http://www.altornetworks.com/news-events/weblog/ VirtSec: Blogging-In-Depth from Altor Networks en http://static.altornetworks.com/img/altor_rss_14.png http://www.altornetworks.com/news-events/weblog/ Wed, 08 Sep 2010 06:01:01 -0700 14 May 2010 By Johnnie Konstantas -- A lot of the technology news for the week is coming out of EMCWorld, where chief executive Joe Tucci is heralding that the age of virtualization and cloud adoption is here. Now given that EMC owns VMware, the virtualization platform market leader, the comments may seem expected – but data from analyst firms and demand side surveys all point to the very same conclusion – tens of thousands of private clouds based on virtualization will be deployed imminently. http://altornetworks.com/news-events/weblog/item.php?five-bookmarks-we-like-for-cloud-security http://altornetworks.com/news-events/weblog/item.php?five-bookmarks-we-like-for-cloud-security Fri, 14 May 2010 11:23:00 -0700 16 Apr 2010 By Johnnie Konstantas -- If you’re reading this it’s likely that my mother sent you the link or you are seriously considering a private cloud deployment. Working off the latter, you are understandably worried because Google Alerts is filling your daily inbox with reasons to delay the implementation but operational efficiency trumps punditry so you are putting hand to throat and moving forward nonetheless. This needn’t be the equivalent of Russian roulette with your job. Although standards and reference architectures for cloud computing and security are still evolving, you have a couple of facts in your favor. http://altornetworks.com/news-events/weblog/item.php?jk-april-clouds-5-tips http://altornetworks.com/news-events/weblog/item.php?jk-april-clouds-5-tips Fri, 16 Apr 2010 03:39:00 -0700 30 Mar 2010 By Johnnie Konstantas -- This is the core message of a recent Gartner report which outlines the security risks associated with virtualizing critical workloads and what can be done to mitigate exposure. This research is an update to a report that was first introduced in 2007 and now has expanded to include thousands of client discussions that Gartner has conducted since then. The key findings and recommendations of the report are particularly apt and timely, as virtualization nears as the de facto platform for green data centers and private clouds. http://altornetworks.com/news-events/weblog/item.php?jk-not-securing-is-madness-any-time http://altornetworks.com/news-events/weblog/item.php?jk-not-securing-is-madness-any-time Tue, 30 Mar 2010 03:42:00 -0700 5 Mar 2010 By Johnnie Konstantas -- I have to admit, I arrived at the Moscone center braced for yet another RSA conference. The registration regimen reminded me that I’ve been attending since, yikes, ’99! Long enough to remember many of the themes, the salad days of lavish parties and the more austere times of tchotchke-free booths. Now here is the part where I will tell you how surprised I was. http://altornetworks.com/news-events/weblog/item.php?rsa2010-red-carpet-and-backstage-report http://altornetworks.com/news-events/weblog/item.php?rsa2010-red-carpet-and-backstage-report Fri, 05 Mar 2010 12:51:00 -0800 18 Feb 2010 By Johnnie Konstantas -- Maybe it’s the time of year or maybe it’s simply that the time is right in the virtualization adoption curve but virtualization security concerns are spurring partnership among some of the industry’s biggest names. Cisco, NetApp, and VMware have recently come together to propose an architecture for the safe deployment of virtualized applications and cloud computing environments. http://altornetworks.com/news-events/weblog/item.php?love-in-the-air-for-virt-sec http://altornetworks.com/news-events/weblog/item.php?love-in-the-air-for-virt-sec Thu, 18 Feb 2010 02:18:00 -0800 29 Jan 2010 By Johnnie Konstantas -- Microsoft has been making headlines lately advocating for data privacy and protection in cloud computing with the US Congress. Their efforts, coupled with the recent breaches seen at Amazon’s EC2 and Google China, highlight the enormity of the risks associated with taking data to the cloud. http://altornetworks.com/news-events/weblog/item.php?legislate-cloud-security-now http://altornetworks.com/news-events/weblog/item.php?legislate-cloud-security-now Fri, 29 Jan 2010 10:01:00 -0800 9 Jan 2010 By Johnnie Konstantas -- Consider the Christmas Terror Scare — the best technology and people (at least in theory) were in place, there’s an awareness of an imminent threat, there were signs to provide an idea about the timing of an attack, yet an incident still takes place and a terrorist with a bomb in his underwear makes it on to a plane destined for the US. Fortunately, the security breach didn’t lead to disaster. http://altornetworks.com/news-events/weblog/item.php?what-can-terror-scare-teach-us http://altornetworks.com/news-events/weblog/item.php?what-can-terror-scare-teach-us Sat, 09 Jan 2010 03:04:00 -0800 11 Dec 2009 By Johnnie Konstantas -- Recently it was discovered that the Zeus botnet was running an unauthorized command and control center on a public cloud computing infrastructure, marking the first time the cloud has been used for this type of illegal activity. It appears that hackers exploited a web server VM, using it as a botnet control point. http://altornetworks.com/news-events/weblog/item.php?blog-public-cloud-gets-hacked http://altornetworks.com/news-events/weblog/item.php?blog-public-cloud-gets-hacked Fri, 11 Dec 2009 04:05:00 -0800 23 Nov 2009 By Johnnie Konstantas -- It is not surprising that operational efficiency is a top priority in organizations today. Many teams and budgets have been pared back dramatically, leaving virtualization as one of the few remaining opportunities to get even leaner. Taking servers to a virtual platform not only cuts data center operating expenses, it eases the infrastructure management burden. http://altornetworks.com/news-events/weblog/item.php?blog-cloud-virtual-security http://altornetworks.com/news-events/weblog/item.php?blog-cloud-virtual-security Mon, 23 Nov 2009 12:00:00 -0800 31 Aug 2009 By Catherine Edwards -- At last week’s SAN’s virtualization security summit some 120 security managers, newly tasked with protecting their expanding virtualization environments, were eager to learn how to establish control and achieve compliance. Whether the representatives came from the DOD and civilian agencies or large scale commercial enterprises all agreed that growth of virtualization adoption is already happening. http://altornetworks.com/news-events/weblog/item.php?insights-SANS-virtsec-summit http://altornetworks.com/news-events/weblog/item.php?insights-SANS-virtsec-summit Mon, 31 Aug 2009 10:33:00 -0700 20 Aug 2009 By Grant Asplund -- Trying to determine which IT group should own the virtual cloud infrastructure within an organization is challenging today. If Abbott and Costello were alive today and performing their infamous routine "Who's On First?" it could easily be updated and be called "Who Owns the Cloud?" as IT managers consider the best way to lead the new initiatives of Cloud Infrastructure. http://altornetworks.com/news-events/weblog/item.php?asplund-who-owns-the-cloud http://altornetworks.com/news-events/weblog/item.php?asplund-who-owns-the-cloud Thu, 20 Aug 2009 12:00:00 -0700 10 Aug 2009 By Kevin Piper -- Organizations are deploying virtualization technologies because of the clear cost savings and operational efficiency gains. However, there are security risks when you virtualize. Traditional security options aren't well suited to eliminate these risks regardless of whether they have been implemented to protect payment card systems or not. http://altornetworks.com/news-events/weblog/item.php?piper-pci-in-virt-environment http://altornetworks.com/news-events/weblog/item.php?piper-pci-in-virt-environment Mon, 10 Aug 2009 12:00:00 -0700 20 Jul 2009 By Kevin Piper -- Implementing security is not a perfect science. There will always be a struggle between the ultra-secure, practically unusable solution and the barely-secure, user-friendly solution. Given unlimited resources and a great deal of leeway to infringe on peoples rights or business practices, you could create a security solution with little to no 'gap'. In reality though, we end up trying to balance security and usability and do the best we can to fill as many gaps as possible. http://altornetworks.com/news-events/weblog/item.php?piper-security-without-gaps http://altornetworks.com/news-events/weblog/item.php?piper-security-without-gaps Mon, 20 Jul 2009 02:26:00 -0700 7 Jul 2009 By Todd Ignasiak -- This week we launched the next generation of our virtual security platform, Altor VF 3.0. This is a particularly exciting release for us, because it represents a big leap forward in virtualization security. http://altornetworks.com/news-events/weblog/item.php?blog-announcing-vf3 http://altornetworks.com/news-events/weblog/item.php?blog-announcing-vf3 Wed, 08 Jul 2009 02:57:00 -0700 22 Jun 2009 By Poornima DeBolle -- Security requirements of enterprises are varied, and contrary to the one-stop-shop movement, enterprises still buy security products from multiple vendors. While some enterprises do it as a part of an IT plan, most companies end-up with disparate products due to niche needs, acquisitions, etc. http://altornetworks.com/news-events/weblog/item.php?poornima-3rd-party-integration http://altornetworks.com/news-events/weblog/item.php?poornima-3rd-party-integration Mon, 22 Jun 2009 12:00:00 -0700 8 Jun 2009 By Todd Ignasiak -- VMware's new vSphere release adds the powerful new VMsafe security APIs to their virtual data center platform. In this blog post, I'll take a little deeper look at VMsafe's structure and the capabilities it gives us. http://altornetworks.com/news-events/weblog/item.php?todd-vmsafe-paths-defined http://altornetworks.com/news-events/weblog/item.php?todd-vmsafe-paths-defined Mon, 08 Jun 2009 02:07:00 -0700 28 May 2009 By Grant Asplund -- Companies are exposed to numerous security vulnerabilities and compliance issues because of the high percentage of security breaches coming from the internal network along with the fact that the ESX hosts represent invisible networks inside the internal network. Any new virtual server being added to the virtual network is not subject to the same corporate security policy for network access control as physical servers. http://altornetworks.com/news-events/weblog/item.php?asplund-security-teams-take-control http://altornetworks.com/news-events/weblog/item.php?asplund-security-teams-take-control Thu, 28 May 2009 12:00:00 -0700 19 May 2009 By Amir Ben-Efraim, CEO -- VMsafe is a set of security oriented APIs created by VMware and introduced with the launch of vSphere 4. These APIs are not available in older versions of VMware. VMsafe enables 3rd-party ISVs to develop products that closely integrate with vSphere to deliver new capabilities for securing the virtual environment. http://altornetworks.com/news-events/weblog/item.php?amir-how-does-vmsafe-work http://altornetworks.com/news-events/weblog/item.php?amir-how-does-vmsafe-work Mon, 18 May 2009 05:25:00 -0700 11 May 2009 By Poornima DeBolle -- Customers need to understand that not all VMsafe integrated products are created equal. You will see companies that use VMsafe APIs as the foundation to build innovative solutions for virtualization security, and others that shrink-wrap existing technology in VMsafe APIs. When you are evaluating VMsafe solutions, there are some criteria to consider. http://altornetworks.com/news-events/weblog/item.php?debolle-some-critera-to-consider http://altornetworks.com/news-events/weblog/item.php?debolle-some-critera-to-consider Thu, 07 May 2009 08:04:00 -0700 4 May 2009 By Kevin Piper -- Many elements of a virtualized security solution are very difficult to develop and implement but, they are essential in creating a solution which properly protects a virtual environment. http://altornetworks.com/news-events/weblog/item.php?piper-why-you-need-security-p2 http://altornetworks.com/news-events/weblog/item.php?piper-why-you-need-security-p2 Mon, 04 May 2009 02:57:00 -0700 22 Apr 2009 By Kevin Piper -- There are important changes occurring in information security and a handful of vendors are rapidly developing solutions which are much more than hype. My blog is about why you need to build a security solution for the virtual environment. http://altornetworks.com/news-events/weblog/item.php?piper-why-you-need-security http://altornetworks.com/news-events/weblog/item.php?piper-why-you-need-security Wed, 22 Apr 2009 03:29:00 -0700 13 Apr 2009 By Amir Ben-Efraim -- In the rush to virtualize the industry never took pause to recognize the new security issues that come along with the adoption of this new infrastructure. Security best-practices are still an elusive concept, as they were never fully developed in the early "test-and-dev" deployment days. As more mission-critical and externally-facing applications (i.e, DMZ) go virtual, it is imperative for the industry to implement security controls to protect these deployments. http://altornetworks.com/news-events/weblog/item.php?weblog-Why-Do-We-Need-Virtual-Security http://altornetworks.com/news-events/weblog/item.php?weblog-Why-Do-We-Need-Virtual-Security Fri, 10 Apr 2009 12:00:00 -0700 17 Feb 2009 By Altor Engineering -- Conficker (a.k.a. Downadup) is a virulent worm best known for infecting Windows XP and Vista desktop PCs, but it is also attacking production corporate servers. ... http://altornetworks.com/news-events/weblog/item.php?topthreat-conficker http://altornetworks.com/news-events/weblog/item.php?topthreat-conficker Wed, 01 Apr 2009 10:09:00 -0700