SIEM

Well hello Mister Fancypants!

When it comes to security and cloud, it’s no surprise that it’s a headache.  Traditional security tools focused on network and physical device connections as a way to track the flow of information and see the inner workings of the infrastructure.

So what happens when you take the physical devices out of the equation?  What happens then? (more…)

Other than that Mrs. Lincoln, how did you enjoy the play?

Do you feel like no matter how much you invest in IT security, you are losing the battle? There has been a lot of talk that security specialists are facing an uphill battle for the foreseeable future thanks to the speed of mobile device evolution and cloud development. Personally, I feel the pain of security folks. Virtualization has made things more complicated, and now with tablets and smartphones, it’s never going to return back to the network security days. But there is something that cloud is bringing to security that will make it easier for security folks, and that is Big Data. (more…)

Come on, you scuzzy data, be in there. Come on.

I wrote a few weeks back about the theme of Big Data and organizations such as EMC’s GreenPlum and Apache’s Hadoop ushering the way for the application of large data in cloud environments. It reminds me about the debate years ago on whether we would ever see a paperless society, which we realized sadly isn’t going to happen. Data just seems to compound and we cannot begin to imagine how the rates of data usage and creation will increase.

But in order to embrace big data, we need to figure out the barriers to adoption. David Asprey, a regular on the cloud expo circuit, notes that there are 2 key elements missing in the log management space right now: real scalability and security. (more…)

Bring in the Logic Probe!

Following up on last week’s post about Security Information & Event Management (SIEM) devices, I decided to delve a bit deeper into intrusion detection and prevention (IDS/IPS), as it’s one of those technologies that required adaptation to work with virtualization. If you run a virtualized or cloud environment, I’m sad to tell you that unless you recently purchased a virtualized IDS/IPS device, your current device works fantastic on your network, but is not seeing anything that is going on in your VM environment. Why is that? Let me explain… (more…)

What Happens In The Cloud, Stays In The Cloud

When looking at how virtualization and cloud have changed traditional security, a lot of it has to do with visibility.  Until recently, security was focused on physical controls and visibility into the network, and so solutions were designed to sit on the perimeter or in-line with the network.  Intrusion detection and prevention is delivered through in-line IPS and next generation firewalls that feed Security Information Event Managers (SIEMs or SEMs) which logs the traffic and notes any discrepancies based on the policies and controls that the SIEM device was tuned to watch for.  This is standard practice in all IT shops, but what changes with virtualization? (more…)