Virtual Infrastructure Security Assessment

Strengthen your virtual infrastructure and comply with industry best practices

Next Steps:


According to a recent InformationWeek survey, only one in eight enterprises have a formal security or information protection strategy for their virtual infrastructure. When you moved more servers to your virtual infrastructure did you also increase your attack surface? What is your security strategy for your virtual infrastructure?

Whether you are contemplating, implementing, or currently managing a virtual infrastructure, you are probably quite comfortable with the economic and architectural flexibility benefits from virtualization. However, are you confident in your approach to vulnerability, security, and risk management? Was security part of the requirement when building your virtual infrastructure? Do you have proper policies and procedures to deal with rogue virtual servers, patch management, operating system separation, and change control? Are you aware of technology best practices to secure your virtual infrastructure?

Key Benefits

  • Identify and mitigate virtual infrastructure risks
    Foundstone reviews the people, process, and technology surrounding the targeted virtual infrastructure. Uncover vulnerabilities and gaps with industry accepted best practices to the architecture, configuration, and ongoing management of corporate assets.
  • Get next step recommendations
    The Virtual Infrastructure Security Assessment engagement includes a Comprehensive Security Assessment Technical Report, an Executive Summary, and a half-day presentation and results review workshop.


Foundstone assesses your virtual infrastructure in the following four major phases:

  • Architecture and design review
    Evaluate the virtual infrastructure and security practices in the architecture and design, specifically targeting separation of networks, hosts and virtual machines, and virtual infrastructure management design.
  • Virtual infrastructure configuration review
    Assess the configurations of sampled virtual machines and the host against known industry best practices, and identify any insecure configuration associated with the deployed product.
  • Virtual infrastructure security testing
    Test the security from the logical network, virtual server storage network, and virtual infrastructure management network. The assessment defines your virtual infrastructure attack surface and the associated risk.
  • Policy and procedure gap analysis
    Evaluate the gap of current policies and procedures for virtual infrastructure against known best practices, according to the ISO 27001 / 27002 security standard.