Good article on Incident Response in a Virtualized Environment – summary:
In my experience, this rush to a virtualized data center assumes that either existing controls are enough or that – for some unexplainable reason – virtualized servers are isolated from common attack vectors and therefore more secure. Although this increase does not correlate to an increase in disclosed virtualization vulnerabilities, as shown in Figure 1, the overall increase of vulnerabilities does track with the increase in growth of virtualization as a strategic technology. It also indicates that the increase in the number of virtualized servers increases the attack surface for those attackers focusing on the hypervisor as a high-value breach target.