I’ve talked to several organizations (commercial and federal governments) that have banned the use of all USB flash drives as part of a data loss prevention (DLP) strategy. This may indeed be necessary and provides immediate protection of data loss. However, its a blunt, coarse control that really doesn’t solve the underlying problem. Such drastic [...]
Entries Tagged as 'Next-generation Security Infrastructure'
Security Thought for Thursday: With DLP, Don’t Just Treat the Symptoms, Address the Cause
September 24th, 2009 · 4 Comments
Tags: Information Security · Next-generation Security Infrastructure
Security Thought for Thursday: The Proxy Purists Were Right
September 16th, 2009 · 4 Comments
A proxy-based model for externalizing and enforcing security policy is the right approach and becoming more, not less, relevant.
To be clear, I’m not just talking about network traffic proxies. I mean everywhere up and down the IT stack. For example, when web users talked to web applications, we use load controllers, web access management gateways [...]
Tags: Next-generation Security Infrastructure · Virtualization Security
We Have a Quorum: Blacklists Aren’t Cutting it.
September 14th, 2009 · 7 Comments
Symantec recently announced the latest release of its consumer protection technology which includes a new malware technology code-named “Quorum”. Essentially the technology uses visibility (or lack thereof) of behavior of executable code across a community to aid in the determination if a given piece of code is “good” or “bad”. We are working on our [...]
Tags: Beyond Anti-Virus · Endpoint Protection Platform · Next-generation Security Infrastructure
VMware, SpringSource and Security
September 11th, 2009 · No Comments
In a previous post, I discussed VMware’s differentiated message of choice in Cloud-computing infrastructure. That post talked primarily about enabling infrastructure as a Service (IaaS) providers (using the same technology VMware delivers for enterprises) to build and deliver flexible infrastructure services with scalable networking, storage and compute underneath.
But what about the ability to support newly [...]
Tags: Cloud · Next-generation Security Infrastructure
Moore’s Law Enables Virtualized Security
August 28th, 2009 · No Comments
As security controls are virtualized (e.g. firewalls, IPS, web application firewalls and so on), one of the more significant concerns is performance and throughput.
I remember a demonstration about a year ago where an IPS running in a VM virtual appliance easily consumed 2 out of 8 cores in a multicore system. A 25% overhead for [...]
Tags: Next-generation Data Center · Next-generation Security Infrastructure · Virtualization Security
Security No-Brainer #9: Application Vulnerability Scanners Should Communicate with Application Firewalls
August 19th, 2009 · 25 Comments
If a web application security testing tool tells me I have a vulnerability in an application, what do I do? “Fix it” is the right answer, but not always so easy if my development organization is backlogged or, worse, I don’t have access to the source code. Another answer is to shield the application from [...]
Tags: Application Security · Next-generation Security Infrastructure
Security Thought for Tuesday: DRM and DLP are not Separate Problems
August 18th, 2009 · 8 Comments
Digital Rights Management (DRM – alternatively Information Rights Management [IRM]) and Data Loss Prevention (DLP) are typically thought of as separate problems with different vendors and solutions targeting each. The market may have evolved this way, but that’s not the way it has to be.
The need to place and enforce DRM policies on information (e.g. [...]
Tags: Information Security · Next-generation Security Infrastructure
Security Thought for Thursday: It Shouldn’t Matter Where Your Data Is
July 23rd, 2009 · 5 Comments
When data is encrypted, the location of the data doesn’t matter (including in the Cloud). The location and management of the decryption keys is what matters.
Tags: Next-generation Security Infrastructure
Don’t let VMware Become Internet Explorer
June 29th, 2009 · 2 Comments
Piqued your interest? Bear with me. In a previous post, I promised to revisit the issue of “Fast-path” and “Slow-path” in the VMware vSphere platform.
With vShpere, VMware has released the first commercial implementation of its VMsafe set of APIs. As I have discussed, VMsafe is cool, but not a panacea. VMsafe provides developers two alternatives [...]
Tags: Next-generation Security Infrastructure · Virtualization Security
Security No-Brainer #6: Encryption Needs to be Extended to All PCs and Servers
June 24th, 2009 · 2 Comments
Most of us know by now that encryption of mobile laptops should be considered mandatory. However, encryption of the direct attached storage used in fixed desktops and servers hasn’t been a priority because of their relative lack of mobility.
However, this overlooks the significant issue of data leakage when devices are retired. This point was [...]
Tags: Information Security · Next-generation Security Infrastructure