Gentlemen, you can’t fight in here! This is the War Room!

I think one of the most daunting discussions to have about cloud security is that there is a perception that security folks need to rip everything out and buy all new technologies to secure their virtual environments. The problem with this logic is that there is still a fundamental backbone of traditional security that needs to be in place, cloud security is really a way to augment and extend these capabilities. The easiest way to start the transition is by leveraging hybrid solutions that protect both physical and virtual environments such as next-generation firewalls and IPS. One of the leading next-generation technology vendors leading the charge in this transition is Sourcefire, most well known as the developers of Snort, an open-source intrusion detection engine. Continue reading

Bring in the Logic Probe!

Following up on last week’s post about Security Information & Event Management (SIEM) devices, I decided to delve a bit deeper into intrusion detection and prevention (IDS/IPS), as it’s one of those technologies that required adaptation to work with virtualization. If you run a virtualized or cloud environment, I’m sad to tell you that unless you recently purchased a virtualized IDS/IPS device, your current device works fantastic on your network, but is not seeing anything that is going on in your VM environment. Why is that? Let me explain… Continue reading

What Happens In The Cloud, Stays In The Cloud

When looking at how virtualization and cloud have changed traditional security, a lot of it has to do with visibility.  Until recently, security was focused on physical controls and visibility into the network, and so solutions were designed to sit on the perimeter or in-line with the network.  Intrusion detection and prevention is delivered through in-line IPS and next generation firewalls that feed Security Information Event Managers (SIEMs or SEMs) which logs the traffic and notes any discrepancies based on the policies and controls that the SIEM device was tuned to watch for.  This is standard practice in all IT shops, but what changes with virtualization? Continue reading