Subscribe to Email Updates

Subscribe

All about Virtualization and Cloud Security | Recent Articles:

Virtual Patching Part II: What Makes It So Darn Tricky?

Mar 26 by Shaun Donaldson

In my last blog post I began a conversation about virtual patching. In this post, I’ll further the discussion by talking about why effective virtual patching at the network is so difficult.


The story really begins by considering context, or really, the lack thereof. If a vulnerability exists in an application (a web application, or a browser) there is a certain context associated with the application that is difficult to be aware of at a point outside of the application. The simplest example is a session. A web application may create a session when a user logs-in, destroying the session after a period of inactivity, or when a user logs-out (and when was the last time you logged-out instead of just closing the browser window?).

Read More

Trust and Comfort Zones: Security Innovation and Practices

Mar 21 by Horatiu Bandoiu

I am not a partisan of the FUD speeches (FUD = Fear, Uncertainty, Doubt). Today, however, I will pass on the negative side of the speech by sharing with you some thoughts about the tough days we are facing:

  1. Cyber battle apparently under way in Russia-Ukraine conflict” – remove the word “Cyber”, and this could have been a headline 150 years ago too. Unfortunately we are not talking about the armed conflict the Russians generated in October 1853 under the pretext of protecting the Russian Orthodox people.
Read More

Virtual Patching is What, exactly?

Mar 17 by Shaun Donaldson

I have read quite a bit about virtual patching over the years. Asking Google for a definition and going with one of the first hits I found this reasonable explanation from OWASP:

“A security policy enforcement layer which prevents the exploitation of a known vulnerability.”

 

Really, it’s something on the network or on an endpoint that inspects traffic, most often HTTP(s) for signs of an attempt to exploit a vulnerability (usually in a web application). 

Things other than web applications can be protected, but robust protocol decoding is important, else trying to find an exploit attempt is like hunting for deeper meaning in a book written in a language you don’t understand. Most often, IDS/IPS and Web Application Firewall vendors talk about virtual patching. Reversing the HTTP stream, it can also be used to protect end-user systems from some exploit attempts.

Read More

SMB Security Buying: Rational Thinking or Art of Persuasion?

Mar 14 by Horatiu Bandoiu

This post came as a result of a bet I have made recently with one of my colleagues, Shaun Donaldson. The question is if SMB decision makers follow the buying practices of the Enterprise market or not (that process would include information-gathering, analysis and comparing options in a pure “costs vs benefit” model). The wager I can’t disclose, but I can tell you that Shaun is advocating for people being the most rational creatures on Earth;

So let us explore who is right.

When making buying decisions for technology products, one of the primary assumptions is that it is the fruit of a careful and systematic analysis. I hope that it isn’t about the color of the packaging, the shapes and aerodynamics of the product, or the nice smile of the sales person.

Read More

Public Cloud Security: Come prepared to play

Mar 12 by Kathryn Schwab

Building apps on Amazon Web Services, often led by technical operations (or DevOps) and driven purely by business needs, tends to focus on building and delivering functionality in as little time as possible.  The flexibility and agility available with AWS allows teams to build an app or a business process from conception to production rollout. 

In their 2013 Forrester Wave: Enterprise Public Cloud Platforms, Q2 2013[i], John R. Rymer and James Staten identify three key developer types with specific backgrounds, preferences and motivations and their differences based on how much control they want or need:

Read More