All about Virtualization and Cloud Security | Recent Articles:

Several weeks ago we started a series dedicated to considering APTs (Advanced Persistent Threats) and possible ways to mitigate them. In the first post we strived to define and “contain”  the APT as category of threats as the term is abused, and today most all the sophisticated attacks are presented as APTs – the supreme evil.

Working from the definition, we now remain with two aspects:

#1:  Advanced – as APTs are sophisticated, out of the range even for organized crime networks – “we are sorry, no botnets or banking trojans allowed”.

#2:  Persistent – as we have seen and described, we are talking about organized attackers with myriad resources - the most important being time and patience, until they can reach their objective. A modern characteristic is that they prefer, with few exceptions, the “low and slow” approach; doing “the job” as silently as possible.

The thesis we don’t agree with is that APTs can pass over any antimalware technology. As a matter of fact, the majority of their components have been spotted-out as suspicious files prior to being investigated and detection being added.

This is the second post from a series we thought necessary to dedicate to APTs (Advanced Persistent Threats) and the new wave of security technologies claiming that they replace or complement antimalware solutions to help organizations defeat this new threat.

This is the first post in a series dedicated to the trendiest, most disputed and most used acronym in the recent history of information security. My purpose for this series of three posts is to define the phenomenon (as we see it), to take a look at possible counter-measures – a review of the self-denominated “next generation security solutions” – and finally to try to come up with an effective response that shouldn’t cost you a fortune. 

I. The WHY

Why have I decided to dedicate a series of posts to APTs (Advanced Persistent Threats), in context?

The answer is simple; after having seen and read a lot of literature on this topic and after directly observing, first-hand, several APTs, the worry is that the more this is written about, the more it is adding to the confusion of notions or the intentional or unintentional misclassifications and the marketing veils that create further confusion.

When dealing with greatness and great companies one should try to find out what it is that they are doing so outstandingly well, and what lessons are to be learned from them? What do Google, Amazon, Facebook, LinkedIn, Netflix, Intuit, Bank of America, GAP or Macy’s - just to name a few - have in common?

Apart from being very big enterprises and highly successful, they also share an IT-related approach that has become a cultural trait: they all embraced DevOps as a way of delivering their products/ services to the clients. As security practitioners, we have the duty to ask ourselves – where does security fit into this DevOps philosophy?

We see, day after day, real and so-called security experts announcing the newest security apocalypse we face. Claiming that antivirus is a dead technology, they invite you to uninstall it and buy new next-generation technologies that will automatically collect, analyze and detect malicious intentions of attacks or data compromise from the moment they are born in the minds of the bad guys.

Sometimes they come from people more or less familiar with the topic - Is Anti-Virus Scanning/Detection Obsolete?  - and you can see that most of the opinions there are not so negative, apart from the classic advertising for some AV brands. Other times they come from specialists in the field, trying to give an opinion or just sell their “stuff”. 

With this post dedicated to the series of newer IT infrastructure models and options available to CIO’s (previous posts available here) we have reached the milestone of Virtual Desktop Infrastructures. They are key component of the new computing paradigm and probably the most challenging option that faces IT management today.

Virtualization came as a consequence of the third wave of IT acquisitions: first we had the golden age of IT Expansion (a lot of new dedicated hardware, software, servers, platforms, business applications to be implemented for the modern enterprise), then we had the Constriction period due to the crisis (that has left many organizations without upgrades, software subscriptions and services), and now we have entered in the wave of Optimized Development where all that is acquired must add a considerable value to the business, otherwise it is discarded.

In a recent post about new technology paradigms for SME we have been trying to provide reasons for SMEs to consider the changing of their computing model from “IT to own” to “IT to use”. Questioning the model is useful always and may bring a great gain for the organization.However, the decision to change may pass over some bumpy roads.

Today we try to put you in front of a real life scenario.

Imagine that you are the IT Manager of a very dynamic organization of around 100 people. Change is the constant in your day-by-day work: you serve a very mobile commercial force, several executives that travel all time, and, among many, two groups (marketing and development) that remain in the headquarters but take work at home after hours too.

I invite you to imagine how things were ten years ago when we were all younger and probably happier; IT models were clearly defined and all was logical and gradual, just an exercise of scalability.

You started with a few PCs, you were connecting them into a network, eventually adding one file server, then a mail server, and starting to think about security. But also security was easier ten years ago. Viruses, worms, and occasionally some successful attack from curious persons that were called crackers, and was pretty much all. We were adding something like 5 to 10 virus signatures per day, and that was enough.

I am not a partisan of the FUD speeches (FUD = Fear, Uncertainty, Doubt). Today, however, I will pass on the negative side of the speech by sharing with you some thoughts about the tough days we are facing:

1. ”Cyber battle apparently under way in Russia-Ukraine conflict” – remove the word “Cyber”, and this could have been a headline 150 years ago too. Unfortunately we are not talking about the armed conflict the Russians generated in October 1853 under the pretext of protecting the Russian Orthodox people.

This post came as a result of a bet I have made recently with one of my colleagues, Shaun Donaldson. The question is if SMB decision makers follow the buying practices of the Enterprise market or not (that process would include information-gathering, analysis and comparing options in a pure “costs vs benefit” model). The wager I can’t disclose, but I can tell you that Shaun is advocating for people being the most rational creatures on Earth;

So let us explore who is right.