Posted by
Mark Nunnikhoven in
Cloud
Mar 20th, 2013 |
No Comments
So far in this series, Justin and I have provided tips for securing the foundations of your AWS deployment. Taken together, these tips work to reduce the overall attack surface—the area exposed to the outside world—of your application. Now it’s time to add the next layer of controls to you application, starting with a host-based intrusion prevention system or IPS.
Why IPS?
At this point we’ve already disabled unused services on our instances and have blocked any unnecessary inbound ports using our firewalls. This is a fantastic start but it really only reduces the area we present...
Posted by
Mark Nunnikhoven in
Cloud
Mar 6th, 2013 |
No Comments
Last week, Justin covered some of the high level issues around AMI development. This week, we’re going to take a look at how to protect the guest operating system running on your EC2 and VPC instances.
AWS Recommendations
AWS had published quite a few papers around their services. AWS Security Best Practices [PDF] and AWS Risk and Compliance [PDF] stand out as excellent security resources. In the best practices paper, under the section “Secure your Application” (pg. 4), they make a few recommendations which boil down to:
patch ASAP
use recommended secure settings for operating...
Posted by
Dave Asprey in
Cloud-based Security
Jan 7th, 2013 |
1 Comment
On a whirlwind tour of Asia, I spoke at several virtual and in-person conferences, including Cloudsec2012. I met with dozens of IT executives responsible for security for cloud infrastructures in Japan and Singapore as well as many other countries in the region. The tour gave me the opportunity to really dig in on cloud security in that area, enough so that I wrote a new report titled The State of Cloud Computing Security in Asia.
This report goes into detail on how the development of cloud computing is impacting the Asia-Pacific region. Specifically, we compare Japan, Australia, Singapore, Malaysia,...
Posted by
Erica Benton in
Cloud, Security
Sep 19th, 2012 |
No Comments
Upcoming Change to the Cloud Security Blog – the new Trend Micro consolidated Blog site
Starting today, Trend Micro is launching the Blog@ Trend Micro site, which will showcase the Cloud Security Blog, alongside all the other great content produced by the other teams here at Trend Micro. Each of the blogs will be a “conversation” under the main Trend Micro blog, making it easier for readers to access and participate in discussions across a range of topics.
Our dear readers can still count on receiving the same top-quality news, information, and commentary on the latest in cloud security...
Posted by
Christine Drake in
Cloud, Cloud-based Security, SaaS, Security, Smart Protection Network, Threats
Jan 19th, 2012 |
7 Comments
When people talk about cloud security it can mean either 1) security for the cloud—security that protects your cloud initiatives, like protection for virtual machines or data stored in the cloud; or 2) security from the cloud such as Security as a Service that uses the cloud to deliver some aspect of protection, like hosted email or web security. Here, I’d like to focus on security from the cloud that’s delivered in a hybrid model—a cloud-client architecture.
Using the cloud for security can deliver faster threat protection and better security. Traditional security has relied on signature...
Posted by
Christine Drake in
Cloud, Cloud-based Security, Consumerization of IT, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Threats, Threats from the Cloud, VMware
Oct 7th, 2011 |
1 Comment
Traditionally businesses have focused their IT security on perimeter defense—blocking threats before they enter the network. This protection is still important. But with today’s cloud computing, mobile devices, and advanced persistent threats (APTs), businesses need security that protects their data wherever it travels and in whatever type of device it resides, requiring new data-centric security.
Earlier this week, Trend Micro held its annual insight event for the analyst community and announced our new vision on data-centric security (see video clips of the event here and here). Back...
Posted by
Dave Asprey in
Cloud, Cloud-based Security, Securing the Cloud, Security
Jul 28th, 2011 |
3 Comments
The application-layer DDoS threat actually amplifies the risk to data center operators. That’s because IPS devices and firewalls become more vulnerable to the increased state demands of this emerging attack vector – making the devices themselves more susceptible to the attacks. Moreover, there is a distinct gap in the ability of existing edge-based solutions to leverage the cloud’s growing DDoS mitigation capacity, the service provider’s DDoS infrastructure or the dedicated DDoS mitigation capacity deployed upstream of the victim’s infrastructure.
Current solutions do not take advantage...
Posted by
Patrick Wheeler in
Cloud, Cloud-based Security, Consumerization of IT, hybrid-cloud, Privacy, Compliance and Identity, private cloud, public cloud, SaaS, Securing the Cloud, Security, Threats, Virtualization
Jun 20th, 2011 |
2 Comments
For all its hype iCloud does not represent a fundamentally new problem. Employees are already bringing personal devices to work and wanting to use them in their jobs, and these unmanaged devices are mixing personal and corporate data on a system that is outside the control of the security and IT teams. There are already many apps and cloud-based services for sharing data between users and between devices (such as Dropbox), and these services are giving security pros fits. What is new is that iCloud will make these things happen automatically, and potentially without the intent or even awareness...
Posted by
Dave Asprey in
Cloud, Cloud-based Security, Cyber crime, Deep Security, hybrid-cloud, IaaS, Malware, Privacy, Compliance and Identity, private cloud, public cloud, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Threats from the Cloud, Virtualization
Jun 5th, 2011 |
1 Comment
For the last few months, we’ve been conducting a cloud, virtualization, and VDI security survey of 1200 IT professionals from larger companies in 6 countries around the world. Not only did I get to help shape the questions on the survey, I’ve also been on the team interpreting the results.
We’ve learned more than a few things we actually were not expecting to learn. Here is a collection of the most interesting top findings about the state of cloud and virtualization security. I’ll be blogging about some of them in more detail over the next few weeks, but in the meantime, here is the big...
Posted by
Dave Asprey in
Cloud, Cloud-based Security, Cyber crime, DataCenter, Deep Security, hybrid-cloud, IaaS, private cloud, public cloud, SaaS, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Threats from the Cloud
Jun 2nd, 2011 |
Comments Off
This is pretty cool. I gave a talk last week at the Glue Conference in Denver about how ambient clouds ( http://cloud.trendmicro.com/good-clouds-evil-clouds-why-microsoft-has… )work and even used Skype as an example of a massive-scale ambient cloud.
This case raises some very important new questions around ambient clouds. For instance, if you create an ambient cloud, one that you control using your own protocol, but where you have no control over when an endpoint may join it, what are the legal implications if someone else uses your protocol?
In an open source world, slapping a lawsuit on...
