Security Management

Partnership to Eliminate Passwords in the Cloud

Tue, 06 Oct 2009 13:15:00 EDT

Through this partnership, Astadia will help its clients resolve SaaS Single Sign-On and other Internet Identity Security related issues. “Improving cloud application performance and value requires administrators to address process, directory, technology, and security issues,” said Mike Lingo, Chief Technology Officer and Senior Vice President of Astadia. “Ping Identity’s SSO solutions for SaaS will help our clients improve user adoption, reduce administrative costs and accelerate longer term SaaS strategies.”

IBM Announces New Managed Video Communications Solution

Wed, 30 Sep 2009 16:00:00 EDT

Telepresence centers feature high-definition visual communications tools that range from personal units to life-size screens that sprawl the length of the room, with duplex and directional sound. The technology allows clients to hold virtual meetings with multiple locations at one time and provide them with both the security and freedom to organize meetings with external parties outside of the corporate firewall. IBM will provide telecommunications for this service by leveraging its partnerships with telecommunications providers worldwide, and technology for this service using Cisco's TelePresence technology.

What Yahoo Exiting Hosting and SMB / SaaS Means to Hosters

Tue, 22 Sep 2009 19:30:00 EDT

Tier1's Phil Shih get's it right (as usual): "...Yahoo is also set to unload Zimbra, which Yahoo has had little success leveraging across its small business customer base, although it continues to grow. T1R does not agree that Zimbra had (or has) no hope within Yahoo because it is a solely enterprise-focused product, as some of the media commentary suggests. While Zimbra could be a bit up-market for the Yahoo Small Business base, there is no reason why the product could not have been tailored for the small business market. Or Yahoo could have at least leveraged some of Zimbra's technology and created a premium mid-market email product...".

Twenty-Six Short Topics About Security - Authentication

Sun, 13 Sep 2009 09:05:00 EDT

I decided to build upon (or steal, however you see it) the idea with ‘26 Short Topics about Security.’ Yes, I’m a Simpsons fan (22 Short Films About Springfield) and got some inspiration. This blog series is actually an altered version of a presentation I did a few months back that I always thought of turning into a blog series. The idea is that there is so much going on with Security in so many different places that I figured it might be good to cover 26 of those over the next few weeks. Not too technically heavy or all encompassing but definitely areas of concern for IT. So, then – let’s get on with it!

Avoid Pitfalls by Baking Security into Virtualization Deployments

Tue, 01 Sep 2009 07:30:00 EDT

At last week’s SAN’s virtualization security summit some 120 security managers, newly tasked with protecting their expanding virtualization environments, were eager to learn how to establish control and achieve compliance. Whether the representatives came from the DOD and civilian agencies or large scale commercial enterprises all agreed that growth of virtualization adoption is already happening. The cost savings in data center footprint and power consumption alone are simply too great to pass up especially given today’s economic climate. One challenge with virtual machine (VM) proliferation, however, is that implementation standard practice does not include the provisioning of security as a compulsory step. This leaves the VM environment largely vulnerable to the same kinds of threats that physical networks are equipped to guard against. One director confided that his organization thought they had 50 virtual machines (VMs) when in fact the audit revealed a total of 250. This means that mission critical traffic is potentially flowing among 250 VMs without any kind of inspection for policy compliance or for malicious code like viruses and worms. How can this be the case? Because traditional network security devices like firewalls and intrusion detection scanners (IDS) are blind to traffic between VMs. This is why Altor created a purpose built solution for ensuring that the flow of mission critical traffic within virtualized environments is secure. The Altor VF virtual firewall with on-board IDS also supports vMotion and vCenter integration so that the implementation of VM security does not detract from ease of administration. Amir Ben-Efraim, CEO of Altor Networks and expert speaker at the SANS summit, spoke about how pitfalls could be avoided by baking security into virtualization deployments. Provisioning security into the solution can also allow for more optimal virtualization ROI. Agreeing with this, Ryan Trost, security director of Comprehensive Health Services (CHS), shared his experiences with large-scale, mission critical virtualization deployment. CHS uses the Altor VF in a mission-critical production environment to ensure compliance and confidence in intra-VM traffic flow. While compliance is certainly a big pain point for virtualization administrators, the concern of putting a solution in place is shared by security administrators, IT operations, information security, as well as auditors and compliance officers. All are stakeholders in enabling mission critical traffic flow on VMs. For more information please visit www.altornetworks.com

Security Cloud Assumptions

Fri, 17 Jul 2009 11:00:00 EDT

After pushing my latest post, Securing the Cloud: Shared Hardware and the Data Plane, Hoff posted a series of excellent questions and responses to the post via Twitter. I thought responding via another blog post, so that his questions could be addressed alongside my last post, was the way to go. I’ve trimmed some of [...]

Enabling Desktop Virtualization in High-Risk Environments

Tue, 25 Nov 2008 10:00:00 EST

Server virtualization has moved well beyond the arena of early adopters and is an accepted solution to many of the challenges faced by IT organizations. However, desktop virtualization has not made the same inroads. Certainly, there have been some key uses for desktop virtualization, such as development and test, but there has not been broad penetration into the non-technical desktop market.

Virtualization Security - Part 2

Fri, 07 Nov 2008 13:38:00 EST

Server virtualization will become a dominant factor in the next three to five years in an effort to reduce operating costs and simplify business. One highly popular trend is using virtualization for data center consolidation. Companies are consolidating everything from Web servers to the servers that run CRM applications, all in an effort to streamline operations and create efficiency across-the-board.

I/O Virtualization: Scalability and Performance

Thu, 06 Nov 2008 06:15:00 EST

There are pitfalls in using software-based network interface cards and host bus adaptors. They don't scale well in I/O-centric loads running on scaled-out architectures. The CEO of a leading virtualization companies said, 'Software virtualization addresses 80% of the market and it leaves 20% for hardware-based I/O virtualization.'

KCG and Catbird Offer Virtualization Security Assessment

Thu, 18 Sep 2008 10:47:00 EDT

Knowledge Consulting Group (KCG) announced a partnership with Catbird to provide the Virtual Infrastructure Security Assessment (VSA). Further expanding Catbird’s network of veteran security partners, KCG will deliver the Catbird VSA to help IT administrators identify and close potential gaps in security and compliance created in the move from “P to V”. KCG will provide the VSA to customers in the Department of Defense, Civilian Agencies, and the Department of Homeland Security.

Optimizing Virtualization Success in a Time of Virtual Sprawl

Thu, 11 Sep 2008 17:00:00 EDT

"Go forth and multiply" has a new interpretation in the IT world: "Go forth and virtualize." It is no surprise that enterprises today are adopting virtualization technologies in droves, not only because of the cost reduction and efficiency it delivers, but for the flexibility the technology delivers as well.

Security for Virtualization and Cloud Computing

Tue, 02 Sep 2008 13:45:00 EDT

Shavlik Technologies announced the availability of Shavlik NetChk Protect 6.5. Shavlik NetChk Protect 6.5 is a virtual machine management solution that provides continuous patch assessment and remediation of your complete virtual world, including Offline Virtual Images.

Stonesoft Virtual Appliances Suited for Virtualization Environments

Tue, 26 Aug 2008 11:45:00 EDT

As organizations chart out their virtual architectures, security still remains an afterthought, putting these networks at unprecedented risk. Stonesoft is an innovative provider of integrated network security and resilient connectivity solutions that are architected to work within a virtual environment. Unlike many of its competitor’s products, the software-based architecture of StoneGate Firewall/VPN can be deployed between virtual machines to monitor the traffic moving back and forth, providing security within the virtual environment.

Stonesoft to Support VMware VMsafe Virtualization Technology

Tue, 26 Aug 2008 11:38:00 EDT

Stonesoft announced that it plans to support VMware VMsafe technology. By using VMsafe technology, Stonesoft’s virtual StoneGate appliances can provide an even deeper level of visibility and manageability to ensure the security of virtual environments.

Virtualization - Extending the Role of Systems Management

Fri, 22 Aug 2008 07:18:00 EDT

The discipline of systems management is composed largely of managing the computing endpoint. The 'endpoint' is traditionally a computer that takes the form of an application/process server or an end-user desktop/laptop. This definition doesn't cover all endpoint types or devices but does represent a large enough population size for the purposes of this discussion.

Virtualization - Security Should Not Take a Backseat

Fri, 22 Aug 2008 07:15:00 EDT

There's no question that advances in server virtualization technology are becoming popular among corporations that want to save money by consolidating resources and improving operational efficiency. Virtualization enables a dramatic increase in cost savings in ongoing maintenance and the cost required to keep physical assets afloat.

Symantec Redefines Endpoint Virtualization

Tue, 19 Aug 2008 09:15:00 EDT

Symantec announced it is delivering expanded endpoint virtualization solutions to further protect and manage endpoints, whether physical, virtual or hybrid. Symantec provides IT organizations the flexibility needed to deliver applications with a variety of computing models matched to the specific needs of different workers in the company. Symantec is changing the way software is managed, delivered and consumed at the endpoint by separating information from the operating system and applications, thereby improving user productivity while lowering IT cost.

Nixon Peabody Turns to Fortisphere to Help Manage Their Virtualization IT Infrastructure

Mon, 18 Aug 2008 23:15:00 EDT

Fortisphere announced that international law firm Nixon Peabody has selected Fortisphere Virtual Essentials to more efficiently manage its virtual infrastructure. As one of the largest multi-practice law firms in the United States, Nixon Peabody has offices in 18 cities and employs more than 700 attorneys. The law firm will rely on Fortisphere’s policy-based management solutions to help track and control their virtualized infrastructure.

Check Point Extends Security to Protect Virtualization Applications

Mon, 18 Aug 2008 23:00:00 EDT

Check Point announced VPN-1 Virtual Edition (VE), which delivers the same best-of-class security for virtual applications that Fortune 500 companies depend on to secure their corporate networks and data centers. Check Point is a company that provides unified security management for both physical networks and virtual applications.

Cenzic Launches Its Strategic Advisory Board to Guide Virtualization Growth

Mon, 18 Aug 2008 18:45:00 EDT

Cenzic announced the formation of the Cenzic Web Application Security Strategic Advisory Board. Industry notables Lloyd Hession, former chief security officer at British Telecom Radianz, John Mitchell, professor of computer science and electrical engineering at Stanford University, Dr. Sachar Paulus, senior vice president of product security at SAP, Dan Schoenbaum, senior vice president of marketing and corporate development at Tripwire, and Craig Weinstock, partner at White Pine Consulting Group, have signed on to provide strategic and business guidance as company growth accelerates.

Tripwire ConfigCheck Uses VMware Virtualization Infrastructure 3 Security Hardening Guide

Thu, 14 Aug 2008 15:30:00 EDT

Tripwire announced that Tripwire ConfigCheck has integrated VMware’s revised Virtual Infrastructure 3 Security Hardening Guide to assess VMware hypervisors for security and operational weaknesses created due to system misconfiguration. Tripwire ConfigCheck is a free utility that assesses configuration settings for VMware ESX 3.0 and 3.5 hypervisors, determines potential configuration risks, and provides prescriptive remediation advice so that administrators can ensure greater security.

Using Virtualization to Secure Your Users' Desktops

Mon, 11 Aug 2008 16:15:00 EDT

Currently most desktop productivity software including browsers, mail clients, Office suites, IM, and media players make direct connections to the Internet and/or run untrusted content. As a result, these applications, which are core to office productivity, are also the primary vector of infections from Internet-borne malicious software. This session will describe how desktop virtualization can be deployed within an organization to secure users' desktop applications against Internet-based threats and untrusted content.

NeoAccel Pioneers Virtualization Solution for Internet Security

Mon, 11 Aug 2008 15:30:00 EDT

NeoAccel announced the VMware version of its flagship product, SSL VPN-Plus. SSL VPN-Plus Gateway is a 3rd Generation VPN able to replace IPSec and to supersede conventional SSL VPNs which suffer from the TCP-over-TCP meltdown and degraded client-server application performance.

Virtualization News: IdentiPHI Biometric Enterprise Security Software Verified as Citrix Ready

Fri, 08 Aug 2008 18:30:00 EDT

IdentiPHI announced its flagship enterprise security software product, SAFsolution 5, has been verified as Citrix Ready. The Citrix Ready program helps customers identify third-party solutions that add the greatest value in Citrix Application Delivery Infrastructure solutions. SAFsolution 5 completed a verification process to ensure compatibility with virtualization solutions Citrix XenApp and Citrix Password Manager.

Secerno Launches Database Security Solution for Virtualization Environments

Thu, 31 Jul 2008 18:00:00 EDT

Secerno announced the availability of its Secerno.SQL database activity monitoring and blocking solution as a virtualized appliance on the VMware platform. This marks the availability of its appliance-based database protection in a virtualized environment, allowing enterprises the same database protection afforded by hardware yet with the utilization, management and cost benefits of a virtualized application.

SteelEye Introduces Disaster Recovery Protection for Citrix XenServer Virtualization

Thu, 31 Jul 2008 17:00:00 EDT

SteelEye announced the general availability of SteelEye Protection Suite, a comprehensive solution that provides disaster protection of virtual machines running on Citrix XenServer. SteelEye Protection Suite delivers real-time LAN and WAN replication of XenServer virtual machines. It is designed for companies that have migrated critical enterprise applications to XenServer virtual machines and want enhanced protection against data center outages to ensure business continuity.

TRANGO Virtual Processors Announces Secure Virtualization for Operating Systems

Mon, 28 Jul 2008 08:00:00 EDT

TRANGO Virtual Processors announced that it has added support for the uITRON RTOS to the growing list of operating systems.hosted by the TRANGO Hypervisor. TRANGO's secure isolation, robust protection of critical data and services, and the company's steadfast commitment to providing the thinnest, lightest hypervisor in the commercial marketplace makes this a compelling solution for applications such as multifunction printers, medical equipment, cell phones, and set top boxes.

TRANGO Hypervisor Demonstrates Secure Platform Virtualization on TI OMAP3430 Processor

Mon, 28 Jul 2008 08:00:00 EDT

TRANGO Virtual Processors delivers isolation and portability of operating systems and drivers on the TI OMAP 3 platform. The TRANGO Hypervisor offers a broad choice of operating system (OS) and real-time operating system (RTOS) including Linux, Windows Embedded CE, Symbian OS, eCos, uC-OSII, uITRON and other proprietary RTOS, while the OMAP 3 platform, based on ARM Cortex-A8 processor, offers up to 3X performance gain over ARM11 based processors. The combination delivers isolation, flexibility and cost optimization benefits to the design of today's convergent wireless devices.

Reflex Security Launches Reflex Virtual Security Center

Mon, 28 Jul 2008 08:00:00 EDT

Reflex Security announced the availability of Reflex Virtual Security Center (VSC), pioneering a new level of security through heightened visibility and control for virtualized environments. Reflex VSC provides a single authoritative visual interface to secure the virtual data center. Coupled with the award-winning Reflex Virtual Security Appliance (VSA), the VSC brings essential functionality to round out the Reflex virtual security management solution.

Fortisphere to Support VMware VMsafe Virtualization Technology

Wed, 23 Jul 2008 14:45:00 EDT

Fortisphere announced that it plans to support VMware VMsafe technology, expanding the market reach of its Virtual Essentials software suite, which provides customers with greater levels of visibility and control over their VMware virtualized environments. VMware VMsafe technology helps vendors combat the challenges of compliance, management and security in ways previously not possible in physical environments.

NeoAccel Pioneers Virtualization Solution for Internet Security

Wed, 09 Jul 2008 10:00:00 EDT

NeoAccel announced the VMware version of its flagship product, SSL VPN-Plus. SSL VPN-Plus Gateway is the only 3rd Generation VPN able to replace IPSec and to supersede conventional SSL VPNs which suffer from the TCP-over-TCP meltdown and degraded client-server application performance. Potential VPN buyers can download and evaluate a fully functional version of SSL VPN-Plus from the company's website at www.neoaccel.com.

Apani Now Shipping EpiForce VM Security Solution For Protecting Virtualization Environments

Thu, 03 Jul 2008 10:30:00 EDT

Apani announced that EpiForce VM is now shipping. EpiForce VM is a software-based solution that secures corporate networks, containing both physical and virtual servers, from a single platform. EpiForce VM is part of Apani's comprehensive security software product family and leverages the latest platform of the company's flagship product EpiForce 2.5.

Altor Networks' Virtual Network Security Analyzer Certified for VMware Virtualization Platform

Thu, 03 Jul 2008 08:45:00 EDT

Altor Networks announced that its Virtual Network Security Analyzer (VNSA) is now a VMware Certified Virtual Appliance and available through the VMware Virtual Appliance Marketplace. Virtual appliances are pre-built software solutions, composed of one or more virtual machines, which are packaged, maintained, updated and deployed as a unit. Virtual appliances are fundamentally changing how software is developed, distributed, and managed, providing greater simplicity and accelerated time to value.

Embotics Unveils V-Commander 2.0 to Simplify Virtualization Management

Wed, 02 Jul 2008 14:45:00 EDT

Embotics launched V-Commander 2.0. Embotics' V-Commander 2.0 reduces risks and costs by preventing virtual sprawl, automating lifecycle management and extending management systems for enterprise CIOs, CSOs, IT operations staff and security professionals. The technology gives the industry a simple tool to prevent sprawl, gain control of their virtual infrastructure and increase efficiency.

Veeam Software Acquires nworks

Tue, 01 Jul 2008 13:00:00 EDT

Veeam announced its acquisition of privately held nworks, an innovative creator of enterprise management connectors bridging the gap between VMware virtual infrastructure and enterprise systems management tools from Hewlett-Packard and Microsoft. The nworks worldwide customer base consists of Fortune 500 and Global 1000 companies. nworks is a VMware Technology Alliance Premier Partner, a Gold HP Business Partner, and a Microsoft Business Partner.

RSA Announces New Knowledge-Based Authentication Tool

Mon, 30 Jun 2008 12:30:00 EDT

RSA, The Security Division of EMC, announced the latest release of its RSA Identity Verification knowledge-based authentication system - a system that has previously been successfully used by companies to reduce costs and to improve security and customer satisfaction. RSA's knowledge-based authentication (KBA) solution is designed to instantly verify customers' identities and to provide organizations with a higher level of confidence, while simultaneously reducing the risk of fraud associated with handling critical customer information.

Fortinet Granted New Patents for Virtualization and Multi-Threat Security

Thu, 19 Jun 2008 14:30:00 EDT

Fortinet announced that the United States Patent and Trademark Office has awarded the company four additional patents for network virtualization and security related inventions. These new patents strengthen Fortinet's growing intellectual property portfolio, bringing Fortinet's total awarded patents to 17.

Catbird Offers Virtualization Security Assessment

Wed, 04 Jun 2008 08:15:00 EDT

Catbird announced a Virtual Infrastructure Security Assessment (VSA). Catbird's VSA helps IT administrators identify and close the potential gaps in security and compliance created in the move from 'P to V'. The 30-day assessment includes a thorough security analysis, detailed reports with actionable intelligence and a comprehensive plan to mitigate risk and protect critical virtual systems, networks, desktops and processes.

VMware Virtualization Infrastructure Earns Security Certification for Government Standards

Wed, 04 Jun 2008 08:15:00 EDT

VMware announced that VMware Infrastructure 3, VMware ESX Server 3.0.2 and VMware VirtualCenter 2.0.2 have earned Common Criteria Evaluation Assurance Level 4 (EAL4+) certification under the Communications Security Establishment Canada (CSEC) Common Criteria Evaluation and Certification Scheme (CCS), following an extensive analysis and testing process. The EAL4+ rating is the highest assurance level that is recognized by all signatories under the Common Criteria Certificates (CCRA).

Double-Take Software Seminar Addresses Importance of Application Protection and Virtualization

Mon, 02 Jun 2008 16:30:00 EDT

Double-Take Software will host the next stop of its Latin America-area disaster recovery seminar on June 11, 2008, in Santiago, Chile. The educational series focuses on the importance of protecting business critical data and applications, and ensuring the highest levels of recoverability for organizations by implementing Double-Take Software solutions and services.