Virtual Infrastructure Security Assessment

View Datasheet  

 

Overview

According to a recent Information Week survey, only one in eight enterprises have a formal security or information protection strategy for their virtual infrastructure. You moved more servers to your virtual infrastructure but have you also increased your attack surface? What is your security strategy for virtual infrastructure?

Whether you are contemplating, implementing, or currently managing a virtual infrastructure, you are probably quite comfortable with the economic and architectural flexibility benefits from virtualization. However, are you confident in your approach to vulnerability, security and risk management? Was security part of the requirements when building your virtual infrastructure? Do you have proper policies and procedures to deal with rogue virtual servers, patch management, operating system separation and change control? Are you aware of technology best practice to secure your virtual infrastructure?

Benefits

Foundstone consultants can help you to identify and mitigate the risk to your virtual infrastructure by reviewing the people, process and technology surrounding the targeted virtual infrastructure, which pinpoints vulnerabilities, gaps with industry accepted best practices to the architecture, configuration, and ongoing management of corporate assets.

Methodology

Foundstone assesses your virtual infrastructure in the following four major phases:

Architecture and Design Review

Evaluate the virtual infrastructure and security practices in the architecture and design, specifically targeting separation of networks, hosts and virtual machines, and virtual infrastructure management design

Virtual Infrastructure Configuration Review

Assessment of the configurations of sampled virtual machines and the host against known industry best practices, and identify any insecure configuration associated with the deployed product

Virtual Infrastructure Security Testing

Test the security from the logical network, virtual server storage network and virtual infrastructure management network. The assessment defines your virtual infrastructure attack surface and the associated risk

Policy and Procedure Gap Analysis

Evaluate the gap of the current policies and procedures for virtual infrastructure against known best practices according to the ISO27001 security standard

Thought Leadership

Foundstone is at the forefront of virtualization security research and has published a number of whitepapers on the topic as well as presented at conferences and events across the country. Links are provided below to some of Foundstone's work in this area.

1. Virtualization & Risk White Paper
2. Virtualization & Risk Webcast
3. How Virtualization Affects PCI DSS Part I
4. How Virtualization Affects PCI DSS Part II

Contact us to learn more about this valuable service.

RFP Template

Foundstone has developed this Request for Proposal("RFP") template to help organizations identify and select a quality security vendor to perform professional services work.

> Download

home | services | company | education | resources | contact | privacy policy | site map | McAfee.com