilities (of which 46% are regarded as high-risk) have been discovered in the last two years and this year, for the first time, the majority have been found in VMware’s first-party code.

Lamb’s X-Force team has not attempted to collect similar data on virtualisation products from other vendors, and it is not suggested that VMware’s products are any less secure than of its competitors. However, Lamb argues that the growing incidence of vulnerabilities associated with virtualisation technology poses a worrying extra dimension to the IT security challenge.

In particular, he says, the potential risk posed by new threats such as virtual rootkits is magnified by the fact that “all your exploitation risks are now consolidated into one physical target where exploiting one system could potentially allow access [to] and control of multiple systems.”

“Virtualisation does not equal security” said Lamb, who also called on virtualisation software vendors to work more closely with security technology vendors to build safeguards into their virtualised environments.

Further reading

Survey reveals virtualisation fears

Related Topics

Related Stories

Cybersecurity

How AI will shift the security landscape in 2024

The impact of AI within cybersecurity is expected to grow significantly this year, says Alex Holland, senior malware analyst at HP

AI & Machine Learning

NCSC releases guidelines for secure AI development

New guidance from the National Cyber Security Centre (NCSC) aims to help businesses securely innovate with AI and minimise risks

Cybersecurity

3 cybersecurity compliance challenges and how to address them

Earning those trust seals can strengthen relationships with board members and prospective customers, but it sure isn’t easy.

Cybersecurity

70% of UK firms reported cyber insurance changes in past year

According to research from Databarracks, seven in 10 UK businesses have seen changes to their cyber insurance in the past 12 months, as requirements rise