Recently EMC and Intel paired up on a webcast to talk about the relationship between the two companies… they provided a new proof of concept. As much as I love this relationship and enjoyed the presentation ( I have included them below ), the capability that I am most interested in is the Intel Trusted Execution Technology (TXT) functionality. From a security and virtualization viewpoint this functionality is wonderful. Before I get in to the Intel TXT capability I wanted to step in to security for a couple of seconds.
I find the growth pattern that security has taken on truly amazing. In the internet age.. at first, we didn’t need any security because there was nothing to steal. Then the internet took over our lives and the digital information explosion was on a roll!! It became about protecting the perimeter and then it was all about protecting the information. Then questions came up about the hardware that we run this technology on and whether anyone has corrupted it. Wow… how security and it’s way’s have changed. I love the fact that we are jumping the gun when it comes to understanding the hardware that our information is running on. I love that you can never be too sure. It is like when people ask me about the security of the hypervisor… I always say that at this exact moment, it is safe. In actuality, we have no idea what the future holds but we know that when people want something, they will do anything to get it. You can not expect anything less.
The Intel TXT functionality establishes a root of trust. This technology establishes normal behavior for the bios and the firmware when the system/server is booting and bases future behavior off of it. The hypervisor can then be tested and verified as well. If all is good, then the hypervisor can boot up in normal fashion. If there is not a match, then the hypervisor can not launch. Even creating a policy that indicates that a VM can not reside on a host that does not have the Intel TXT functionality enabled. You know how I love policies. How cool is that!!! Getting this level of security when we are trying to boot the hypervisor is how security should be… that is thinking!!!
Last but not least… I can not ignore what RSA is doing with this technology as well. They showcased this proof of concept at RSA Conference 2010 with the VMware and RSA enVision and Archer technology. Once again helping with the security and compliance requirement and ensuring you have the visibility into this technology and your virtual environment. Without this visibility, you have nothing. What is the point of using it if you can not prove it? RSA enVision and Archer helps you with this. Click here if you want to review the press release from RSA regarding this capability. I truly love that RSA has taken the initiative here. I love the fact that that we can partner with a company that sees security on a new level and can prove it.
Tag Archives: RSA
Intel TXT Capabilities – I’m Loving It
Keep Your Enemies Closer : Advance Threat Management
I was recently watching a replay of the CBS 60 Minutes report that originally aired in November 2009 called “Sabotaging the System”. The segment talked about viruses, malware, and hackers that have infected the public and non public networks. These include the federal networks such as the US Central Command (CENTCOM) network. In 2008 the malware, agent.btz had landed on this network. It was believed that the virus found its way through a USB stick. This virus can see everything on the network and for some reason… they cannot get rid of it. According to the following article, the US military networks still cannot remove the virus in their network.
A USB drive… it was that simple. Hackers will find a way onto a network and for some reason, they don’t want to leave. One option that people initially like to take is to block the USB port but we all know that making security a roadblock for the users can create more problems. A better option is to use RSA Data Loss Prevention technology to allow only certain USB drives to have access to the system. However, in spite of all this work, blocking and denying… they might still get in. And this is why we employ defense in depth (multiple layers of security). I love the RSA DLP capabilities but we need to do more than just lock the door. Looking at the security without the rose colored glasses, you will soon find out that if you have something worth stealing, someone will look for a way to steal it and one layer is not enough. As we like to say… “there are two types of organizations out there… those that have been hacked and those that admit that they have been hacked” (I use this line almost every day).
What does this mean in the long run? It is no longer about the protection, but understanding the threat. The only way to tackle the threat is to understand the threat. Why else did we say, keep your friends close but your enemies closer? How do you do this from a networking standpoint… by monitoring what is happening on the network. We do this by understanding the technology of the malware and its purpose. You can’t protect any of the systems when it’s a new malware and very little, to nothing is known about it. You need to understand where the attackers are going and what is or is not important to them.The technology that RSA NetWitness gives you… does just that. No more saying “we don’t know when they got onto the network and we don’t know what they took”… because you can see everything on the network. It’s literally like having a DVR for your network – you can watch and play back the activity… all activity on the network. When it comes down to it, not knowing what is happening or has occurred on your network is one of the negative facets of network security. Not knowing means that you will never have the ability to fix any problems, fix any holes, protect any data because you don’t know what you don’t know and that is the worst type of security. The fact is hackers are not going away as we try to put up barriers here and there, they still find a way in. Imagine your house is burglarized after you set the alarm, locked the doors, bought the dog…. wouldn’t you want to know how they got in? Wouldn’t you want to know what they took or touched? Do you really think you will feel ok if you stand in the middle of your house and just look at what is in eye view and assume that you will find out what went wrong? It doesn’t work that way… you wish there was a camera, you wish you could watch everything – that would help you prepare in case it happens again, because you would know what they know and you could fix that issue. That is what RSA NetWitness does… it lets you see the threat and it lets YOU manage it.
EMC and RSA… Enabling Virtual Administrators
Every day as I work with virtualization and the components that surround it, I am reminded why I love working at EMC and RSA. Yes, I have the privilege to work with the mother ship, EMC as well as the security division, RSA because both virtualization and security are my passion. One of the many reasons why I feel that EMC and RSA are the correct choices when developing your virtual environment is because EVERY… and I mean EVERY product manager of the EMC and RSA products tells me that their role is to “enable the virtual administrators”. Every product that EMC and RSA rolls out their doors at the core has two things in mind, security and virtualization. EMC and RSA build their products with security at step one. As a person who preaches about security, how can I not love the fact that the company that I work for chooses to build security into the fabric of their products. More importantly how can I not love the fact that the products are being developed specifically with the virtual administrator in mind
Simplification of the technology is the easiest way to ensure adoption. Outside of that, the users are just looking for excuses. If you simplify the technology, why wouldn’t someone implement the capabilities. If you break down the silos and give users the things they need to get their job done, why wouldn’t you implement the capabilities. If you enable the virtual administrators, why wouldn’t you implement the technologies that are there to simplify and break down your daily tasks. Are these not the tools that we have been asking for… the tools that we needed?
This blog post isn’t to go through the entire list of integration points or to cover the capabilities, this blog post is to clearly state the obvious… (my stake in the ground)… when you think virtualization you must think EMC and RSA. I have discussions with customers daily about their frustrations with wanting to move further down their journey to a virtual data center, customers want to be enabled and I am here to tell you that EMC and RSA understands that. We understand the pains mainly because we are our own best and worst customer but built in to us, built into our culture is virtualization and simplification. We work with these technologies daily just like you and we beg to have the capabilities that make sense. All our solutions, across the board, from the management suite, to backup, to recovery, to storage, to security are on the journey with you to the virtual data center.
vShield App with Data Security … my favorite part of vSphere 5
Today was a big day in VMware land. Paul Maritz and Steve Herrod announced the release of vSphere 5. There are a multitude of capabilities and features that are just too many for me to list… but then again, maybe it is because I am only really excited about one… the vShield App with Data Security embedded with RSA DLP. I am sure you don’t have to ask, I mean finally we have incorporated data loss prevention capabilities directly into a virtualization solution. Finally we are simplifying security for the customers… finally we are providing out of the box capabilities to the administrators whether they are responsible for the infrastructure or the security of the infrastructure. I have said many times that the solutions are there but the customers are just struggling to get discover them and use them. How amazing will it be when I get to talk to customers and get to show them what they can do without having to discover anything BUT the data.
The vShield App with data security has the ability to (OUT OF THE BOX) discover and classify PCI, PII, and PHI sensitive data in your virtual machines. The RSA DLPs product suite always has the knowledge needed to provide OUT OF BOX capabilities to accurately discover what you are looking for. There is no need to create policies for credit card data, social security numbers, driver’s license numbers (and many more)… it is already in there. This is the information you want to look for. You want to ensure that you are complying with the security policies that your company has developed and those that they have to follow. Now imagine that you are you can bring up reports that identify what policies are violated and what files created this violation. Imagine that you can receive syslog messages and then compare it to the other activity that is occurring within your network.
It is a start… the future opportunities are endless. My hope is that when the customers get familiar and comfortable with the RSA DLP capability available within the vShield App with data security, they will expand on it. They will incorporate all the RSA DLP solutions. The technology that RSA DLP has available to assist users in determining sensitive data on endpoints, data centers, and data in motion is invaluable. RSA literally has teams that specialize in linguistics, information sciences, and regulations. They have taken the difficulty associated with wondering how you actually define the information you are looking for.
I do not have to provide you with the multiple examples of data that have gotten in to the wrong hands. With this new capability the excuses are not going to be able to stick. Users can start off “small”, getting comfortable with the idea of discovering and classifying data in their virtual machines and build up to discovering even more data in more areas. Eventually… no data will be able to hide or escape any secure infrastructure.
If you are looking for additional information, please review the press release from RSA and VMware
Is Security Easy?
As I have discussions with the customers I meet and talk to on a regular basis, I constantly yearn to understand the challenges they are facing. What is stopping them from moving forward and implementing the security tools that are available to them. Why purchase that SIEM to only put it on the shelf? Sure, you need to use the money but why would you not use it after you bought it? You know the response that I keep getting… (it rips my heart apart)… “It Is DIfficult”… wait.. what did you say? I just showed you how RSA enVision has reports available out of the box, I informed you of the fact that we use no agents, I just pointed out all the VMware messages that RSA enVision can correlate… OUT OF THE BOX. Doesn’t “out of the box” mean simple?
As I was busy worrying about the products, they were busy worrying about all that stuff that happens before you put the product in place. What am I actually looking for you? What do I need to look for in the future? How do I know what I need to do when I don’t actually know what to do? What policies… what compliance… where do I begin to start? I get it… I get the pain. People think that security is like a big jigsaw puzzle. You open the cover and look at the thousands of pieces and you have no idea where to start. It becomes overwhelming and sometimes you just want to put the cover back on the box. You leave the box sitting there and tell yourself you will get back to it, and it just keeps sitting there…
My concern is without starting the jigsaw puzzle you will be missing more then the finished product. You have to understand, security is a piece in the jigsaw puzzle, not the puzzle itself. It has the correct place in the bigger picture and once you put it in place, the others can easily link up around it. I understand that it is tough to find the piece but once you do, you will see why you needed it and why without it, you will never have a complete solution. You are lost until you have the piece.
Of course there are many companies out there that provide the consulting services to help you find the piece. You see, it is their job to find the piece and help you finish your puzzle. No matter how you start, you can not be afraid of security. It may be difficult in the beginning but everything that you don’t know is difficult in the beginning. That should never stop an organization from implementing solutions that are built to be easy. I understand that it isn’t the products that are difficult, it is taking the first step into the security puzzle piece that is difficult. So let me recap… security in itself is a puzzle piece in a very large jigsaw puzzle. Putting the puzzle together can be difficult, but it isn’t the security piece itself that makes it difficult. The security puzzle piece is essential in the grand scheme of things. Without it, the puzzle can never be complete. Don’t be afraid of it, it can be done and must. Don’t be afraid of the box… opening it… look inside… take a deep breath and start it. Don’t wait until someone throws the box away or until someone opens your box for you and starts taking your pieces.
RSA Labs at EMC World 2011
I spent last week in North Carolina working on the EMC vSpecialist Hands-On Labs for EMC World… the infamous vSpecialist vLabs. On the week of May 9th, 2011 in Las Vegas we will be providing a 200 seat lab for EMC World attendees. The hands – on labs are available for the following EMC products:
- RSA Archer, RSA enVision
- Atmos, IONIX UIM
- VMAX, VPLEX, Avamar
- Isilon, VNX, VNXe, VSI Plug-in
- Greenplum, Recover Point, VAAI
You will be able to sign up for a lab session of your choice by simply entering your details into a console which will be situated outside the entrance of the vLabs. When there is an available seat you will see your name on one of two large plasma screens also outside the front of the vLabs room. You will then be escorted to your lab seat by a vSpecialist where you can then start your chosen lab. It is as simple as that.
All of these labs (with the exception of the VMAX lab) will be run out of the EMC Cloud based in North Carolina. When I was in North Carolina, Jase McCarty and I racked and built out plan “b” for the labs. You can see more information regarding this at www.jasemccarty.com. These racks are also going to be used for VMUGs and other lab events so that we can continue to take full advantage of all the work that has been put in to it. It has been a great experience and I feel so lucky to be a part of it. I hope that participants enjoy the lab as much as I do and I look forward to getting input specifically around the Archer and enVision labs. We really wanted to showcase the capabilities that the RSA products bring to the virtual world. We know how great the products are with regard to the physical world but I worry that a lot of people do not understand their capabilities in the virtual… but I am working on it!! The RSA enVision lab will allow you to get your hands on the Event Explorer tool used with enVision. The use cases in this lab are VMware based. The RSA Archer lab will walk you through the Cloud Security and Compliance solution, also VMware based. See my previous blog on the Archer solution based on the VMware hardening guidelines.
April 7th Webcast: Virtual Machine Security Best Practices for VMware Environments
I wanted to take this time to talk about a webcast that my fellow vSpecialist Sharon Isaacson and I are presenting on April 7th. It is called “Virtual Machine Security Best Practices for VMware Environments”. Here is the link to register for the event (you can also register by selecting the image at the very botton)
We will be talking about the triangle of trust, security, and the capabilities provided that will assist in protecting your virtual machines. As I indicated in previous posts, these best practices are only beneficial if they are implemented and continuously monitored. There are no guarantees in security but we need to continue to fight the battle. If you attend the session and walk away not wondering what other capabilities you can add into your infrastructure, we have not done our job. We hope to bring the best to you and make you think. If you are interested in other VMware webcasts provided by EMC, this link will provide you with more information
I look forward to hearing from you at the webcast
RSA Conference 2011 recap – Secure Code
As the week of the 20th RSA Conference winds down, it only seemed appropriate to use the week of security as a post. I wanted to make it clear first off that the RSA Conference is not owned by RSA, The Security Division of EMC. RSA is just the largest sponsor of the event. This is why you see other vendors during the sessions and keynotes. We tend to have the largest booth on the expo floor but our competitors are on the floor too. The RSA booth this year was impressive and incredibly busy. I had booth duty this past week, focusing specifically on the Vblock 0 that we had in the RSA booth as well as the security components surrounding it and the cloud capabilities, for instance the Cloud Security and Compliance Solution that I discussed on the last post and the Cloud Trust Authority that we announced early in the week. It was a great week for cloud, virtualization, and security. It was as if all my favorite things were together for one week.
People were incredibly interested in the two Vblocks we had on the floor (one in the RSA booth… great idea by the way and one in the VCE booth). They were interested in what it provided to them as a company but most importantly, they were interested in the components that would secure it. People were so excited to know that there is finally a solution that had security options. Last but not least, Harris Corporation and Lockheed Martin both had press releases regarding the Vblock and securing it. There were also press releases focusing on a partnership with RSA and McAfee. VCE announced the Vblock Infrastructure Platforms Trusted Multi-Tenancy Overview… people were begging for hard copies and it should be available on www.vce.com this week.
Out of the sessions that I did attend though, the highlights of the discussions (I attend very few vendor sessions) was the need to protect the applications. Many of the speakers indicated that it was not about the infrastructure as much as it was about the applications. Or maybe that the infrastructure is now covered and we need to move on to something else. “The need for secure code is more important then ever” was the consensus … not sure I agree with that statement… I think it has always been important. Lets be clear though… when I refer to infrastructure, I am referring to all aspects that the application sits on. I am referring to the server, the router, the firewall, the network, all of it. It has always been defense in depth but didn’t that always include the software? I question why it is that we keep jumping around to the various aspects of the infrastructure. Is it perimeter-centric security or information-centric security? It is all of it…. this includes the applications. We keep talking about being proactive versus reactive and yet nothing ever changes. We / I keep talking that we have the chance to get it right and yet we are just now talking about creating safe applications. Then again, maybe we did get it right and in the mean time forgot about the applications. I understand that the threat constantly changes and the attackers go to the easiest point but we should have known that. Secure code is not a new thing so why did it come up multiple times. if you are unfamiliar with safe code, a good site for information is www.safecode.com. I think they say it best… safe code is “increasing trust in information and communications technology products and services through the advancement of effective software assurance methods”. This is a non-profit organization that aims to “identify and promote best practices for developing and delivering more secure and reliable software, hardware, and services” with members including organizations such as Juniper, Microsoft, and EMC. Maybe the fact that there are only seven companies participating, means that it is has not been top priority. I love that we are talking about it… it is important but actions will always speak louder than words. We need to protect from top to bottom… there is no debate over this topic. We can never lose sight of the problem… reducing risk. It is true, protecting the applications is important but can we please talk about what it means to protect the entire solution. It isn’t about products and product companies, it is about the security concepts that have been created over time and will continue to be created.
Side note: Best line of the week in my opinion, “run towards the risk”. How poignant is that? If you run from what you fear, you will never learn from it, you will never make anything better. Running is never the answer. Tackle it, respect it, and fix it.
RSA Solution for Cloud Security and Compliance
I am in love… Truly … Truly. In love. I got to work with and demo the new RSA Archer eGRC Cloud Security and Compliance solution. The ability to see the virtual world through the eyes of security made me almost cry. I am not sure if it was the complete solution or just what it means that made me more in love. The fact that cloud security had it’s own tab… It’s own dashboard available in the tool is so ground breaking. It means that everything I believe in is coming together… security and the cloud. It means that all this talk was not for nothing.
Let me give you a little background on the RSA Archer eGRC solution. It is a platform that allows you to get a deep and granular understanding of the governance, risk, and compliance within your entire organization. It allows you to map control procedures (enable logging) to control standards (maintain security logs of all network devices) and regulations (PCI, HIPPA, NERC). It uses multiple integration points such as a data feed manager and web service API. But in all actuality, that is just the beginning of the capabilities of the tool. There are multiple customers that use the tool for many other things. There are NINE core solutions in the Archer platform: Enterprise Management, Business Continuity Management, Vendor Management, Audit Management, Policy Management, Risk Management, Compliance Management, Incident Management, and Threat Management. Cloud Security and Compliance requires Enterprise Management, Compliance Management, and Policy Management. I can not begin to give the RSA Archer eGRC Solution the credit it deserves. Some people do not understand the importance of this tool but then again, some people just don’t get the big picture. They live in a silo’d world and can not understand the concept of a solution versus a product. I personally love the Archer product… I actually joke that if I had children, I would name one of them Archer.
The RSA solution for cloud security and compliance uses the RSA Archer eGRC solution to allow you to see if your virtual environment is complying with the VMware hardening guidelines and whether your physical environment is in compliance with the appropriate hardening guidelines that the other vendors have released. It is important to understand that in order to get the full risk and compliance factors across the entire stack, you must use the appropriate tools. For instance, vCM (VMware vCenter Configuration Manager which is also called EMC IONIX SCM or Configuresoft) should be a source that you use to map these factors to your physical servers. EMC IONIX UIM (Unified Infrastructure Manager) or EMC IONIX NCM (Network Configuration Manager or Voyence) should be used to map these factors to your network devices.
Now lets get back to the point… once again I want to determine whether my virtual machines are complying with my corporate standards as well as VMware’s hardening guidelines. For example, are the VM’s that the financial department are using at the highest compliance levels? Are all the configurations set appropriately? Am I doing everything to reduce my security risk for my own corporate needs as well as the PCI regulations that I need to adhere to? How am I supposed to talk about virtualization and security if I can’t even tell you how to assess your risk levels? There is so much to this product and where it will be going in the future… this is just a start. The possibilities are endless… I get giddy just thinking about it. RSA of course released a SecurBook discussing this solution… and no solution is complete without a video explaining it all and it is available below (got to love the accent). And of course to get all the information on the other RSA SecurBooks as well on Secure Virtualization…
