The trade press picked up two of the three with extensive coverage of Litchfield’s announcement estimating 500k vulnerable databases exposed to the internet without protection. Talk about a hacker or bot paradise; you get a massive available server network and access to a wealth of privileged data.
The second item was Oracle’s announcement that they were throwing their hat in the virtualization ring. Vulnerable databases now designing in a virtualization layer: talk about a one-two punch that should grab security pro attention. And what has Xen contributed to the virtsec discussion or roadmap?
The icing came via a recent ten minute podcast featuring EMC VP Chuck Hollis about the need for security to be part of the virtualization discussion. While I featured this earlier at Archimedius I thought the timing of these three developments makes for an ominous potential trend in data center security, where a rush to virtualize magnifies the population of existing remote vulnerabilities (OS, database, etc) facing the internet.
I blogged about the existing virtsec challenges earlier as well, without introducing the specter of “percolating” databases moving around on a blade backplane, interracting with other software. For those of you who think creating partitions based on policies are a good idea, read “Virtsec in the Trenches”.
Now the virtsec notice has been served to the database security appliance vendors. Database security will now inevitably join the virtsec discussion.