Author: admini

One problem is that computer “geeks” use jargon to cloak their work in scholarly mystique, resulting in a lack of clarity in everything from instruction manuals and systems design to professional training, the experts said.

“If you don’t demystify security, people become anxious about it and don’t want to do it,” former U.S. Homeland Security Secretary Michael Chertoff told Reuters on the sidelines of the EastWest Institute security meeting in Brussels. “There are some people in the profession who to some degree enjoy the mystification of what they do, that it’s not penetrable… Doctors and lawyers used to enjoy “a sense of mystified special knowledge,” Chertoff said.

The industry has made progress in educating users, but a huge and urgent task lies ahead in view of the growing criminal threat and the imminent arrival of billions more Internet users.

Plain language is vital, said Steve Purser, head of Technical Competence at the European Network and Information Security Agency, a European Union body. They are going to think how to get round the system.”

Educating the individual customer has long been a top goal for an industry struggling to balance security against ease of use and the clamor for mobile communications. “If we try to teach standard messages such as ‘always protect your password’ the danger is that people will learn the recipe but not learn why this happens,” Purser said.

Delegates said imaginative messages explaining the importance of online protection are needed, tailored to different age groups and audiences and posted on media ranging from TV advertising and schools curriculums to Youtube, Second Life, social network sites and video games.

Curtis Siller, director of Standards at the Institute of Electrical and Electronics Engineers, said the industry had to do a better job of communicating the risks to various audiences.

http://www.nytimes.com/reuters/2010/02/19/technology/tech-us-security-cyberspace.html?_r=2&scp=5&sq=computer&st=cse

SIM equipment can centralize event and log management information from security devices and computers, but the drawbacks to its use include up-front costs, complex installations and hiring the expertise to manage it.

SIM as a managed service only started to gain momentum within the past two years, largely due to compliance mandates such as the Payment Card Industry (PCI) data security requirements, says Gartner analyst Kelly Kavanagh. Managed SIM options range from as simple as centralizing log collection and reporting, to as complex as event correlation and round-the-clock security-event monitoring.

Occasionally SIM as a managed service will entail “complex correlation, perhaps related to network alerts from firewalls and switches, information that may seem to be related,” he notes, and a service might provide an analyst to monitor events round the clock. The company directly manages IT for more than 100 of its corporate restaurants, plus keeps track of PCI-related compliance matters for about 160 franchises which operate more independently. Not only did the up-front costs of doing it in-house seem high — SIM equipment can easily reach into the half-million dollar range — but also Fuddruckers realized it would have to hire SIM experts to make it all work.

Largely based on information gleaned from conversations with peers, just over a year ago Pumphrey decided to try SIM as a managed service, selecting Trustwave to monitor about 500 log files at least once daily on behalf of Fuddruckers, triggering an alarm if suspicious events arise.

“We see ourselves as a managed alternative to what customers might want to do themselves with ArcSight or Q1 Labs,” says Dan Schleifer, senior product manager for managed security services at Trustwave, referring to two well-known SIM product vendors.

That’s the approach that service provider FishNet is taking, according to CEO Gary Fish.

Tom Turner, vice president of marketing and sales at Q1 Labs, says it’s comfortable partnering with a managed service provider such as FishNet, viewing the relationship “as potentially offering us a broader market.”

SecureWorks is regarded by Gartner as a “pure play” SIM managed service provider, as opposed to a global service provider that offers SIM among a wider menu of services. The security firm is a veteran in the business, having started about a decade ago.

http://www.csoonline.com/article/print/521466

One development that occurred this year is the release of VMware’s security APIs. After talking up the idea since February 2008, VMware in April 2009 finally released its VMsafe APIs intended to help security vendors build products to work with its platform.

“We’re not using the VMware APIs today due to performance,” says Richard Park, senior product manager at Sourcefire, which in early December shipped its first virtualized sensor and management console for VMware ESX and vSphere4. Sourcefire’s traditional physical appliances are network sensors that can do both intrusion-detection monitoring and intrusion-prevention blocking. But at this point, the Virtual 3D Sensor and Virtual Defense Center will only provide monitoring visibility into VMware’s ESX hosts, not blocking of attacks.

At the Gartner ITExpo in October, Gartner Vice President Neil MacDonald publicly excoriated some security vendors for not moving more rapidly to come up with software-based virtual appliances, insinuating they would rather stick to their old ways of selling expensive hardware boxes. Enterprise customers are rapidly virtualizing their IT environments and often unwittingly creating less-secure results even as they reap the many benefits of virtualization, MacDonald says. Roping off virtualized servers with virtual LANs alone — a common practice — “is not sufficient for security separation,” MacDonald says. MacDonald says virtualization is causing some “business-model disruption” in security and praised the efforts of some vendors, including Trend Micro, to leap in with new offerings to take on the virtualization challenge.

Trend Micro’s Core Protection for Virtual Machines, antimalware software that was designed for use with VMware, was released in the third quarter. According to Bill McGee, senior director of product marketing at Trend Micro, both products make some use of tools in VMsafe. VMware has been among the most aggressive of the virtualization software vendors to open up their technology to optimize security functions, he says, while so far the actions of Citrix and Microsoft seem “more limited” in this area.

For its part, VMware says it’s glad to see a number of vendors, including Altor Networks, Reflex, ISS IBM and Trend Micro, adopting the VMsafe technology.

According to Forrester Research, adding hypervisor technology (Citrix Xen, VMware vSphere and Microsoft Hyper-V) “does add some marginal risk to IT environments, because it layers additional software on top of existing operating systems.

According to Jacquith, one disappointment remains VMware’s Live Migration feature for configuring VMs so that they automatically migrate from one farm host to another, for purposes of fault tolerance and business continuity.

http://www.computerworld.com.au/article/330761/virtualization_security_remains_work_progress/?fp=16&fpid=1