WannaCry is still fresh in our memory, reminding organizations of how distractive an unpatched vulnerability can be especially if weaponized as a wormable threat that delivers ransomware. BlueKeep has been estimated to have the same disruptive potential as EternalBlue (the exploit responsible for WannaCry) if sporting worm-like behavior, especially since RDP is a commonly used service in organizations, allowing IT and security teams to remotely dial into machines.
All about Virtualization and Cloud Security | Recent Articles:
Cryptographic keys and digital certificates used to uniquely identify machines or applications are vital to businesses that want to guarantee the integrity of in-transit data. However, even businesses with mature DevOps practices sometimes fail to follow practices designed to secure the use and storage of cryptographic keys and digital certificates.
After several years of peeking through the programming as a very niche topic at RSA Conference, DevOps has broken through to the limelight this week. The show has featured a number of talks and panels that discussed the security implications of DevOps and the corresponding increased dependence on cloud platforms and containerization in delivering IT services.
There is ongoing discussion around how DevOps impacts the role of enterprise security.
When the term DevOps was first seen on the horizon of enterprise IT in 2009, it was largely questioned how enterprise IT security teams could keep up with such environments.
Protecting the Grid: Utilities and Energy Companies Need to Be Smart About Security
In this latest installment of our series on security issues in a variety of industries, we look at the utilities and energy sectors. These companies represent a prime market for managed services providers (MSPs) and value-added resellers (VARs), because for any country, protecting the energy grid must be a high priority.
A chilling and widely reported bit of news surfaced recently when the director of the U.S. National Security Agency (NSA) warned that Chinese cyber attacks could shut down the U.S. infrastructure, including the power grid.
As reported by Reuters, China and "probably one or two" other countries have the ability to invade and possibly shut down computer systems of U.S. power utilities, aviation networks and financial companies, Admiral Mike Rogers, director of the NSA testified to the U.S. House of Representatives Intelligence Committee on cyber threats.
One of the most serious security challenges for enterprises today is the ease with which users can sidestep IT for the apps and information services they need. The danger is especially high when these employees are also creating and accessing confidential or regulated information. It means this data is sprawling out to apps and clouds that may not have the necessary controls to keep all of this data safe.
What makes this condition worse is that many companies don’t even believe this is going on within their organizations until they are forced to actually see it happening. For instance, just a few weeks ago I was sitting in on a live demo of a network monitoring application at a local company. The CIO there was positive that there was not any “unsanctioned” cloud apps running on their network. I told him I found that hard to believe, but would be impressed if it was so.
Creating software is a perpetual journey. Just like relationships, technologies start young and reach maturity over time as they evolve through several phases of completion. Some of them don’t reach adulthood because they’re ahead of their time or simply not practical, while others refuse to go quietly due to their massive popularity in the business world.
Regardless of industry and activity field, truly ground-breaking technologies are designed with a sole intention: to transform the customer experience in ways that no one has done before. With most businesses, however, change doesn’t come naturally, just as habits (good or bad) die-hard in a long-term relationship.
DevOps and continuous integration and deployment efforts boost productivity and agility, but it’s crucial that security moves along with the journey.
DevOps and continuous integration and continuous deployment methodologies are taking hold in enterprises everywhere – and those that do so are clearly more effective and efficient. If you’re not convinced of that, have a look at Puppet Labs’ State of DevOps survey for this year, and last, which found that DevOps organizations are deploying code 30 times faster and with half as many failures as non-DevOps enterprises.
Those DevOps outcomes, because of their focus on steady improvement through continuous collaboration and rapid iterations, are exactly what organizations are hoping to achieve. And from that, they reap a more agile and competitive enterprise.
The driver behind server virtualization is clearly cost savings, while agility and flexibility also have value. This well-known return on investment is achievable because servers have fairly predictable workloads, tend to be rather static in their workloads (an Exchange server tends to stay an Exchange server).
Also, the number of servers that can be run on each CPU across a datacenter tends to be low because, generally speaking, they need more horsepower than an end-user system.
Virtualized desktops are quite different. The number of desktops per-CPU across a Virtual Desktop Infrastructure (VDI) is much higher than with servers. The environments tend to be highly dynamic, with instance being instantiated and destroyed at a high rate.
Naturally, trying to lead with cost savings as a primary goal of a VDI deployment is problematic. Instead, agility and flexibility are key.
Cloud Security
Subscribe to Blog Updates
Posts by Categories
- Advanced Persistent Threat (4)
- APT (4)
- artificial intelligence (2)
- biometrics authentication (1)
- botnet (1)
- breach (3)
- bug bounty (1)
- business sabotage (1)
- business security (4)
- BYOD (28)
- CIO (12)
- CIRA 2020 Cybersecurity Report (1)
- CISO (16)
- cloud breach (1)
- cloud misconfiguration (2)
- Cloud Security (120)
- cloud-based apps (1)
- connected care (1)
- container security (1)
- corporate hijacking (3)
- covid-19 (2)
- credit card (3)
- cryptocurrency (7)
- cryptojacking (8)
- cryptomining (4)
- cyber insurance (2)
- Cyber Security Awareness Month (5)
- cyber threats (1)
- cyber-attack (10)
- cybersecurity awareness (26)
- data breach (30)
- data breaches (1)
- Data Protection (75)
- data protection act (3)
- datacenter (3)
- DevOps (10)
- EDR (5)
- Elasticsearch server (1)
- endpoint detection and response (1)
- Endpoint Protection & Management (18)
- Enterprise Security (424)
- Equifax (2)
- Events (4)
- FBI (1)
- financial services (15)
- garter (1)
- GDPR (21)
- General Data Protection Regulation (4)
- government alert (1)
- Healthcare (20)
- honeypot (1)
- HVI (1)
- hyperconverged infrastructure (1)
- hypervisor (15)
- hypervisor introspection (11)
- identity theft (4)
- Industries (33)
- insider threats (14)
- Integration (2)
- IoT (13)
- IoT botnet (2)
- IoT, Policy, security (9)
- IT Compliance & Regulations (32)
- Linux (1)
- Machine Learning (7)
- malware, threats (14)
- managed detection and response (1)
- managed services provider (3)
- memory introspection (12)
- Microsoft (3)
- misconfigured servers (1)
- mobile security (1)
- MSP (3)
- Network Protection (12)
- online sabotage (1)
- phishing (2)
- power grid (4)
- ransomware (9)
- ransomware, HVI (3)
- remote work (7)
- report (1)
- security (2)
- Security as a Service (15)
- Security Threats (61)
- SMB Security (44)
- Software-defined-datacenter (5)
- telecommunications (2)
- unsecure database (1)
- Virtualization & Data Center Security (70)
- vulnerability disclosure policy (1)
- WDATP (1)
- wfh (2)
Latest Tweets
Tweets by @Bitdefender_EntPosts by Month
- December 2020 (31)
- November 2020 (33)
- October 2020 (39)
- September 2020 (26)
- August 2020 (29)
- July 2020 (34)
- June 2020 (40)
- May 2020 (33)
- April 2020 (31)
- March 2020 (28)
- February 2020 (23)
- January 2020 (26)
- December 2019 (28)
- November 2019 (24)
- October 2019 (28)
- September 2019 (19)
- August 2019 (17)
- July 2019 (23)
- June 2019 (15)
- May 2019 (17)
- April 2019 (20)
- March 2019 (19)
- February 2019 (20)
- January 2019 (19)
- December 2018 (19)
- November 2018 (23)
- October 2018 (22)
- September 2018 (22)
- August 2018 (23)
- July 2018 (24)
- June 2018 (22)
- May 2018 (28)
- April 2018 (23)
- March 2018 (22)
- February 2018 (19)
- January 2018 (19)
- December 2017 (13)
- November 2017 (17)
- October 2017 (19)
- September 2017 (18)
- August 2017 (16)
- July 2017 (17)
- June 2017 (16)
- May 2017 (17)
- April 2017 (15)
- March 2017 (16)
- February 2017 (13)
- January 2017 (14)
- December 2016 (11)
- November 2016 (14)
- October 2016 (11)
- September 2016 (10)
- August 2016 (15)
- July 2016 (12)
- June 2016 (15)
- May 2016 (10)
- April 2016 (13)
- March 2016 (15)
- February 2016 (14)
- January 2016 (6)
- December 2015 (6)
- November 2015 (9)
- October 2015 (8)
- September 2015 (11)
- August 2015 (8)
- July 2015 (10)
- June 2015 (3)
- May 2015 (8)
- April 2015 (6)
- March 2015 (5)
- February 2015 (7)
- January 2015 (8)
- December 2014 (8)
- November 2014 (9)
- October 2014 (8)
- September 2014 (9)
- August 2014 (9)
- July 2014 (8)
- June 2014 (8)
- May 2014 (6)
- April 2014 (8)
- March 2014 (5)