Catbird vsecurity : Securing the virtual data center
|
|
- Mariah Matthews
- 8 years ago
- Views:
Transcription
1 Catbird vsecurity : Securing the virtual data center Catbird Networks All rights reserved.
2 Catbird vsecurity: Securing the Virtual Data Center Tamar Newberger, Michael Berman Catbird Scotts Valley, CA EXECUTIVE SUMMARY Virtualization is revolutionizing the data center. With promises of significant cost savings, reduced power consumption and flexible capacity planning, it s no wonder that IT is eager to move virtualized systems from the lab into production. IT managers are responsible for transforming this virtualized data center into a nimble and automated environment that enables their organization to exploit these opportunities. Yet, IT security and compliance can appear to be significant roadblocks to this vision. The impact and force of virtualization are running head-on into the complexity of security and compliance. Indeed, many virtualization projects run into unexpected problems and expense because of a lack of understanding of the requirements for business continuity, integrity and data protection in a virtualized data center. These issues may unnecessarily result in a partial or a complete failure of the virtual data center project. This is unfortunate for many reasons, but most notably because virtualization actually has the power to make virtualized environments even more secure than their physical counterparts. This paper will describe what security gaps are introduced in the move from physical to virtual infrastructure, specifically where security, compliance and audit is concerned. Specific topics to be covered include: loss of visibility, separation of duties and secondary controls on the virtual network; virtual machine mobility and its effect on security; network segmentation in a virtual context; how to update security best-practices to protect virtual infrastructure; and the approach taken by Catbird to monitor, manage and protect virtualized data centers so that they can deliver on their promise. Security in the Virtual Data Center Catbird, Inc Page 2
3 Background Computer virtualization is the consolidation of many physical machines into virtual machines - known as guests - onto one or more physical host systems. The host runs a specialized application or operating system called a hypervisor, which manages the virtual operating system. In a virtualized environment dozens or even hundreds of guest operating systems or virtual machines - may be running simultaneously under one hypervisor. Applications on each virtual machine commonly interoperate with each other via a virtual network, which may include virtual routers and switches (see Figure 1). These virtual networks run inside the physical host, handling traffic which is invisible to anything outside of that host. Figure 1: Typical configuration Administrators manage virtual machines with the same flexibility one typically applies to a simple file. Virtual platform administrators can create and delete, clone, share, move and even roll back the execution state of a virtual machine. While enormously useful, such dynamic configurations are a challenge to data center security, which assumes predictability of monitored systems, a relatively static environment and role-based administration. These next sections will elaborate on the specific change dimensions of virtualized infrastructure that can adversely affect security and how virtualized data centers can mitigate the potential risks. These dimensions are outlined in Table 1. Table 1: Change Dimensions and Effects Change Effect Risk Solution Hypervisor Adds new operating system and infrastructure layers Denial of service, anonymous access, data theft, fraud Monitor configuration and VM states to enforce secure configuration Virtual Networks Virtual Administrator Servers are files Flattens infrastructure and networks; blinds nonvirtualized tools Collapses roles and increases privilege of administrators Increases transience, enables VM mobility, and increased frequency of change within the data center Unauthorize d access, anonymous access, denial of service Escalation of privilege, abuse of privilege, fraud Denial of service, data or intellectual property theft, unauthorized access, fraud 1) Hypervisor: A New Threat Surface The hypervisor presents a new target for attacks. Since all virtual machines depend on the hypervisor to manage virtual processes, the hypervisor is a single point of failure for the entire virtual infrastructure. The hypervisor and virtual machine monitor comprise a new software layer in the application delivery stack. These applications are not immune to defects or vulnerabilities: risks exist from MMU, driver, management, direct I/O and API based attack vectors. Audit and enforce data protection for network layers 2 7 Enforce compensatin g controls via hypervisor and network APIs Provide dynamic protection and controls to protect data: policy based security follows the virtual machines Security in the Virtual Data Center Catbird, Inc Page 3
4 The hypervisor attack surface consists of the following access methods: 1. Direct console access to the hypervisor user interface (CLI). This requires physical access to the hypervisor host. 2. Network access to the hypervisor UI. This is accomplished via virtual network (VM to hypervisor) or non-virtualized network access to the host interface 3. Virtual machine break out. This is a subversion of the hypervisor through manipulation of the shared memory or via the hooks required to run the VM. Malicious network access is the most critical risk factor, as it represents both the highest probability of attack and the highest cost incurred from a successful attack. 1 Example risks: Virtual network access or attack from compromised or misused virtual machine (see Figure 2) Human error and improper configuration of the virtualization environment by an authorized user or unauthorized access by a malicious user. (see Figure 3) Figure 2: VM attacks hypervisor For example, an infected virtual machine can launch a DOS attack against the hypervisor. This virtualized attack is invisible to a non-virtualized security device. Figure 3: Unauthorized use Security in the Virtual Data Center Catbird, Inc Page 4
5 Catbird Mitigation Continuous validation of the hypervisor configuration and environment is required to assure the integrity of the hypervisor and the security of the virtual machines. Monitoring must include oversight and visibility into the virtual administrator activities. Catbird delivers 24x7, automated and continuous validation of the hypervisor environment required to assure the integrity of the hypervisor management network and the security of the virtual machines. Catbird monitoring includes oversight and visibility into the virtual administrator activities. Catbird also implements dual controls for privileged activities and for administrative override. Catbird vsecurity delivers effective oversight on operations personnel as well. 2) The Old Threat Surface, Newly-Concealed: New, Invisible Virtual Networks Virtual machines continue to have same attack surface as the physical systems that they replace. For example, an unpatched Windows Server 2003 will have approximately 202 remotely executable exploits. 2 While this basic threat surface is unchanged, virtualization increases the risk from a malicious insider due to the lack of visibility into the virtual environment unobserved emboldening. 3 Non-virtualized security technology is simply unable to validate the virtual environment. This gap in security coverage creates an opportunity for unobserved activities and misconfiguration of networks. This observation failure dramatically increases the likelihood of an abuse occurring or a misconfiguration remaining undetected for a prolonged period. Inside the hypervisor, the virtual network is a collection of I/O channels within the memory backplane of the host. It is not possible to install the usual security tools - non-virtualized firewall, network intrusion prevention systems (IPS) or vulnerability monitoring systems - into the hypervisor s backplane. Like the Agents in the Matrix 4, if you want to secure the virtual world, you have to be in the virtual world, and able to run security software within it. This requires virtualized versions of IPS, vulnerability monitoring, network access control and other security technologies. Just as a compromised hypervisor would allow an attacker to manipulate any of the virtual machine guests on the host without detection, a malicious virtual center administrator may manipulate the virtual environment unobserved and with complete impunity. This is one of the most fundamental risks of virtualization. Network segmentation, a common practice in the physical world, is often absent in enterprise-class virtual data centers. Some security-aware administrators have wisely separated the hypervisor management network from the rest of the guest machines, but often there is no distinction on the virtual network between machines of different trust zones, scope, policies, etc. Even where different subnets have been configured in an effort to model a physically segmented network, there is no built-in enforcement when a machine migrates to an unauthorized place. This risks a publicly facing, low-security virtual machine easily bridging onto the most sensitive of private networks. Catbird Mitigation Catbird delivers virtual machine data protection through a non-invasive, independent system of controls within the virtual infrastructure itself. Catbird validates the configuration of the hypervisor environment to detect and prevent a breach in network segmentation, including monitoring of the virtual switch and the virtual machines. Catbird monitoring includes the classic security tools that any physical environment would need: a secure baseline, vulnerability management, change control, network admission control, intrusion detection and prevention, enforced via network and acceptable use policies. Catbird TrustZones delivers the technical controls to detect and prevent unauthorized traffic within the virtualized network backplane. A TrustZone is a logical grouping of virtual assets, independent of physical host, with a policy envelope associated with each group. TrustZones leapfrog virtual firewalls by providing network segmentation that complements the new architecture of virtualization. Zones can span hosts and clusters, enforcing a policy that follows virtual machines through mobility, and includes detailed audit trails. Catbird monitors and enforces the defined TrustZones policy, preventing unauthorized guests Security in the Virtual Data Center Catbird, Inc Page 5
6 from joining networks for which they are not privileged. 3) Collapse of Roles; Loss of Separation of Duties and Least-privileges What is fundamentally new in the move from P to V is the collapsing of roles. In the physical data center, implicit separation of duties and change controls would prevent most accidental or malicious activities. Think of the people and paper required to routinely set up a new server in a well-run data center. There are the procurement people, the network people, the data center floor managers, the operations people and perhaps even a security manager. If any one of them makes an inadvertent error, the likelihood is another would catch it before it became an exploitable issue. By contrast, the virtualized data center allows one operator to control the system, network and security infrastructure completely. The virtual administrator combines most, if not all, of the privileges of a domain administrator, root user, network and security operations. This collapses operational roles, reduces Separation of Duties (SoD) and vastly increases the risks of escalation of privilege and abuse of privilege. A single administrator has all of the keys to the kingdom. This collapse of process protection may allow an administrator to compromise virtual guests and their data. At the very least, there is a high likelihood that this operator will make a common mistake which can put the environment at risk. More alarming is the fact that malicious administrators may decrypt network traffic 5, snapshot data or systems, or even peek into physical memory covertly with little fear of detection. Combined with a lack of surveillance of the virtual environment, this would not only allow but may embolden a rogue administrator to do irreparable damage. Secondary or Backup controls Most security vulnerabilities happen not from malicious hackers but from inadvertent human error. Standard practice on physical networks in regulated data centers mandate automated tools (often built into system software) to monitor for such error, essentially functioning as belt and suspenders. These secondary and backup controls essential to compliance - are absent in virtualization platforms. Network controls to prevent unauthorized or anonymous access do not exist. Dual controls to prevent abuse of privilege do not exist. Automation to ensure secure life-cycle and strict change controls do not exist. Insecure or unauthorized hypervisor configuration negates secondary controls. Together, these omissions compound each other, leading to weaknesses easily exploited. Catbird Mitigation Catbird addresses the challenges brought on by the new virtual administrator. Catbird delivers controls over the virtual administrator, compensating for SoD, audit and least-privilege principles affected by virtualization. Catbird implements common controls for network policy and virtual platform administration. Catbird supports access controls to enforce authority, and includes features to separate roles and organize proper virtual network segmentation for policy containment and enforcement. 4) Loss of Change Management As Servers Become Files Virtualization includes the capability of cloning existing guest systems, downloading guest images and creating guest images with very few keystrokes and within minutes. The ability to provision entire systems quickly and easily is of huge benefit to business users. Most organizations have an established protocol for data center servers. Different protocols are applied to machines with different tasks or policies. In the physical world, it is relatively straightforward to ensure that new machines added to a data center adhere to the configuration policies assigned to that group and that they be introduced in a controlled and coordinated manner. In current virtualized data centers, this process is completely circumvented by the extended powers of the virtual infrastructure administrator and the lack of cooperation between the operations and security teams in the initial deployment of virtual systems. A symptom of the loss in change of controls is Virtual Sprawl. Virtual sprawl is a term used to describe the inflationary growth in the number of operating system instances installed in a virtual infrastructure. Creation of a new virtual machine on most hypervisors is as easy as a few mouse clicks. Without good reason or approval, virtual infrastructure administrators can instantly create new machines or clone existing machines. The total Security in the Virtual Data Center Catbird, Inc Page 6
7 number of VMs in an organization can multiply at an enormous rate, proportional only to the capacity of the physical machine hosting them. As an example, a recent client audit by Catbird revealed that a domain machine had been improperly cloned, creating two distinct machines with the same domain identity. This instantly made inventory and vulnerability management databases invalid. Rapid and unpredictable growth of new machines strains the security processes of an organization. Patching plans, for example, break down when one does not know what machines to patch. Machines may become unprotected and an infected or compromised machine on a virtual network may then easily infect the remainder of the virtual machines on that network, which are typically invisible to standard security devices. As a consequence, most virtualized systems have no method of ensuring that policies are adhered to when changes to virtual machines occur and no way of assessing the impact of such changes on security and compliance. Mobility Further complicating change management is the unique feature of virtual machine migration. Current VM technology supports relocating guest systems between clusters and hypervisors with little or no downtime 6. Guest systems can be dynamically moved from one physical host to another, without interruption of computation, presentation or state. A virtual machine hosting back office payroll applications, administered and protected by a particular policy on a particular physical server, can be instantly moved to a new host, with perhaps inappropriate monitoring and protection. Software Lifecycle and Rollbacks Lastly, change management is challenged by the issue of software lifecycle and rollbacks first described by Garfinkel and Rosenblum. It refers to the potential exploitation of the temporal nature of virtualization, where, by design, machine state may be rolled back to a previous execution state. Traditional security processes assume time is moving forward, and thus patched machines remain patched, ports are closed, accounts disabled, etc. with all of these measures appropriately logged. Rolling back to a previous state undoes these actions and re-exposes the protected machines, even as the audit logs are not necessarily amended to reflect the reverted state. Catbird Mitigation Catbird vsecurity delivers a combination of sophisticated virtual machine tracking, along with a management framework for auditing virtual machine state. The Catbird vtracker tracks guest systems independent of location or mobility events. The Catbird Control Center audits the state of the virtual machines over their lifetimes, supplying forensics for root cause analysis. IT managers can monitor and integrate Catbird into existing change control processes. Routine tasks would be approved, scheduled and validated by a change management process. Catbird delivers the ability to detect and validate new guest systems, rolled up and correlated into a holistic view of all changes to the data center enabling trendspotting of risky or dangerous activity. Catbird provides independent enforcement of security and compliance, and can alert administrators about fat finger or configuration errors. Catbird allows administrators to establish a topology upfront that enforces network segmentation that separates test, development, and production VMs. Organizations that rely on manual process controls soon find that they are out of compliance with data protection and regulatory requirements. To address this, Catbird provides monitoring, mitigation and enforcement procedures for baselining, change control and security validation to meet the demands that virtualization-savvy business units will place on IT management. Catbird is thus able to effectively control the underlying causes of virtual sprawl: the combination of changing business demands, faster provisioning and poor process controls in the virtual infrastructure. Catbird vsecurity Approach The multi-award winning Catbird vsecurity is comprehensive protection and compliance for virtual, cloud and physical data centers. It is built on industry standard, network-based security technologies and uses patent-pending methodologies for data correlation and intelligence. It s architecture is 100% cloud based, using web services and a serviceoriented architecture (SOA) perfectly complementary to virtualization. Security in the Virtual Data Center Catbird, Inc Page 7
8 V-Security integrates: Virtual network visibility, monitoring and flow analysis Virtual machine tracking, analysis and quarantine Policy monitoring and enforcement (Catbird TrustZones ) across the entire data center Network access control (NAC) with automatic virtual machine quarantine 24x7 vulnerability monitoring IDS/IPS with zero-day threat intelligence Network segmentation Web-based management portal Catbird vsecurity instantly identifies compromised assets, alerts appropriate personnel, and optionally quarantines the offenders. No other vendor can deliver this level of breadth and depth in protecting security and compliance from within the virtual infrastructure. vsecurity consists of the following elements: vcompliance The only product in the industry specifically designed to monitor and enforce compliance for virtual and cloud environments. vcompliance automatically monitors and audits more controls required by the leading regulatory standards organizations and supports the widest array of common security frameworks. vcompliance includes default policies such as SOX, HIPAA, DIACAP and PCI; each policy is built upon Catbird controls which map to the appropriate compliance framework. Catbird applies controls across seven areas that are all required for operations, security and compliance, specifically: Auditing, Inventory management, Configuration management, Change management, Access control, Vulnerability management and Incident response blocks out-of-policy or compromised VMs from breaching data center security. TrustZones Defined as a logical group of assets that share a common security policy envelope, TrustZones provide visibility, monitoring and policy enforcement across a port group or network space (CIDR). TrustZones can be used to segment the network. They can span multiple port groups within a switch, VLANs, multiple switches, multiple hosts and even multiple clusters - and still maintain the policy envelope through vmotion events. HypervisorShield HypervisorShield monitors and controls access to the hypervisor management network and other hypervisor management components, detects malicious network activity directed at the hypervisor from virtual machines and validates that the hypervisor network is configured according to best practices and site security policy. vsecurity Architecture Catbird V-Security consists of two components: a network based virtual appliance, referred to as a Catbird - and the Catbird Control Center. The Catbird virtual machine appliances connect to the virtual switch. The Control Center is the command-and-control center for all vsecurity operations and is itself a virtual machine. Due to the dynamic nature of security threats, both the virtual appliances and Control Center are continuously updated from Catbird. VMshield Protects virtual machines by correlating advanced VM tracking capabilities (via the Catbird vtracker ) and hundreds of virtual machine attributes with in-depth monitoring of suspect activity on the network itself. VMShield automatically Security in the Virtual Data Center Catbird, Inc Page 8
9 The Catbird Control Center is a single virtual machine instance with no limit on the number of Catbird virtual machine appliances and number of sites managed. It is a web-based management console. The Control Center supports multi-tenant role-based access control, integration with Active Directory and other multi-factor authentication mechanisms. The Control Center manages the Catbirds (virtual machine appliances). Each Catbird virtual machine appliance performs discovery, assessment, device access and management services for attached logical networks. Large organizations federate Control Center instances to provide global security management and reporting. The Catbird appliance operates in existing virtual infrastructures, or as a stand-alone virtual machine using a virtual machine player technology. The Catbird Control Center provides management, data correlation, data analysis, logging and integration with other vendor products. Conclusion Virtualization technology delivers a highly dynamic and significantly more cost-effective data center, fundamentally changing the way servers are deployed and managed. This also profoundly changes the way security is architected. The success of a virtualization strategy will only be as successful as its ability to protect the data and assets of the organization. Many of the security and compliance issues introduced by virtualization can be solved with better processes. Others will require a virtualized security technology like Catbird that brings visibility, management and control to virtual infrastructure and which contemplates both the benefits and risks of virtual machine mobility. In all cases, operations and security teams need to work together on building-in security from project inception and recognize that traditional approaches are inadequate for this new paradigm. REFERENCES AND CITATIONS Pollard, B. (Feb 2008) Security Advantages and Disadvantages of Virtualization University of Maryland, XTMN 606, Cohort 24 Center for Internet Security (2007) CIS ESX Benchmark Charu Chaubal, VMware Inc. (2008) Security Hardening, VMware Infrastructure 3 Tal Garfinkel and Mendel Rosenblum, Stanford University Department of Computer Science When Virtual is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments NSA, Systems and Network Analysis Center, (2008) VMware ESX Server 3 Configuration Guide DISA, for the DOD (2008) ESX Server Security Technical Implementation Guide V1R1 (2008, April 28). Berman, Rieke and Dennis, Catbird Networks, Inc. (coming 2009) Catbird Secure Virtual Infrastructure Configuration Guide, Available upon request. Yankee Group (2006) 2006 Global Virtualization Survey. In Yankee Group, The Global Connectivity Experts. 1 It is important to note that to date there have been no reported exploitations of weaknesses in the hypervisor itself by malicious hackers. This is not surprising: 99% of security breaches are the result of simple human error errors which need to be assiduously prevented in a virtual data center. 2 CVE Query Results. (2007) In The National Vulnerability Database, US DHS Cybersecurity Division 3 Martinez-Moyano, Conrad, Rich and Andersen (2006) Security in the Virtual Data Center Catbird, Inc Page 9
10 Modeling the emergence of insider threat vulnerabilities in Proceeding of the 2006 Winter Conference. Retrieved January 9, 2008 from Moyano_et_al_2006_WSC.pdf 4 The Matrix. (1999, March 31 USA). Written and Directed by Larry Wachowski and Andy Wachowski. 5 Bellare, S. Goldwasser, and D. Micciancio (1997) Pseudo-random number generation within cryptographic algorithms: The DDS case. In CRYPTO 6 Migrate Virtual Machines with Zero Downtime (2007). In VMware Vmotion. Security in the Virtual Data Center Catbird, Inc Page 10
Catbird vsecurity : Security and Compliance For The Virtualized Data Center
Catbird vsecurity : Security and Compliance For The Virtualized Data Center www.catbird.com 2011 Catbird All rights reserved Catbird vsecurity: Securing the Virtual & Cloud Data Center Executive Summary
More informationAutomating Cloud Security Control and Compliance Enforcement for PCI DSS 3.0
WHITE PAPER Automating Cloud Security Control and Compliance Enforcement for 3.0 How Enables Security and Compliance with the PCI Data Security Standard in a Private Cloud EXECUTIVE SUMMARY All merchants,
More informationVirtualization & Cloud Computing Risks NASSCOM-DSCI Information Security Summit 2009 November 24, 2009
Virtualization & Cloud Computing Risks NASSCOM-DSCI Information Security Summit 2009 November 24, 2009 Felix Mohan CISO, Bharti Airtel Ltd Virtualization & Cloud Computing Strategic Technologies with Significant
More informationDMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch
DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)
More informationPICO Compliance Audit - A Quick Guide to Virtualization
WHITE PAPER August 2011 Passing Compliance Audit: Virtualize PCI-compliant Workloads with the Help of HyTrust and Trend Micro Deep Security HYTRUST AND TREND MICRO DEEP SECURITY TOC Contents Virtualization
More informationPreparing an RFI for. This RFI has been updated to reflect the new requirements in Version 3.0 of the PCI DSS, which took effect January 2015.
Preparing an RFI for Protecting cardholder data is a critical and mandatory requirement for all organizations that process, store or transmit information on credit or debit cards. Requirements and guidelines
More informationHow to Achieve Operational Assurance in Your Private Cloud
How to Achieve Operational Assurance in Your Private Cloud As enterprises implement private cloud and next-generation data centers to achieve cost efficiencies and support business agility, operational
More informationCatbird 6.0: Private Cloud Security
WHITE PAPER Catbird 6.0: Private Cloud Security and agile infrastructure that is exposing weaknesses in legacy perimeter-based network controls and leaving applications vulnerable to advanced threats.
More informationNetwork Access Control in Virtual Environments. Technical Note
Contents Security Considerations in.... 3 Addressing Virtualization Security Challenges using NAC and Endpoint Compliance... 3 Visibility and Profiling of VMs.... 4 Identification of Rogue or Unapproved
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationVirtualization Security and Best Practices. Rob Randell, CISSP Senior Security Specialist SE
Virtualization Security and Best Practices Rob Randell, CISSP Senior Security Specialist SE Agenda General Virtualization Concepts Hardware Virtualization and Application Virtualization Types of Hardware
More informationCisco SAFE: A Security Reference Architecture
Cisco SAFE: A Security Reference Architecture The Changing Network and Security Landscape The past several years have seen tremendous changes in the network, both in the kinds of devices being deployed
More informationSTRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview
STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking
More informationMitigating Information Security Risks of Virtualization Technologies
Mitigating Information Security Risks of Virtualization Technologies Toon-Chwee, Wee VMWare (Hong Kong) 2009 VMware Inc. All rights reserved Agenda Virtualization Overview Key Components of Secure Virtualization
More informationSecurely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.
Securely Architecting the Internal Cloud Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Securely Building the Internal Cloud Virtualization is the Key How Virtualization Affects
More informationSecuring Virtual Applications and Servers
White Paper Securing Virtual Applications and Servers Overview Security concerns are the most often cited obstacle to application virtualization and adoption of cloud-computing models. Merely replicating
More informationThe Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements:
Compliance Brief The Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements: Using Server Isolation and Encryption as a Regulatory Compliance Solution and IT Best Practice Introduction
More informationSecure Administration of Virtualization - A Checklist ofVRATECH
Securing the Administration of Virtualization An ENTERPRISE MANAGEMENT ASSOCIATES (EMA ) Market Research Report Prepared for RSA, The Security Division of EMC March 2010 IT MANAGEMENT RESEARCH, Table of
More informationHow To Protect Your Cloud From Attack
A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to
More informationA Look at the New Converged Data Center
Organizations around the world are choosing to move from traditional physical data centers to virtual infrastructure, affecting every layer in the data center stack. This change will not only yield a scalable
More informationSecurity Virtual Infrastructure - Cloud
Security Virtual Infrastructure - Cloud Your Name Ramkumar Mohan Head IT & CISO Orbis Financial Corporation Ltd Agenda Cloud Brief Introduction State of Cloud Cloud Challenges Private Cloud Journey to
More informationManaging Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform
Managing Privileged Identities in the Cloud How Privileged Identity Management Evolved to a Service Platform Managing Privileged Identities in the Cloud Contents Overview...3 Management Issues...3 Real-World
More informationVirtualization Security Checklist
Virtualization Security Checklist This virtualization security checklist is intended for use with enterprise full virtualization environments (as opposed to paravirtualization, application or operating
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationH Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments
H Y T RUST: S OLUTION B RIEF Solve the Nosy Neighbor Problem in Multi-Tenant Environments Summary A private cloud with multiple tenants such as business units of an enterprise or customers of a cloud service
More informationVirtualization Impact on Compliance and Audit
2009 Reflex Systems, LLC Virtualization Impact on Compliance and Audit Michael Wronski, CISSP VP Product Management Reflex Systems Agenda Introduction Virtualization? Cloud? Risks and Challenges? Compliance
More informationEffective End-to-End Cloud Security
Effective End-to-End Cloud Security Securing Your Journey to the Cloud Trend Micro SecureCloud A Trend Micro & VMware White Paper August 2011 I. EXECUTIVE SUMMARY This is the first paper of a series of
More informationGE Measurement & Control. Cyber Security for NEI 08-09
GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationVirtualization System Security
Virtualization System Security Bryan Williams, IBM X-Force Advanced Research Tom Cross, Manager, IBM X-Force Security Strategy 2009 IBM Corporation Overview Vulnerability disclosure analysis Vulnerability
More informationSafeguarding the cloud with IBM Dynamic Cloud Security
Safeguarding the cloud with IBM Dynamic Cloud Security Maintain visibility and control with proven security solutions for public, private and hybrid clouds Highlights Extend enterprise-class security from
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationLearn the Essentials of Virtualization Security
Learn the Essentials of Virtualization Security by Dave Shackleford by Dave Shackleford This paper is the first in a series about the essential security issues arising from virtualization and the adoption
More informationTenable Webcast Summary Managing Vulnerabilities in Virtualized and Cloud-based Deployments
Tenable Webcast Summary Managing Vulnerabilities in Virtualized and Cloud-based Deployments Introduction Server virtualization and private cloud services offer compelling benefits, including hardware consolidation,
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
More informationCHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
: INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS 1 FIVE KEY RECOMMENDATIONS During 2014, NTT Group supported response efforts for a variety of incidents. Review of these engagements revealed some observations
More informationMaking Data Security The Foundation Of Your Virtualization Infrastructure
Making Data Security The Foundation Of Your Virtualization Infrastructure by Dave Shackleford hytrust.com Cloud Under Control P: P: 650.681.8100 Securing data has never been an easy task. Its challenges
More informationLearn the essentials of virtualization security
Learn the essentials of virtualization security White Paper Table of Contents 3 Introduction 4 Hypervisor connectivity and risks 4 Multi-tenancy risks 5 Management and operational network risks 5 Storage
More informationALTERNATIVES FOR SECURING VIRTUAL NETWORKS
White Paper ALTERNATIVES FOR SECURING VIRTUAL NETWORKS A Different Network Requires a Different Approach Extending Security to the Virtual World Copyright 2013, Juniper Networks, Inc. 1 Table of Contents
More informationOvercoming Security Challenges to Virtualize Internet-facing Applications
Intel IT IT Best Practices Cloud Security and Secure ization November 2011 Overcoming Security Challenges to ize Internet-facing Applications Executive Overview To enable virtualization of Internet-facing
More informationSecuring your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation
Securing your Virtual Datacenter Part 1: Preventing, Mitigating Privilege Escalation Before We Start... Today's discussion is by no means an exhaustive discussion of the security implications of virtualization
More informationNetwork Segmentation in Virtualized Environments B E S T P R A C T I C E S
Network Segmentation in Virtualized Environments B E S T P R A C T I C E S ware BEST PRAC TICES Table of Contents Introduction... 3 Three Typical Virtualized Trust Zone Configurations... 4 Partially Collapsed
More informationGE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance
GE Oil & Gas Cyber Security for NERC CIP Versions 5 & 6 Compliance Cyber Security for NERC CIP Versions 5 & 6 Compliance 2 Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security
More informationSafeguarding the cloud with IBM Security solutions
Safeguarding the cloud with IBM Security solutions Maintain visibility and control with proven solutions for public, private and hybrid clouds Highlights Address cloud concerns with enterprise-class solutions
More informationVMware Security Briefing. Rob Randell, CISSP Senior Security Specialist SE
VMware Security Briefing Rob Randell, CISSP Senior Security Specialist SE Agenda Security Advantages of Virtualization Security Concepts in Virtualization Architecture Operational Security Issues with
More informationCSA Virtualisation Working Group Best Practices for Mitigating Risks in Virtualized Environments
CSA Virtualisation Working Group Best Practices for Mitigating Risks in Virtualized Environments Kelvin Ng Tao Yao Sing Heng Yiak Por Acknowledgeme nts Co-Chairs Kapil Raina, Zscaler Kelvin Ng, Nanyang
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More information2010 State of Virtualization Security Survey
2010 State of Virtualization Security Survey Current opinions, experiences and trends on the strategies and solutions for securing virtual environments 8815 Centre Park Drive Published: April, 2010 Columbia
More information1 Introduction... 2 2 Product Description... 3 3 Strengths and Challenges... 5 4 Copyright... 5
KuppingerCole Report EXECUTIVE VIEW by Alexei Balaganski May 2015 is a business-critical application security solution for SAP environments. It provides a context-aware, secure and cloud-ready platform
More informationPrivileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery
Overview Password Manager Pro offers a complete solution to control, manage, monitor and audit the entire life-cycle of privileged access. In a single package it offers three solutions - privileged account
More informationPCI DSS 3.0 Compliance
A Trend Micro White Paper April 2014 PCI DSS 3.0 Compliance How Trend Micro Cloud and Data Center Security Solutions Can Help INTRODUCTION Merchants and service providers that process credit card payments
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationHow To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)
McAfee Security: Intrusion Prevention System REV: 0.1.1 (July 2011) 1 Contents 1. McAfee Network Security Platform...3 2. McAfee Host Intrusion Prevention for Server...4 2.1 Network IPS...4 2.2 Workload
More informationVirtual Machines and Security Paola Stone Martinez East Carolina University November, 2013.
Virtual Machines and Security Paola Stone Martinez East Carolina University November, 2013. Keywords: virtualization, virtual machine, security. 1. Virtualization The rapid growth of technologies, nowadays,
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationLecture 02b Cloud Computing II
Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,
More informationHow To Secure Your System From Cyber Attacks
TM DeltaV Cyber Security Solutions A Guide to Securing Your Process A long history of cyber security In pioneering the use of commercial off-the-shelf technology in process control, the DeltaV digital
More informationHIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More informationTHE BLUENOSE SECURITY FRAMEWORK
THE BLUENOSE SECURITY FRAMEWORK Bluenose Analytics, Inc. All rights reserved TABLE OF CONTENTS Bluenose Analytics, Inc. Security Whitepaper ISO 27001/27002 / 1 The Four Pillars of Our Security Program
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary
VISIBILITY DATA GOVERNANCE SYSTEM OS PARTITION UNIFIED MANAGEMENT CENTRAL AUDIT POINT ACCESS MONITORING ENCRYPTION STORAGE VOLUME POLICY ENFORCEMENT ProtectV SECURITY SNAPSHOT (backup) DATA PROTECTION
More informationSecure networks are crucial for IT systems and their
ISSA The Global Voice of Information Security Network Security Architecture By Mariusz Stawowski ISSA member, Poland Chapter Secure networks are crucial for IT systems and their proper operation. Essential
More informationForeScout CounterACT. Device Host and Detection Methods. Technology Brief
ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...
More informationMeeting the Challenges of Virtualization Security
Meeting the Challenges of Virtualization Security Coordinate Security. Server Defense for Virtual Machines A Trend Micro White Paper August 2009 I. INTRODUCTION Virtualization enables your organization
More informationDrawbacks to Traditional Approaches When Securing Cloud Environments
WHITE PAPER Drawbacks to Traditional Approaches When Securing Cloud Environments Drawbacks to Traditional Approaches When Securing Cloud Environments Exec Summary Exec Summary Securing the VMware vsphere
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
More informationThe Challenges of Securing Hosting Hyper-V Multi-Tenant Environments
#1 Management and Security for Windows Server and Hyper-V The Challenges of Securing Hosting Hyper-V Multi-Tenant Environments by Brien M. Posey In the not too distant past, VMware was the hypervisor of
More informationCyber Security for NERC CIP Version 5 Compliance
GE Measurement & Control Cyber Security for NERC CIP Version 5 Compliance imagination at work Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security Management Controls...
More informationLogRhythm and PCI Compliance
LogRhythm and PCI Compliance The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent
More informationFive Ways to Use Security Intelligence to Pass Your HIPAA Audit
e-book Five Ways to Use Security Intelligence to Pass Your HIPAA Audit HIPAA audits on the way 2012 is shaping up to be a busy year for auditors. Reports indicate that the Department of Health and Human
More informationStaying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro
Staying Secure After Microsoft Windows Server 2003 Reaches End of Life Trevor Richmond, Sales Engineer Trend Micro Windows Server 2003 End of Life- Why Care? The next big vulnerability (Heartbleed/Shellshock)
More informationRequirements When Considering a Next- Generation Firewall
White Paper Requirements When Considering a Next- Generation Firewall What You Will Learn The checklist provided in this document details six must-have capabilities to look for when evaluating a nextgeneration
More informationEnterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.
ENTERPRISE MONITORING & LIFECYCLE MANAGEMENT Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More informationMarch 2012 www.tufin.com
SecureTrack Supporting Compliance with PCI DSS 2.0 March 2012 www.tufin.com Table of Contents Introduction... 3 The Importance of Network Security Operations... 3 Supporting PCI DSS with Automated Solutions...
More informationSeven Things To Consider When Evaluating Privileged Account Security Solutions
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
More informationIBM Security QRadar Vulnerability Manager
IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk
More informationClosing Wireless Loopholes for PCI Compliance and Security
Closing Wireless Loopholes for PCI Compliance and Security Personal information is under attack by hackers, and credit card information is among the most valuable. While enterprises have had years to develop
More informationDatabase Security, Virtualization and Cloud Computing
Whitepaper Database Security, Virtualization and Cloud Computing The three key technology challenges in protecting sensitive data in modern IT architectures Including: Limitations of existing database
More informationTop virtualization security risks and how to prevent them
E-Guide Top virtualization security risks and how to prevent them There are multiple attack avenues in virtual environments, but this tip highlights the most common threats that are likely to be experienced
More informationSecurity Controls for the Autodesk 360 Managed Services
Autodesk Trust Center Security Controls for the Autodesk 360 Managed Services Autodesk strives to apply the operational best practices of leading cloud-computing providers around the world. Sound practices
More informationTHE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols
THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE
More informationHow Does Virtualization Change Your Approach to Enterprise Security and Compliance?
HowDoesVirtualizationChangeYour ApproachtoEnterpriseSecurityand Compliance? SevenStepstoaVirtual awaresecuritystrategy. MichaelBaum Co founder ChiefCorporate&Business DevelopmentOfficer ScottShepard CISSP,CISM
More informationPCI Wireless Compliance with AirTight WIPS
A White Paper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Suite 200, Mountain View, CA 94043 www.airtightnetworks.com 2013 AirTight Networks, Inc. All rights reserved. Introduction Although [use
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationChapter 1 The Principles of Auditing 1
Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls
More informationReining in the Effects of Uncontrolled Change
WHITE PAPER Reining in the Effects of Uncontrolled Change The value of IT service management in addressing security, compliance, and operational effectiveness In IT management, as in business as a whole,
More informationSolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements
SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements SolarWinds Security Information Management in the Payment Card
More informationFISMA / NIST 800-53 REVISION 3 COMPLIANCE
Mandated by the Federal Information Security Management Act (FISMA) of 2002, the National Institute of Standards and Technology (NIST) created special publication 800-53 to provide guidelines on security
More informationThe Trivial Cisco IP Phones Compromise
Security analysis of the implications of deploying Cisco Systems SIP-based IP Phones model 7960 Ofir Arkin Founder The Sys-Security Group ofir@sys-security.com http://www.sys-security.com September 2002
More informationNot for distribution or reproduction.
www.pipelinepub.com Volume 12, Issue 5 Cybersecurity Goes Mainstream By Rob Marson Back to the Future I recently read an article online entitled: Virtualization is Going Mainstream. The dateline was January
More informationThe President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
More informationIBM Software Choosing the right virtualization security solution
IBM Software Choosing the right virtualization security solution Meet the unique security challenges of virtualized environments 2 Choosing the right virtualization security solution Having the right tool
More informationSecuring Cloud Infrastructures with Elastic Security
Securing Cloud Infrastructures with Elastic Security White Paper September 2012 SecludIT 1047 route des dolines, 06560 Sophia Antipolis, France T +33 489 866 919 info@secludit.com http://secludit.com Core
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationPrivilege Gone Wild: The State of Privileged Account Management in 2015
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
More informationLumeta IPsonar. Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks
IPsonar provides visibility into every IP asset, host, node, and connection on the network, performing an active probe and mapping everything that's on the network, resulting in a comprehensive view of
More information