Networked computing environments, such as cloud computing environments, are typically comprised of many computing nodes. Virtual machines (VMs), which are software-based emulations of computer systems, are often used in such environments as they provide efficiencies, cost savings, and scalability on account of their hardware-agnostic nature and ability to be deployed, operated, and managed in a centralized fashion.
An attack on a given computing node in a networked computing environment can present a broader threat to other computing nodes and resources that are part of that computing environment. For example, if a particular VM server is attacked and compromised in a multi-tenant cloud environment, other VMs and resources hosted on one or more of the same physical computer systems may be compromised, the hypervisor managing the compromised VM server may be compromised, or even an entire data center may be compromised.
Existing security solutions tend to focus on leveraging cloud scalability, such as parallel image run-time comparison, parallel input/output comparison, and image deviations from templates. Other emerging solutions relate to migrating virtual machines in response to an attack. For example, U.S. Patent Application Publication No. 2014/0053226 A1 to Fadida et al. (hereafter “Fadida”) discloses a security coordinator that can notify active VMs in a virtualization environment that a potential attack has occurred on the virtualization environment, causing other actions to take place, such as migrating those active VMs to different environments and/or locations and changing security levels.
However, existing solutions do not adequately and proactively address the risks of potential breaches to VMs that reside in the same logical neighborhood as a VM affected by a detected threat.