Category Archives: security

July 12, 2011

vShield App with Data Security … my favorite part of vSphere 5

By erinkbanks

Today was a big day in VMware land. Paul Maritz and Steve Herrod announced the release of vSphere 5. There are a multitude of capabilities and features that are just too many for me to list… but then again, maybe it is because I am only really excited about one… the vShield App with Data Security embedded with RSA DLP. I am sure you don’t have to ask, I mean finally we have incorporated data loss prevention capabilities directly into a virtualization solution. Finally we are simplifying security for the customers… finally we are providing out of the box capabilities to the administrators whether they are responsible for the infrastructure or the security of the infrastructure. I have said many times that the solutions are there but the customers are just struggling to get discover them and use them. How amazing will it be when I get to talk to customers and get to show them what they can do without having to discover anything BUT the data.

The vShield App with data security has the ability to (OUT OF THE BOX) discover and classify PCI, PII, and PHI sensitive data in your virtual machines. The RSA DLPs product suite always has the knowledge needed to provide OUT OF BOX capabilities to accurately discover what you are looking for. There is no need to create policies for credit card data, social security numbers, driver’s license numbers (and many more)… it is already in there. This is the information you want to look for. You want to ensure that you are complying with the security policies that your company has developed and those that they have to follow. Now imagine that you are you can bring up reports that identify what policies are violated and what files created this violation. Imagine that you can receive syslog messages and then compare it to the other activity that is occurring within your network.

It is a start… the future opportunities are endless. My hope is that when the customers get familiar and comfortable with the RSA DLP capability available within the vShield App with data security, they will expand on it. They will incorporate all the RSA DLP solutions. The technology that RSA DLP has available to assist users in determining sensitive data on endpoints, data centers, and data in motion is invaluable. RSA literally has teams that specialize in linguistics, information sciences, and regulations. They have taken the difficulty associated with wondering how you actually define the information you are looking for.

I do not have to provide you with the multiple examples of data that have gotten in to the wrong hands. With this new capability the excuses are not going to be able to stick. Users can start off “small”, getting comfortable with the idea of discovering and classifying data in their virtual machines and build up to discovering even more data in more areas. Eventually… no data will be able to hide or escape any secure infrastructure.

If you are looking for additional information, please review the press release from RSA and VMware

1 comment   |  tags: , , , , , , , | posted in security, virtualization

June 25, 2011

Are you putting your security at risk?

By erinkbanks

With so much news right now regarding security, laws, and breaches, my security discussions have increased. Maybe “discussions” isn’t the correct word because although I want to talk about it they just want to state. They want to state what they have heard but don’t really want to talk about any of it. This worries me because if you are not having the discussion, then you may be putting your security at risk. Now you may be thinking that they may not be talking to me because this is security and part of being secure is being secretive, but that is not the case here.
For those that have chosen to answer the question, “why did you make that decision”, most answers are “I am not sure”… seriously?… You aren’t sure? How can that be? This is your job right? And yet you can’t tell me why you chose that product? Reminds me of the arguments I get in with TSA agents regarding the two bag limit for carry-ons. First off, females are always down one bag because most of us carry a purse. Second, if you are going to ask me to consolidate, you must realize that when I get past security, I just unconsolidate. I have not reduced space at all. I still have not received a single explanation for this rule . No one knows the problem that TSA is trying to solve. I digress… the fact is if you don’t know what you are fighting or what you are fighting for, the battle becomes harder. If you don’t know why you picked that product or implemented that solution, you certainly can’t fight your battle correctly.
If you react and only make claims based on what you see on the t.v., read on the web, or read in the papers, you aren’t getting the whole truth and you more then likely are not making the correct decision. If you pull out one solution and implement another one, this does not mean you are any safer. This isn’t how security works. Security requires you to spend time thinking about the known and unknown problems and the best ways to tackle them. It means picking the product, software, education, configuration and policy changes that solves the known and unknown problems. It means being proactive and not reactive. Ripping out one vendor for another vendor or changing the technology all together will not make you secure. If anything, you may be putting your security at risk. There isn’t one product that will solve everything, there isn’t one answer. It is a journey and a discovery and you need to put time in to it. Security is not solved or fixed with a flick of a switch. There are layers to it. I understand that it is difficult and the unknown is scary and there are no guarantees but if you don’t know why you made the decision, you will never be secure. You need to stop putting your security at risk.

Leave a comment   |  tags: | posted in security

May 22, 2011

Is Security Easy?

By erinkbanks

As I have discussions with the customers I meet and talk to on a regular basis, I constantly yearn to understand the challenges they are facing. What is stopping them from moving forward and implementing the security tools that are available to them. Why purchase that SIEM to only put it on the shelf? Sure, you need to use the money but why would you not use it after you bought it? You know the response that I keep getting… (it rips my heart apart)… “It Is DIfficult”… wait.. what did you say? I just showed you how RSA enVision has reports available out of the box, I informed you of the fact that we use no agents, I just pointed out all the VMware messages that RSA enVision can correlate… OUT OF THE BOX. Doesn’t “out of the box” mean simple?
As I was busy worrying about the products, they were busy worrying about all that stuff that happens before you put the product in place. What am I actually looking for you? What do I need to look for in the future? How do I know what I need to do when I don’t actually know what to do? What policies… what compliance… where do I begin to start? I get it… I get the pain. People think that security is like a big jigsaw puzzle. You open the cover and look at the thousands of pieces and you have no idea where to start. It becomes overwhelming and sometimes you just want to put the cover back on the box. You leave the box sitting there and tell yourself you will get back to it, and it just keeps sitting there…
My concern is without starting the jigsaw puzzle you will be missing more then the finished product. You have to understand, security is a piece in the jigsaw puzzle, not the puzzle itself. It has the correct place in the bigger picture and once you put it in place, the others can easily link up around it. I understand that it is tough to find the piece but once you do, you will see why you needed it and why without it, you will never have a complete solution. You are lost until you have the piece.
Of course there are many companies out there that provide the consulting services to help you find the piece. You see, it is their job to find the piece and help you finish your puzzle. No matter how you start, you can not be afraid of security. It may be difficult in the beginning but everything that you don’t know is difficult in the beginning. That should never stop an organization from implementing solutions that are built to be easy. I understand that it isn’t the products that are difficult, it is taking the first step into the security puzzle piece that is difficult. So let me recap… security in itself is a puzzle piece in a very large jigsaw puzzle. Putting the puzzle together can be difficult, but it isn’t the security piece itself that makes it difficult. The security puzzle piece is essential in the grand scheme of things. Without it, the puzzle can never be complete. Don’t be afraid of it, it can be done and must. Don’t be afraid of the box… opening it… look inside… take a deep breath and start it. Don’t wait until someone throws the box away or until someone opens your box for you and starts taking your pieces.

Leave a comment   |  tags: , , | posted in security

May 6, 2011

ISSA Boise Meeting – Recap

By erinkbanks

I covered for my fellow vSpecialist Jim Brigham (@i2speakgeek) at the Boise Idaho ISSA Meeting. The partner Cerium Networks asked RSA to speak at the event. I of course spoke about “Securing the Cloud”…  I mean really, what else am I going to talk about? The slides that I presented are below. Before the presentation, I spoke to some great attendees about the cloud and the struggles and how some people just don’t get it and never will. I wish I could give one on one attention to everyone, pushing the fact that this is the movement of IT and eventually you will need to make the changes. Of course there are exceptions, of course there are organizations that will never touch the cloud. I can’t think of what type of company this would be. I mean even my sister’s company backs up her systems to a cloud provider and she uses an email service. She is a one person company, she can’t afford to manage her IT systems. She works with numbers and not IT. Isn’t that one of the greatest advantages of the cloud? The fact that it services companies at all levels. Whether it is a company of one to a company of the largest size, the cloud provides something to them that they could never provide on their own or wouldn’t want to. I remember a sad time before the cloud, when companies were actually limited to local resources who knew only certain tools and you were stuck with them.
Anyway, the presentation and conversations went very well and I met some amazing people and got to talk about my favorite subjects. I did not get to catch many of the other discussions and the questions that came up. My specific presentation brought questions about the RSA Archer and VMware vShield technologies. The best statement that I got at the end of the discussion was… “thank you, you make it seem so easy”… I said that isn’t easy if it isn’t implemented correctly, planned correctly, and managed correctly but any time that I can take the fear out of security, I will accept that high compliment… thank you!!!

Leave a comment   |  tags: | posted in security

April 28, 2011

RSA Labs at EMC World 2011

By erinkbanks

I spent last week in North Carolina working on the EMC vSpecialist Hands-On Labs for EMC World… the infamous vSpecialist vLabs. On the week of May 9th, 2011 in Las Vegas we will be providing a 200 seat lab for EMC World attendees. The hands – on labs are available for the following EMC products:

  • RSA Archer, RSA enVision
  • Atmos, IONIX UIM
  • VMAX, VPLEX, Avamar
  • Isilon, VNX, VNXe, VSI Plug-in
  • Greenplum, Recover Point, VAAI

You will be able to sign up for a lab session of your choice by simply entering your details into a console which will be situated outside the entrance of the vLabs. When there is an available seat you will see your name on one of two large plasma screens also outside the front of the vLabs room. You will then be escorted to your lab seat by a vSpecialist where you can then start your chosen lab. It is as simple as that.
All of these labs (with the exception of the VMAX lab) will be run out of the EMC Cloud based in North Carolina. When I was in North Carolina, Jase McCarty and I racked and built out plan “b” for the labs. You can see more information regarding this at www.jasemccarty.com. These racks are also going to be used  for VMUGs and other lab events so that we can continue to take full advantage of all the work that has been put in to it. It has been a great experience and I feel so lucky to be a part of it. I hope that participants enjoy the lab as much as I do and I look forward to getting input specifically around the Archer and enVision labs. We really wanted to showcase the capabilities that the RSA products bring to the virtual world. We know how great the products are with regard to the physical world but I worry that a lot of people do not understand their capabilities in the virtual… but I am working on it!! The RSA enVision lab will allow you to get your hands on the Event Explorer tool used with enVision.  The use cases in this lab are VMware based. The RSA Archer lab will walk you through the Cloud Security and Compliance solution, also VMware based. See my previous blog on the Archer solution based on the VMware hardening guidelines.

1 comment   |  tags: , , , , | posted in security

April 28, 2011

April 7th Webcast – Recap

By erinkbanks

It has been awhile and I am sorry that I have not been able to post the slides from the April 7th Webcast that Sharon Isaacson and I did. It was a great webcast. We had 350+ people register for the event. Everything went really well…  the audio, the slides, the demo… everything… it was perfect and I was so grateful to have done it with Sharon. She is incredibly smart and amazing and I am so lucky to work with her. I have learned so much from her. It even provided us with some ideas for sessions VMworld (now I am crossing my fingers that we get picked). I have provided the slides below for your review if you were not able to register.

Leave a comment | posted in cloud security, RSA, security, virtualization, webcast

April 4, 2011

April 7th Webcast: Virtual Machine Security Best Practices for VMware Environments

By erinkbanks

I wanted to take this time to talk about a webcast that my fellow vSpecialist Sharon Isaacson and I are presenting on April 7th. It is called “Virtual Machine Security Best Practices for VMware Environments”. Here is the link to register for the event (you can also register by selecting the image at the very botton)

http://bit.ly/eyOJqk

We will be talking about the triangle of trust, security, and the capabilities provided that will assist in protecting your virtual machines. As I indicated in previous posts, these best practices are only beneficial if they are implemented and continuously monitored. There are no guarantees in security but we need to continue to fight the battle. If you attend the session and walk away not wondering what other capabilities you can add into your infrastructure, we have not done our job. We hope to bring the best to you and make you think. If you are interested in other VMware webcasts provided by EMC, this link will provide you with more information

http://bit.ly/gD0Zkp

I look forward to hearing from you at the webcast

Leave a comment   |  tags: , , , | posted in security, webcast

March 30, 2011

Security… It is Not what you do… It is How you do IT

By erinkbanks

You know that alarm system you bought? How often do you turn it on? How often do you check to see if it is working? Do you think about your habits and whether having them makes you more at risk? For instance, do you close the garage door before you open your house door, ensuring that no one runs under the garage door and into the house? When you enter in the code on your alarm system, can someone see it from the windows? Do you pay for the alarm company to monitor your system? How often do you change the code? Yes, just putting up the signs in your windows or front lawn deter people, it isn’t a guarantee.  Yes, buying the system is a big step but leaving it on the shelf does not do you any good. Stick with me here…

Recently I tweeted the comment that “security was better in a virtual world than a physical world”. I am a true believer in this statement and will continue to share the thought in my presentations and blog. The “push back” I received was not that the statement was incorrect but I used the incorrect words. This is exactly why I am not a huge fan of Twitter. It is hard for me to have a discussion about anything in 140 character bursts ala Twitter. I tweet thoughts and retweet other’s thoughts but having a discussion I can not. I certainly understand Twitter’s role in the industry and I certainly have not learned the correct process for it and have been corrected multiple times.  Live and learn right?

What I love about security is the fact that security should always be based around a discussion. Security is NOT about products. Security is about implementation and how it is implemented. For instance, you can have a secure environment with one product… a door lock. Put the server in a locked room that only has access by one person and you never put the server on the network. Now this might be idiotic but there are use cases around it. Every security discussion requires a use case and an understanding as to what risk the customer is willing to take and then a solution is built around this. But a solution does not work unless it is implemented (correctly) and continuously monitored. If you put it in place and then just leave it assuming it is just going to work… you are crazy. Security is a daily… hourly… minute… second by second responsibility and if you take your eye off of it for just a moment, you will lose sight of why you implemented it in the first place. Security is nothing without the correct policies in place.. without defense in depth. If you do not understand the infrastructure, if you don’t know the business you are trying to protect, there is nothing that can save you.

In the long run, security isn’t better in any world unless it is implemented correctly and is constantly rechecked to ensure the implementation is doing its job. There are new viruses, new attacks, new technologies, new everything on a daily basis and in a security world, you need to keep up with it. Now I still believe that security in a virtual world is better than a physical world and luckily I had already had this discussion with the customers on the day that I sent the tweet. The customers knew why I made a comment like that but to the average citizen, they may assume that they can set it and forget it but security is nothing like that. There is a language to security and a dialog that is much longer then twitter… That is why I started this blog.

4 comments   |  tags: , | posted in security

February 26, 2011

RSA Conference 2011 recap – Secure Code

By erinkbanks

As the week of the 20th RSA Conference winds down, it only seemed appropriate to use the week of security as a post. I wanted to make it clear first off that the RSA Conference is not owned by RSA, The Security Division of EMC. RSA is just the largest sponsor of the event. This is why you see other vendors during the sessions and keynotes. We tend to have the largest booth on the expo floor but our competitors are on the floor too.  The RSA booth this year was impressive and incredibly busy. I had booth duty this past week, focusing specifically on the Vblock 0 that we had in the RSA booth as well as the security components surrounding it and the cloud capabilities, for instance the Cloud Security and Compliance Solution that I discussed on the last post and the Cloud Trust Authority that we announced early in the week. It was a great week for cloud, virtualization, and security. It was as if all my favorite things were together for one week.

People were incredibly interested in the two Vblocks we had on the floor (one in the RSA booth…  great idea by the way and one in the VCE booth). They were interested in what it provided to them as a company but most importantly, they were interested in the components that would secure it. People were so excited to know that there is finally a solution that had security options. Last but not least, Harris Corporation and Lockheed Martin both had press releases regarding the Vblock and securing it. There were also press releases focusing on a partnership with RSA and McAfee. VCE announced the Vblock Infrastructure Platforms Trusted Multi-Tenancy Overview… people were begging for hard copies and it should be available on www.vce.com this week.

Out of the sessions that I did attend though, the highlights of the discussions (I attend very few vendor sessions) was the need to protect the applications. Many of the speakers indicated that it was not about the infrastructure as much as it was about the applications. Or maybe that the infrastructure is now covered and we need to move on to something else. “The need for secure code is more important then ever” was the consensus … not sure I agree with that statement… I think it has always been important. Lets be clear though… when I refer to infrastructure, I am referring to all aspects that the application sits on. I am referring to the server, the router, the firewall, the network, all of it. It has always been defense in depth but didn’t that always include the software? I question why it is that we keep jumping around to the various aspects of the infrastructure. Is it perimeter-centric security or information-centric security? It is all of it…. this includes the applications. We keep talking about being proactive versus reactive and yet nothing ever changes. We / I keep talking that we have the chance to get it right and yet we are just now talking about creating safe applications. Then again, maybe we did get it right and in the mean time forgot about the applications. I understand that the threat constantly changes and the attackers go to the easiest point but we should have known that. Secure code is not a new thing so why did it come up multiple times. if you are unfamiliar with safe code, a good site for information is www.safecode.com. I think they say it best… safe code is “increasing trust in information and communications technology products and services through the advancement of effective software assurance methods”. This is a non-profit organization that aims to “identify and promote best practices for developing and delivering more secure and reliable software, hardware, and services” with members including organizations such as Juniper, Microsoft, and EMC. Maybe the fact that there are only seven companies participating, means that it is has not been top priority.   I love that we are talking about it… it is important but actions will always speak louder than words. We need to protect from top to bottom… there is no debate over this topic. We can never lose sight of the problem… reducing risk. It is true, protecting the applications is important but can we please talk about what it means to protect the entire solution. It isn’t about products and product companies, it is about the security concepts that have been created over time and will continue to be created.

Side note: Best line of the week in my opinion, “run towards the risk”. How poignant is that? If you run from what you fear, you will never learn from it, you will never make anything better. Running is never the answer. Tackle it, respect it, and fix it.

1 comment   |  tags: , , | posted in security

January 12, 2011

Built in Vs. Bolt on Security… Getting It Right This Time

By erinkbanks

As the snow storm hits my area I am of course reminded of security… I know, I find inspiration in the strangest places. Anyway, as I was driving in my 4×4, I realized that of course I own this truck because I live in an area that gets a large amount of snow. I need to ensure that I keep myself safe and have the appropriate tools that can get me where I need to go when certain situations arise. I need to be prepared and plan ahead. I bought the 4×4 truck before the snow came, I bought the appropriate food, I got the snow blower out, I got ready. My house is even ready. It was built strong to take the cold weather, the roof is built to take the weight of the snow. The house, the car, the surroundings were built to be secure, built to take the pressures of the environment.

Building security in at the beginning… at step one… is like buying a 4×4 when you live in a snow storm prone area. It is pulling out the snow blower, getting food, being prepared. It means you prepare yourself from the beginning without the worry when the security event occurs. Worrying about security after the event is like buying the necessities after the snow storm… it is just a little too late. Why worry about security at all if you are going to consistently be in catch up mode? You have to be prepared and understand that security is a part of the discussion on day one. It means working with the technologies and products that are prepared to deal with the security events immediately. It is being prepared for the snow storm.

This is why I love virtualization so much. It brings back the ability to put security into the design, to bring it to day one. We are redesigning the data centers and this time we have the ability to get it right and get it right from the start. No need to bolt the security on, the environment can now be built with security at the first step. Technologies are finally being built with security in mind. Finally we understand that security should never be an after thought but A REALITY. Let’s learn from our mistakes that arose in the physical environments. It was as if we were trying to fit this square peg in a round hole and nobody wanted to deal with it. Security in a virtual world is so much better than a physical one. Security isn’t something you should ever take for granted. Don’t assume that snow will never come to your town, don’t assume that the food will just appear and that your snow blower will just start. Prepare for everything that is coming your way and don’t get caught defenseless.

I will cover this new opportunity soon… focusing on the fact that security in the virtual world is so much better…

Leave a comment   |  tags: , , | posted in security

Follow

Get every new post delivered to your Inbox.