Virtualized Network Security Management (vNSM)

This is a term that I’ve been throwing around for a while now so I thought I’d take the time to define it for everyone.

Virtualized Network Security Management (vNSM)
The extension of existing Network Security Management (NSM) policies and procedures to include “virtualized” deployments. This includes, but is not limited to, the collection, correlation, and normalization of:

  • logs (e.g authentication, authorization, status, etc.) generated by “virtualized” hosts (e.g. servers, workstations, etc.)
  • logs generated by non-security related applications (e.g. mail server, web server, etc.) installed on “virtualized” hosts
  • logs generated by security related applications (e.g. firewall messages, anti-virus alerts, rootkit installation prevented, etc.) installed on “virtualized” hosts
  • logs (e.g authentication, authorization, status, etc.) generated by “virtualized” network components (e.g. virtual switches, virtual hubs, etc.)
  • network flows (e.g. NetFlow) generated by “virtualized” network components
  • expected, anomalous, or malicious network communications to/from/between “virtualized” hosts (e.g. web server communicating with “virtualized” database, “virtualized” workstation retrieving file from “virtualized” FTP server, etc.)
  • logs generated from the operation of the host virtualization platform

I may expand on, or refine, this definition in the future but I wanted to make sure I had my ideas down on “paper” before I lost them.

Scroll to top