Dave Asprey in
Cloud, Cloud-based Security, Cyber crime, Deep Security, hybrid-cloud, IaaS, Malware, Privacy, Compliance and Identity, private cloud, public cloud, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Threats from the Cloud, Virtualization
Jun 5th, 2011 |
For the last few months, we’ve been conducting a cloud, virtualization, and VDI security survey of 1200 IT professionals from larger companies in 6 countries around the world. Not only did I get to help shape the questions on the survey, I’ve also been on the team interpreting the results.
We’ve learned more than a few things we actually were not expecting to learn. Here is a collection of the most interesting top findings about the state of cloud and virtualization security. I’ll be blogging about some of them in more detail over the next few weeks, but in the meantime, here is the big...
Dave Asprey in
Cloud, Cloud-based Security, Cyber crime, DataCenter, Deep Security, hybrid-cloud, IaaS, private cloud, public cloud, SaaS, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Threats from the Cloud
Jun 2nd, 2011 |
This is pretty cool. I gave a talk last week at the Glue Conference in Denver about how ambient clouds ( http://cloud.trendmicro.com/good-clouds-evil-clouds-why-microsoft-has… )work and even used Skype as an example of a massive-scale ambient cloud.
This case raises some very important new questions around ambient clouds. For instance, if you create an ambient cloud, one that you control using your own protocol, but where you have no control over when an endpoint may join it, what are the legal implications if someone else uses your protocol?
In an open source world, slapping a lawsuit on...
Rik Ferguson in
Cloud, Cloud-based Security, Cyber crime, Malware, Securing the Cloud, Security, Smart Protection Network, Threats, Threats from the Cloud
May 31st, 2011 |
With the launch announcements of various Google Chrome netbooks, the focus of the press and security companies alike is beginning to take a closer look at the security promises made and also at some of the more ’media friendly‘ statements such as, “…users don’t have to deal with viruses, malware and security updates”.
Let’s have a look at some of the security features of Chrome OS:
1 – Get out of my playpen. Each process runs in its own sandbox. Effectively this means that if an application is malicious or compromised, it is unable to interact with or otherwise affect...
Greg Boyle in
Cloud, Cloud-based Security, Cyber crime, Malware, public cloud, SaaS, Securing the Cloud, Security, Threats, Virtualization
May 23rd, 2011 |
I recently had an interesting chat with the operator of our snack vending machine while making a coffee in the kitchen. She was restocking our machine and had her iPad sitting on the table. In their 2 person company they now have 2 iPads and a PC. They do their inventory control and tracking while onsite at customer premises via the iPad. Then they sync it with their PC and, using an online storage solution they transfer it to the cloud; this then syncs with their online accounting package. Her reason was very, very simple: she wants to reduce the amount of time they spend on bookkeeping and back-office...
Dave Rand in
Cloud, Cloud-based Security, Cyber crime, IPv6, Malware, Privacy, Compliance and Identity, public cloud, SaaS, Securing the Cloud, Security, Smart Protection Network
May 4th, 2011 |
Part 1 of 2 parts
IPv6 will change how we use the internet, again. To the typical user, there is no difference; web sites work the same. But email is a different story.
When using IPv6, addresses are allocated in a different manner. Most end-users today get one IP address, which is shared between multiple machines using a Network Address Translation (NAT) router. In IPv6, each user gets an address block – a /64 – of address space. This is great news, because end-to-end application on the Internet will work much better, and there will be no NAT in the way.
A /64 is a huge amount of space –...
Dave Asprey in
Cloud, Cloud-based Security, Cyber crime, IaaS, PaaS, public cloud, SaaS, Securing the Cloud, Security, Smart Protection Network, Threats, Threats from the Cloud, Virtualization
Apr 7th, 2011 |
For years now, if you knew where to shop on the shady side of the Internet cloud, you could pick up a botnet for cheap. But it was so much work to log in to IRC and pay with egold that a busy cybercriminal just couldn’t be bothered.
That’s not a problem anymore, thanks to Robopak. Applying the latest cloud provisioning and marketing analytics technologies, they’ve created an entirely new type of cloud service, Exploits as a Service, or EaaS. Robopak’s EaaS lets you pay as little as $30 per day to access Java, PDF, and IE exploits and roll them out to build your cybercrime...
Dave Asprey in
Cloud-based Security, Cyber crime, Malware, Security, Threats, Threats from the Cloud, Uncategorized
Dec 14th, 2010 |
(Ed. note: While the following does not strictly deal with “cloud security,” we thought it was of such a degree of importance to post it here.)
Today’s disclosure by Google and Microsoft that they were tricked into serving malware highlights an inherent conflict of interest between advertising-based businesses and the security needs of their customers. Ad networks like Google and MSN get paid when they sell ads, so they naturally focus on being the best at selling ads. Because these ad networks don’t get paid to keep people’s computers secure, they spend just enough on security...
Dave Asprey in
Cloud-based Security, Secure Data Centers, Securing the Cloud, Threats from the Cloud
Sep 15th, 2010 |
Adobe has issued a security advisory APSA 10-03 describing a new critical vulnerability in its products. This time, the primary target is Flash Player with multiple platforms—Windows, Mac, Linux, Solaris, and Android—all affected and is currently being exploited in the wild. Current versions of Acrobat and Reader—the target of last week’s vulnerability—are also affected by the said exploit although Adobe states that in-the-wild attacks against these have not yet been seen.
Trend Micro detects malicious ShockWave Flash (.SWF) files exploiting this vulnerability as TROJ_SWIF.HEL. This functions...
Privacy, Compliance and Identity, Securing the Cloud, Virtualization
Nov 9th, 2009 |
Are you still a skeptic about cloud computing?
Do you remember when you refused to bank online because it couldn’t be safe? I do. In fact, I even remember working with one of the leading banks in Canada when the CIO declared that no employees should have access to the Internet—for any business reason, ever. He did not last long in his job.
Over the past 15 years our reliance on the Internet has steadily increased, encouraged by advancements in technology (including security), a culture of instant gratification and an obsession with efficiency. After a year of media frenzy, some of us are still...
Rik Ferguson in
Securing the Cloud, Virtualization
Sep 17th, 2009 |
When your servers are in the cloud, then your own perimeter provides no protection, the security is often “lowest common denominator security” which undermines both confidence and compliance. Co-location of virtual instances and data with that of strangers, competitors and possibly even malicious actors (we have already seen criminal activity being hosted in Amazon’s EC2 cloud for example) brings a host of new challenges. How do you maintain confidence that a dormant virtual machine is free of infection? How do you manage traffic between virtual machines from a security standpoint? How can...