Security News Curated from across the world
Chris Petersen, founder and CTO of LogRhythm, said: “Virtualisation and cloud computing are transforming the way IT is deployed, managed and consumed, which includes log management and SIEM technology.
http://www.scmagazineuk.com/entry-level-siem-and-log-management-solution-introduced-by-loglogic-as-logrhythm-introduces-virtualised-siem/article/181160/
For example, an IT administrator would be able to guess CA Client Automation’s functionality based on the name, as opposed to the previous generally-named CA IT Client Manager, he said. When additional modules are “plugged in” at a later date, the applications automatically detect and share data, making it very scalable, said Shopp.
CA Process Automation documents, automates and orchestrates a range of processes across platforms, applications and IT groups, CA said.
CA Configuration Automation identifies and standardizes device configurations and tracks cross-device dependencies, CA said.
The enhancements to existing products include new hypervisor support and management tools for public, private and hybrid clouds.
CA Client Automation integrates and automates a wide range of client device management tasks such as bare metal buildups and rebuilds, patch management, Windows 7 migration, and remote desktop support, CA said. The enhancements include dynamic management of mixed workloads for virtualized resources, the ability to schedule workloads in public couds such as Amazon EC2, and the ability to manage, monitor and troubleshoot business workloads. These stand-alone modules are also available in three preintegrated packages aligned with specific business services: hybrid clouds, Cisco UCS and data centers.
http://www.eweek.com/c/a/Virtualization/CA-Technologies-Revamps-Cloud-Automation-Suite-492569/
This is not to say the challenges outweigh the benefits, but that these must be thought through carefully, so that proper commercial decisions are made to deal with the risks.
Data protection: data must be processed within the European Economic Area, unless there is adequacy of protection established outside the EEA, or consent requirements have been met in respect of data subjects;
Regulatory compliance: if an organisation is operating in a regulated industry, it must ensure that the associated compliance obligations can be maintained (audit rights and appropriate controls, for example);
Security and confidentiality obligations — although an obvious and important point, consideration needs to be given as to how to verify such measures; Service levels and compensation mechanisms — with the infrastructure in the cloud, this becomes more vital, together with considerations associated with measurement (delineating between the cloud provider’s infrastructure responsibilities, and those which lie within the domain of the customer);
Escrow considerations – worth thinking about, in case the service provider disappears, or the contract terminates early;
Business continuity and disaster recovery — cloud computing can give rise to robust business continuity and disaster recovery measures if properly implemented.
http://itlaw.computing.co.uk/2010/10/cloud-computing-blue-sky-thinking-or-head-in-the-clouds.html
One element of the technology, OpenCloud Bridge, is a secure tunnelling technology which allows data and workloads to be transferred between internal corporate networks and external third-party cloud platforms.
Through OpenCloud Bridge, external cloud environments — such as Amazon’s EC2 or Rackspace’s Cloud Server – appear to be an extension of an organisation’s internal network. The technology will work on any virtual hypervisor but requires both sides of the data transfer to be using Citrix’s NetScaler server technology, meaning that currently not all cloud services are currently able to use OpenCloud Bridge.
Users of OpenCloud Bridge will also be able to move virtual machines and workloads between VMWare and Citrix virtual machines using the OpenCloud Bridge technology.
However, moving data between software-as-a-service applications — from Microsoft Dynamics CRM to Salesforce.com, for example – isn’t currently on Citrix’s agenda, as application-to-application data transfer requires significant changes to the way the data is packaged and structured, something that will need cross-vendor support before it can be implemented.
…VMWare, which allows movement of applications on virtual machines between off-premise and on-premise environments through its vFabric technology but only if they remain within the VMWare stack.
“My view is Citrix have hung their hat on the open source banner, an open stack [which] they’re hoping the service providers take up to enable customers to be able to enter and exit cheaply and quickly whereas VMWare are hoping in their tie-ups with people like Salesforce.com that their platform, based on a proprietary vCloud API, will be adopted by people so they can link service providers into their stack,” Ovum senior analyst Roy Illsley told silicon.com.
OpenCloud Access works in conjunction with the Citrix Receiver technology, a client-based system to allow users to access internal and external cloud applications in an application store-style interface.
http://www.silicon.com/technology/networks/2010/10/15/citrix-looks-to-build-bridges-in-the-cloud-39746449/
At its heart, it refers to tools that track various changes made to an enterprise’s network defenses — principally firewall and router settings, as well as other security system data — and evaluates the potential impact of proposed changes.
SPOM (let’s use that term for now, since it’s the shortest and goodness knows we *need* another acronym) is sometimes referred to as the “preventative” side of security monitoring because it focuses on how enterprises are enforcing their security policies –and what might happen if they change those policies. This separates SPOM from security information and event management (SIEM), which reports on security-related network activity after it occurs.
“SIEM is a useful tool, but although it’s been around for years, enterprises are finding that their risk is continuing to rise,” says Michelle Cobb, vice president of marketing at Skybox. “It’s collecting data after the fact — after the horse is out of the barn… What we try to do is reduce the window of risk, reducing the possibility that a bad ‘event’ will occur in the first place.”
Unlike SIEM, SPOM enables an enterprise to set an acceptable level of risk and then tune its security systems and configurations to meet that requirement.
Steve Dauber, vice president of marketing at RedSeal Systems, compared the current evolution of security management systems to the evolution of network management systems a decade ago.
“First we had element management systems that collected data from individual devices,” he recalled.
“Then we had enterprise network management systems that collected all the data from the element management systems into a single console, which is basically what SIEM does.
After that, we saw the development of correlation engines, change management, and service-level management, which allowed you to intelligently set specific service levels for critical applications and business services.
SPOM is sort of the service-level management of security — but you’re using risk as the variable, rather than network performance or uptime.” At the core of most SPOM systems is the task of firewall configuration, which is how most enterprises “tune” their level of risk. Coordinating these policies and changes across a whole network of firewalls is no simple task, which is why Tufin’s products are designed to monitor changes in real time, according to Ruvi Kitov, CEO of Tufin.
While the SPOM concept certainly sounds like an attractive one for enterprises that must manage policies and configurations across many firewalls and other security devices, the market for the technology remains nascent. “I think the need for these products is real, but I suspect that many organizations are put off by the associated price tag,” says Andrew Hay, senior analyst for the enterprise security practice at the 451 Group consultancy.
SPOM technology is generally targeted at large enterprises, where collecting and analyzing configuration and management data from a variety of security devices can be daunting. “Obviously, if you have hundreds of firewalls, that price is going to go up. But when you compare it to the cost of a breach, which may be $200,000 or more on average, it’s a pretty good investment.”
RedSeal and Skybox tools are also heavily used by operations staff, but they can also be used to create “dashboards” that allow top executives to monitor the enterprise’s security posture and evaluate potential risks.
“The vendors really should be leading with the compliance pitch,” he says.
http://www.darkreading.com/security_monitoring/security/management/showArticle.jhtml?articleID=227800007&cid=RSSfeed#comments
“These patterns are affected by many factors of relationship and context, and could be used in reverse — to infer the relationship and context.” The more involved the individual is in the “digital” community, the more valuable his or her information pattern becomes.
And because this illegal version of what amounts to a blackhat social CRM database doesn’t cause a computer or mobile device to crash or result in the immediate loss of an antivirus application or the theft of money from a bank account or a gift card, the surveillance would theoretically go unnoticed and therefore garner even more valuable and meaningful behavioral information as time passes. For starters, it would the kind of detailed information that advertisers, marketers and spammers would love to get their hands on but for now have to be content with mass, barnstorming-type email campaigns to accomplish.
http://www.ecrmguide.com/article.php/3908146/new-malware-wants-your-life-not-your-passwords.htm