Greetings, programs!

The other day I was asked about application whitelisting as a way to deal with endpoint issues in virtual and cloud environments. I never really thought about it in this space, as usually application whitelisting was a technique used to control rogue users who like to install anything and everything on their desktops and laptops. So how does this practice affect virtual and cloud environments, and more importantly, does it make sense? Continue reading

Other than that Mrs. Lincoln, how did you enjoy the play?

Do you feel like no matter how much you invest in IT security, you are losing the battle? There has been a lot of talk that security specialists are facing an uphill battle for the foreseeable future thanks to the speed of mobile device evolution and cloud development. Personally, I feel the pain of security folks. Virtualization has made things more complicated, and now with tablets and smartphones, it’s never going to return back to the network security days. But there is something that cloud is bringing to security that will make it easier for security folks, and that is Big Data. Continue reading

I find your lack of faith disturbing.

I stumbled upon a post via Twitter the other day from Scott Lowe of Tech Republic on IDV (yes, I thought at first I was getting a mild case of dyslexia, but no, it is IDV) and the difference between VDI and IDV. IDV stands for Intelligent Desktop Virtualization and although it essentially delivers the same idea as Virtual Desktop Infrastructure (VDI) it’s actually not just more efficient, it’s really quite brilliant. Continue reading

I’m going to give you a little advice. There’s a force in the universe that makes things happen. And all you have to do is get in touch with it, stop thinking, let things happen, and be the ball.

It’s Technology Tuesday yet again, and I wanted to cover the latest news around EMC’s security arm, RSA. RSA had a lot of attention in 2011, mostly around their SecureID breach, but it gave them an opportunity to step back and focus on where the next move would take them. Last month, RSA Security executives announced that that move would focus on three key areas, anti-threat, mobility and cloud security. We’ve seen RSA partner with hardware manufacturers before (anyone look at their Wii? There’s a nice RSA logo on the console), so partnering with one of the most dynamic hardware industries is a very smart move for the EMC folks. Continue reading

Come on, you scuzzy data, be in there. Come on.

I wrote a few weeks back about the theme of Big Data and organizations such as EMC’s GreenPlum and Apache’s Hadoop ushering the way for the application of large data in cloud environments. It reminds me about the debate years ago on whether we would ever see a paperless society, which we realized sadly isn’t going to happen. Data just seems to compound and we cannot begin to imagine how the rates of data usage and creation will increase.

But in order to embrace big data, we need to figure out the barriers to adoption. David Asprey, a regular on the cloud expo circuit, notes that there are 2 key elements missing in the log management space right now: real scalability and security. Continue reading

If you had paid attention to me in school, you’d understand it’s not all about car chases and excitement.

SonicWALL is a company that really has a sweet spot for addressing mid-market organizations (especially in Canada where mid-market tends to fall to the smaller end of the employee spectrum), but also doesn’t compromise in quality. In fact, their smallest appliances contain the same functionality and management capabilities as their largest, (and well named) SuperMassive devices. But a lot of enterprises simply write-off SonicWALL because they’ve done a good job at playing in the mid-market and so there is a natural bias to think that they don’t have enterprise-worthy security solutions. The problem is, SonicWALL doesn’t just HAVE enterprise-class security solutions, but they’re built into every single box they sell, from the smallest to the largest. Oh, and they also have some pretty sweet virtualized appliances. Continue reading

Do you know of the Klingon proverb that tells us revenge is a dish that is best served cold? It is very cold in space.

I don’t want to say that Juniper has slipped under people’s radar over the last year, but there have been some really cool releases, especially their latest Virtual Gateway that I was shocked didn’t garner more attention than it did. For example, VGW 5 released some updates back in late summer to extend their portfolio of security solutions for virtual environments. The previous versions already had great support for monitoring, firewall, IDS and compliance, but now we are looking at the addition of endpoint antivirus, hypervisor compliance monitoring and large-scale security management capabilities, essentially making it a UTM solution for cloud and virtualization. This is great news for organizations who already use Juniper for their networking and security environments. Continue reading

Gentlemen, you can’t fight in here! This is the War Room!

I think one of the most daunting discussions to have about cloud security is that there is a perception that security folks need to rip everything out and buy all new technologies to secure their virtual environments. The problem with this logic is that there is still a fundamental backbone of traditional security that needs to be in place, cloud security is really a way to augment and extend these capabilities. The easiest way to start the transition is by leveraging hybrid solutions that protect both physical and virtual environments such as next-generation firewalls and IPS. One of the leading next-generation technology vendors leading the charge in this transition is Sourcefire, most well known as the developers of Snort, an open-source intrusion detection engine. Continue reading

Bill, strange things are afoot at the Circle K.

Technology Tuesday is upon us again, and I am so excited to talk about this solution, because it is a great solution that is normally linked to enterprise security solutions, but SMBs should absolutely be leveraging this technology. Cloud DDoS is a key security technology, and it’s not surprising since it is impossible to go more than a day without hearing about the latest corporate attack caused by DDoS. And if you are looking for a cloud DDoS solution, you really need to start with Imperva’s offering. Continue reading

After very careful consideration, sir, I’ve come to the conclusion that your new defense system sucks.

With Friday upon us, it’s the last part of virtualization and PCI. So as promise, I am going to dedicate this last post to giving a final round up on key things that you should hopefully start doing (or at least discussing internally) if you plan on moving down the path to compliance. I can’t promise it won’t be painful, but if you keep these things in mind from the beginning, it will be slightly less intrusive than it could be. Continue reading