The legacy of the VENOM security flaw sheds light on an important challenge for modern IT security. Most individuals simply take for granted how massively huge the IT industry has become. There are now gargantuan data center complexes and millions of servers, spread all across the globe.
Virtualization has amplified IT sprawl at an exponential rate, meaning infinitely more points of entry into hardware running VMs.
None of this happened overnight and along the way IT has created a lot of technical debt. Meaning far more exposed touch points, of which, managing and tracking has become increasingly more challenging.
In popular hypervisor technologies, such as Xen and KVM--a vulnerability allowing attackers to jump the VM is a massive IT security risk unless properly patched. Xen and KVM have been in use for over a decade; well before cloud computing became popular.
The big question is do organizations know where all their Xen or KVM instances are running and IF they've been properly patched?
In a recent article posted on Infosecurity Magazine, RiskIQ CEO Elias Manousos, delves into the incident and asks some important questions for CISOs.