Trend Cloud Security Blog – Cloud Computing Experts
Currently Browsing: Deep Security
Security in the cloud is a shared responsibility
Posted by Jonathan Gershater in Cloud, Deep Security Nov 28th, 2012 | 2 Comments When you host applications in the public cloud, you assume partial responsibility for securing the application. The cloud provider, for example Amazon Web Services (AWS), secures the physical data center (with locked badge entry doors, fences, guards, etc.) in addition to securing the physical network with perimeter firewalls. This is no significant change from how you secure your corporate datacenter. Just like you enhance the security of physical and virtual servers in your datacenter with host-based firewalls (ip tables, Windows firewall), anti-virus and intrusion detection, so you must protect... Averting a ‘Crisis’ for your VMware environment
Posted by admin in Deep Security, Malware, VMware Aug 23rd, 2012 | 2 Comments On August 21, widespread media reports began to circulate that a new virus or malware was attacking VMware virtual machines. “Crisis” (aka Morcut) is a new family of malware that began circulating in late July, and was reported by many anti-malware vendors, including Trend Micro, as principally infecting Mac OSX machines. Security researchers have recently uncovered that some new variants of Crisis also can infect VMware virtual machines and Windows Mobile devices. Trend Micro is still researching all the potential implications–so any comments here are preliminary, but we do not believe... How to Thwart the Digital Insider: an Advanced Persistent Response to targeted attacks
Posted by Tom Kellermann in Cyber crime, Deep Security, Security Aug 13th, 2012 | No Comments One of the oft-repeated themes in media reporting of cyber security events is that the “threat landscape is constantly evolving,” that attacks are becoming increasingly sophisticated and targeted and the men and women behind them are better resourced than ever before. Trend Micro research has found that over 90 percent of enterprise networks contain active, malicious malware with one new threat created every second. It’s certainly true, but begs for a deeper and more nuanced analysis. How are these attacks getting more sophisticated? How can a digital insider lay hidden, undetected within... HIPAA hiccups
Posted by Jonathan Gershater in Cloud, Deep Security, Malware, Privacy, Compliance and Identity, public cloud, Securing the Cloud, Security, Threats Apr 2nd, 2012 | Comments Off Not a month goes by when there isn’t an announcement of a breach of electronic health records thereby disclosing personal and financial data; and that excludes breaches that are not publicly acknowledged. In a recent report from the American National Standards Institute (ANSI), 18 million Americans have had their personal health information stolen over the past two years. So one has to ask: considering the financial and legal implications of a breach of health records, why don’t organizations deploy security solutions to protect electronic health records? Answers often offered by CIOs... Cloud and the merits of host based security
Posted by Jonathan Gershater in Cloud, Cloud-based Security, Deep Security, Privacy, Compliance and Identity, public cloud, Security Nov 9th, 2011 | Comments Off At cloudexpo yesterday, I chatted with Allan Allison, after his session on cloud security. Subsequently, I read his blog post which advises organizations considering the cloud, how they can leverage compliance factors when selecting a cloud provider (for example if the customer’s data is subject to HIPAA, HITECH, PCI and similar regulations). When you migrate to the cloud, compliance factors are one item to consider, security is another. If your applications and data are hosted on physical servers in your datacenter, under your control, security can be achieved with in-line network appliances... Encryption is Not Enough for Cloud Security
Posted by Christine Drake in Cloud, Deep Security, hybrid-cloud, IaaS, Privacy, Compliance and Identity, private cloud, public cloud, Securing the Cloud Sep 1st, 2011 | 5 Comments By saying that encryption is not enough for cloud security, I don’t mean that you also need other types of protection like server security, identity management, etc. I think most people deploying cloud computing plan to implement more than encryption for security. What I mean is that encryption alone is not enough in an encryption solution when it comes to cloud environments. Of course, industry-standard encryption is essential, but it’s table stakes. When dealing the multi-tenant nature of the public cloud, or even the inter-departmental shared resources of a private cloud, how encryption... Agentless Security Gets an “A” on Its Report Card
Posted by Christine Drake in Cloud, DataCenter, Deep Security, private cloud, Secure Data Centers, Securing the Cloud, Virtualization, VMware Aug 30th, 2011 | Comments Off In my last blog post, I discussed some of the benefits of agentless security for virtual and private cloud servers. Today at VMworld, Harish Agastya, Director of Data Center Security at Trend Micro, conducted a presentation on Agentless Security for VMware Environments (listed on the Trend Micro VMworld page). Trend Micro released agentless antivirus in Deep Security at last year’s VMworld and has seen impressive results over the last year. With such success, today Trend Micro announced an extension of its agentless security with new agentless file integrity monitoring (FIM) in Deep Security... The State of Cloud and Virtualization Security
Posted by Dave Asprey in Cloud, Cloud-based Security, Cyber crime, Deep Security, hybrid-cloud, IaaS, Malware, Privacy, Compliance and Identity, private cloud, public cloud, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Threats from the Cloud, Virtualization Jun 5th, 2011 | 1 Comment For the last few months, we’ve been conducting a cloud, virtualization, and VDI security survey of 1200 IT professionals from larger companies in 6 countries around the world. Not only did I get to help shape the questions on the survey, I’ve also been on the team interpreting the results. We’ve learned more than a few things we actually were not expecting to learn. Here is a collection of the most interesting top findings about the state of cloud and virtualization security. I’ll be blogging about some of them in more detail over the next few weeks, but in the meantime, here is the big... Ambient Cloud News: Skype protocol has been reverse engineered
Posted by Dave Asprey in Cloud, Cloud-based Security, Cyber crime, DataCenter, Deep Security, hybrid-cloud, IaaS, private cloud, public cloud, SaaS, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Threats from the Cloud Jun 2nd, 2011 | Comments Off This is pretty cool. I gave a talk last week at the Glue Conference in Denver about how ambient clouds ( http://cloud.trendmicro.com/good-clouds-evil-clouds-why-microsoft-has… )work and even used Skype as an example of a massive-scale ambient cloud. This case raises some very important new questions around ambient clouds. For instance, if you create an ambient cloud, one that you control using your own protocol, but where you have no control over when an endpoint may join it, what are the legal implications if someone else uses your protocol? In an open source world, slapping a lawsuit on... Open Source Clouds Become Enterprise-Grade: Citrix and OpenStack
Posted by Dave Asprey in Citrix, Cloud, Cloud-based Security, cloudbursting, Deep Security, hybrid-cloud, IaaS, PaaS, private cloud, public cloud, SaaS, Securing the Cloud, Security, Smart Protection Network, Virtualization, VMware May 25th, 2011 | Comments Off Today at Synergy, Citrix announced “Project Olympus,” effectively making open source clouds a more viable option for enterprises. In the past, it was cloud providers like Rackspace who tended to focus on open source cloud infrastructure, while enterprises tended to make more conservative choices where support contracts were available. The new support from Citrix, along with about 60 other supporting commercial hardware and software vendors, should go a long way towards helping enterprises see OpenStack as an enterprise-grade choice of cloud infrastructure. Enterprises can now get a Citrix-certified...
Subscribe
