Today, nearly all companies realize the importance of protecting their physical computers and servers with In the IT world, urgencies and emergencies always take priority. A typical day in the life of an enterprise IT department includes a panoply of activities ranging from security maintenance to responding to a cyber attack. And, naturally, as high-priority items get all the attention, other concerns may end up falling by the wayside—like making sure that the growing number of offline virtual environments created as backups for disaster recovery or by research and development (R&D) teams for application development and testing are fully secured with the latest malware updates before they’re brought back online into production.

But when the time comes to go live with a previously stored virtual environment, IT faces a moment of truth. If virtual images that have been stored for months or years lack the appropriate anti-malware signature updates as they are brought back online, there's a risk of infecting not just the new production environment, but also the entire network, potentially jeopardizing business continuity. This is crucial because the vulnerability window occurs before the anti-virus software within that image boots up and does its job. A low priority quickly jumps to the top of the list. But the question that no doubt troubles the minds of most IT professionals is: how can offline virtual images get updated with the latest malware protection before they go live? Of course, the best way to mitigate risk is to keep the images clean and updated all the time.

Offline VM Sprawl—for Good Reason
As Malav Patel suggests in his article, the proliferation of virtual machines (VMs) has spawned what he calls “VM sprawl.” He points out that VMs are easy and economical to deploy: often it takes just 15 minutes to bring up a new application. Consequently, engineers and IT teams tend to create lots of them for testing and backup. In some instances, offline images are archived and may not be brought back online for six months, a year, or even three years.

Many organizations don’t have a good handle on where the virtual environments are and how many there are. They may be residing on storage devices in the data center, on a software engineer’s desktop, or in R&D environments on a network that is segregated from the main enterprise network infrastructure. Engineers often use virtual images on a different part of the network so that they can isolate them from the rest of the network while they work on software application development, quality assurance, and testing.

To ensure the security of offline virtual images when they do go into production, organizations first need to track where the offline images are. The next step is to make sure the images are clean and have updated anti-virus .DAT signature files, so that these images don’t pose any risk to the network. But before we look at how this can be achieved, let’s examine some typical scenarios where offline virtual images are used and why it’s so important to secure them.

1. Disaster recovery
The topic of disaster recovery can easily fill an encyclopedia. Here we're focusing on just a small slice—how enterprises use virtualized environments for disaster recovery. Virtualization is a great convenience in this scenario because it allows you to capture a snapshot of an application environment or production environment—say a mission-critical business application running on a server for backup purposes. Stored in the form of files, these snapshots are brought online very quickly to replace and restore the damaged production environment. While it’s offline, an image generally resides on a separate network or on shared storage. It's not uncommon for enterprises to accumulate hundreds or even thousands of these virtual image files as backups. When a disaster does occur, these offline backups are brought online, so it's critical to keep the images up to date with the latest .DAT files to ensure a malware-free production environment.

2. Pre-production
A pre-production environment is where applications are tested on specific operating systems to make sure everything is running smoothly before they are moved to a live production environment. IT professionals engaged in this type of activity might have different combinations of application versions on different combinations of operating systems being tested. Before they take the application out to users, they are testing it to make sure that nothing breaks.

They use virtualization technology to create images, so that they can go back to an earlier version that worked. So the ability to go back to an earlier version is critical. When they do testing, they may, for example, deploy a security patch, and in the process of doing this, something may break, so they do a roll-back to an earlier version that works fine with their business processes while they work on fixing the problem. The roll-back is facilitated by virtualization because they can take a snapshot and use the image to do the roll-back in a product. As in the disaster recovery scenario, because one of these images will eventually go live, the images need to be clean and secure.

3. R&D, quality assurance, and testing
In this situation, the development engineer is either developing a new application or the next version of an existing product. Let's assume that one of the requirements is compatibility with older versions of an operating system. Although the developer's role does not involve doing regression testing or quality assurance, he may want to do some basic testing to make sure the application works well on different platforms or different operating systems.

In the old world, if an engineer wanted to test an application on older but supported versions of an operating system, he would have to set up separate machines, each running one of the operating systems. Thanks to virtualization, he can now run multiple operating systems and multiple environments on the same box. Eventually, one of the virtual environments the engineer has created will end up as the final, approved application, though it may take as much as six months to a year.

At the quality assurance (QA) stage of the software development process, the basic process is similar. The QA department tests the compatibility of the application with third-party products and different combinations of operating systems and creates hundreds of virtual images in the process. Once again, for obvious reasons, IT needs to concern itself with the security of an application that will, at some point, be used in a working environment.

4. Supporting a globalized guest workforce
The IT world is probably more globalized than any other industry. Contractors, remote workers, and offshore employees commonly access the corporate network with their own machines to work on software development, testing, quality assurance, and marketing projects. With virtualization, you can sandbox a guest worker's environment by creating a snapshot assigned specifically to that individual and mandate that the guest worker use that particular virtual image. If you have a great many guest workers working on various projects in different departments (for example, marketing, IT, PR) you can store their unique virtual images until the guest workers are ready to sign in and roll up their sleeves. In some instances, the work may be short-term or occasional (three or six months out of the year), so these images can be offline for quite a while. Again, because the guest worker will eventually end up on the corporate network, securing these images from a malware protection perspective should be a priority.

McAfee Rises to the Occasion
Busy IT organizations have not paid adequate attention to keeping offline images protected from the latest malware because it is often cumbersome and is a lower priority. Why? One of the main reasons is that up until now, there has not been a satisfactory solution. McAfee® has stepped into the forefront with its recently announced McAfee VirusScan Enterprise (VSE) for Offline Virtual Images. No other security vendor offers anything like it. With multi-platform support for major virtualization vendors, VSE for Offline Virtual Images is a separate product that leverages all the enhancements in the next version of our flagship McAfee VirusScan Enterprise product.

One of the key benefits of VSE for Offline Virtual Images is that it doesn't have to wake up the stored images. The images can remain offline. That way, they can be updated with the latest .DAT signature files before they go live, ensuring a risk-free send-off to the production environment. Plus, updates can be scheduled on a regular basis to suit your workflow and security needs.

Another big benefit is that VSE for Offline Virtual Images can be managed through its own console and through McAfee ePolicy Orchestrator®, our central security management platform for all of your security solutions. By adding VSE for Offline Virtual Images to your existing ePO infrastructure, you can leverage your investment and manage your stored virtual images as well.

The bottom line is that IT can now make securing offline virtual images a priority because they can configure it and forget about it. For more a more in-depth look at the business issues associated with securing offline virtual images, see Malav Patel’s article in this issue of McAfee Security Insights.