Friday, February 27, 2015

Security, Cloud and Networking Weekly News Roundup: February 23 - 27

This week's news in cloud, networking, and security - the week of February 23rd: 

Cyberattackers have free rein in a victim's systems for median of 205 days before detection, and some breaches "can go undetected for years," says a new report from FireEye. Also, 69% of organizations breached in 2014 learned of the attack from a third party Fewer Enterprises Able To Detect Hacks on Their Own

Worldwide enterprise software spending is on track to hit $335 billion. This is a 5.5% increase from 2014. Data center systems worldwide are also projected to pass $143 billion in 2015.  IT spending on pace to grow 2.4 per cent in 2015

What's wrong with my private cloud ... from Simon Wardley

IBM hopes to capture $40 billion in annual revenue from cloud, big data, and security growth areas by 2018. At the company's annual investor meeting in New York on Thursday, CEO Virginia Rometty said she was happy to jettison revenue from business units selling low-end servers, semiconductors and cash registers. IBM Pumps $4 Billion Into Cloud and Mobile Initiatives via the Wall Street Journal

HP hopes to prevent future networking division challenges in the U.S through potential Aruba acquisition. Aruba’s annual sales are projected to grow to more than $1 billion by 2017, from $729 million in the year through July. HP in Talks to Buy Aruba Networks for Wi-Fi Infrastructure via Bloomberg

Upcoming events Cohesive is hosting and attending:
  • 2 Mar - CloudCamp Chicago - Cloud Security
  • 11 - 12 March - exhibiting and speaking at CloudExpo in London
    • Wed at 1pm Chris Swan is on the panel "Panel: Is the future containers, virtualization, or both?" in the Service Provider & Cloud Ecosystem Theatre – Technology
    • Thurs at 1.15pm Chris Swan is presenting "The Application Security Controller" in Software Defined Data Centre and Networks Theatre
  • 20 - 24 April - attending RSA Conference in San Francisco
  • 30 April - Cohesive Sponsoring & hosting the Secret Service Chicago Electronic Crimes Task Force April meeting

Tuesday, February 24, 2015

Guard Against Cyberattacks - Application Segmentation and Security

Originally published on the Illinois Technology Association blog on 2/9/2015


2014 saw more than 697 separate data breaches in the U.S., according to an October report from the Identity Theft Resource Center (ITRC). The organization estimates the 2014 attacks exposed over 81,443,910 personal records of customers, patients, partners and employees. Organizations are now facing potential exploitation by hackers, criminal gangs, foreign governments, and even disgruntled employees.

Just last week, a large health insurance company was attacked, exposing over 80 Million patient and employee records.

How can companies in all industries best prevent attacks?

Perimeter-focused security is broken

Most enterprises focus on perimeter defenses and overlook internal network security. Yet, the Target and Sony hackers exploited the weak internal network security to plunder the critical applications “on a wire” connected inside the network.

Today’s complex and distributed networks can create a more porous data center perimeter. Once hackers (or a disgruntled employees) breach the perimeter, they can easily expose potential weaknesses inside the network, like what happened in the recent Sony attack. Nearly 85 percent of insider attacks or “privilege misuse” attacks used the target enterprises’ corporate local area network (LAN), according to a 2014 Verizon security report.

Hackers are now using corporations’ networks against them.



Changes are coming - from regulation and the board room

2014 also saw some hope for enterprises looking for cures for the common data breach: more government agencies and compliance groups are updating security standards to match modern cybercrime.

Upcoming security compliance regulations - like NIST, PCI, and the EU banking standards - are beginning to focus more on security at all layers. Wrapping applications into secure networks is a new and potentially game-changing way to thwart east/west attacks.

Defense in depth with application security controllers

To guard and quarantine an application, enterprises can force all data and network traffic to go through secure, encrypted switches at every layer within a data center network. Controlled access and encryption can all but eliminating malicious east/west movement.

In order to gain control over all incoming and outgoing traffic for each application, enterprises can use “micro-perimeters” to break the secure network into smaller, tightly controlled overlay networks. Just like the physical segmentation at the core hardware layer and logical segmentation at the virtualization layer, a micro-perimeter can provide “application segmentation.”

With application segmentation, enterprises can dictate what traffic travels to each application server through the application security controller. Because all data must pass through an encrypted switch, enterprises can mediate security and segmentation. User traffic then gets isolated to flow through the application’s secure edge. Even with only basic interior firewall rules, this enterprise can protect themselves from an east/west exploit.


VNS3:turret - Application segmentation creates secure micro-perimeters 

VNS3:turret is an application security controller from Cohesive Networks. Enterprises can deploy multiple VNS3:turrets as encrypted, clustered virtual appliances, creating a micro-perimeter around mission critical applications. The micro-perimeter works as a secure, redundant network combined with dataflow and compliance tools. VNS3:turret’s “application segmentation” provides the most comprehensive application security model available today.

Application security controllers can add security within the network layers to strengthen existing core networking hardware and virtualization layer security. Installing full function network security appliances for each application can improve network security without changing existing network or security infrastructure.

VNS3:turret is deployed as clustered software-only virtual appliances that create a micro-perimeter to secure your mission critical business systems in any network. The application segmentation allows each application’s developer team to take a proactive role in cybersecurity in any public, private, hybrid or virtualized environment.

Get in touch with the Cohesive Networks team to find out how VNS3:turret can secure your critical applications.

Read the full post on the ITA blog

Friday, February 20, 2015

Security, Cloud and Networking Weekly News Roundup: February 16 - 20

This week's news in cloud, networking, and security - the week of February 16th: 

Lenovo laptops have a dangerous superbug called Superfish, which tampers with Windows' cryptographic security and allows man-in-the-middle attacks. Superfish allows external groups to inject advertising into secure HTTPS pages. Robert Graham has extracted the key and posted it on his blog.  Check to see if your laptop is vulnerable by visiting this website ow.ly/Jl0ZF via FiloSottile. Lenovo Is Breaking HTTPS Security on its Recent Laptops via the EFF
"Lenovo: For Those Who Do Have Adware
Installed by the Manufacturer." quips Slate.com

Microsoft says Azure is now compliant with the data privacy standard from the International Organization for Standardization (ISO) ISO/IEC 27018 standard. Compliance could be a major selling point for privacy obsessed consumers looking at public clouds like Google and Amazon. Microsoft claims compliance with ISO data privacy standard via Gigaom

Hackers use malware to impersonate bank officers and transfer millions from banks in Russia, Japan, Switzerland, the United States and the Netherlands into dummy accounts. Kaspersky Labs, who discovered the Carbanak hack, estimates losses over $1bn (£648m) over 24 months. Bank Hackers Steal Millions via Malware from the New York Times

HP will begin selling commodity open source switches built by Accton with Cumulus Linux OS. In 2014 HP's networking unit posted about $2.6 billion in revenue, up from $2.5 billion in 2013. HP Boosts Networking Line in Deals With Cumulus and Accton via Re/Code

Japan's government National Institute of Information and Communications Technology (NICT) received more than 25 billion online attacks in 2014. The Japanese government logged the attempts to compromise systems, with 40% traced to China. Japan sees 25 billion online attacks in 2014 via ZDnet

Upcoming events Cohesive is hosting and attending:
  • 2 Mar - CloudCamp Chicago - Cloud Security
  • 11 - 12 March - exhibiting and speaking at CloudExpo in London
    • Wed at 1pm Chris Swan is on the panel "Panel: Is the future containers, virtualization, or both?" in the Service Provider & Cloud Ecosystem Theatre – Technology
    • Thurs at 1.15pm Chris Swan is presenting "The Application Security Controller" in Software Defined Data Centre and Networks Theatre
  • 20 - 24 April - attending RSA Conference in San Francisco

Tuesday, February 17, 2015

A message from your friends in a foreign government

photo credit: the Atlantic

Hi,

It's your friends in foreign government here.




Look, we don't normally do this, but because we’re really really nice people we thought it might be nice to give you some advice on security. Now listen carefully….

Application security is a myth. You don't need it!  It’s been made up by a bunch of startups trying to get attention for being “disruptive.” Don’t worry about them. We have your best interests at heart.

That thing that happened at Sony was not their fault.  It was probably one person (in North Korea?) who attacked them because their PS4 stopped working.

Take it from us: one nice big firewall is all you need.  The bigger the better! Make sure to get one that draws lots of power, too. The bigger the firewall is the more people it will stop from trying to break in and steal stuff. The more power it uses, the harder it works at protecting your edge. Don't worry about all that “save the planet” green stuff, that’s just more nonsense.

Of course everybody knows that one big firewall is enough.  Our research and defense departments tell us there is no chance a hacker can get in and move “east and west” across your applications compromising one system after another.

It is totally fine to have your payroll system, payment gateway, client databases, and billing solution in your application VLAN. If you’re one of those “paranoid types” then stick a firewall between your application VLAN and your edge... but you don't really need it. You're good with that big firewall at the edge!

No need to secure each application individually.If you think the cost of one of those big firewalls is just way too much, just imagine trying to configure each one yourself!  Nightmare!!

No, take it from us, one massive (heavy in weight) firewall is all you need.

Now, we noticed something concerning in your email inbox erm, in the news. That announcement from Cohesive Networks about application security...that its not true, no sir!  It can’t be. Just treat it like virtualization - it’s ‘just a fad’. Stay clear of this and buy a big firewall instead!


By Sam Mitchell, Senior Solutions Architect at Cohesive Networks

Friday, February 13, 2015

Security, Cloud and Networking Weekly News Roundup: February 9 - 13

Cloud, Networking, and Security news for the week of February 9th: 

New Helion VPC (virtual private cloud) offerings are "tailored to meet a range of computing requirements, from lighter workloads such as software development to more demanding jobs such as running complex ERP (enterprise resource planning) applications." The new offerings will primarily be aimed for larger medium-size organizations. HP courts enterprise workloads with new Helion private clouds via InfoWorld

 Using a stolen password, hackers were able to break into Anthem health insurance companies' database containing personal information of former and current clients, as well as employees. Reports suggest the healthcare insurance provider did not encrypt the Social Security numbers contained in the database.  Anthem data breach cost likely to smash $100 million barrier via ZDnet

Today, US Cyber Summit Aims to Boost Defenses, Mend Fences

A report from CloudEndure, shows AWS had a 41% quarter-over-quarter reduction in number of global performance issues, down from 127 Q4 2014. Microsoft Azure's number of total errors in Q2, Q3 and Q4 are down by 22% from a peak of 259 errors in Q1 2014. Keeping The Cloud Up–The Great Amazon Microsoft Cloud Reliability Showdown via Forbes


VMSware - What is new in vSphere6 

Upcoming events Cohesive is hosting and attending:

  • 2 Mar - CloudCamp Chicago - Cloud Security
  • 11 - 12 March - exhibiting and speaking at CloudExpo in London
    • Wed at 1pm Chris Swan is on the panel "Panel: Is the future containers, virtualization, or both?" in the Service Provider & Cloud Ecosystem Theatre – Technology
    • Thurs at 1.15pm Chris Swan is presenting "The Application Security Controller" in Software Defined Data Centre and Networks Theatre
  • 20 - 24 April - attending RSA Conference in San Francisco

Share this Post

Related Posts Plugin for WordPress, Blogger...