It’s time we re-examine virtual security practices

It's time we re-examine virtual security practices

We’ve been hearing about the potential benefits of using a security solution designed specifically for virtual environments for a few years.

Unfortunately, many infosec departments continue to protect virtual environments with traditional, or legacy, approaches. While this is certainly a step in the right direction, something many see as “good enough,” the fact is traditional security doesn’t cut it, and exposes you to risk. To put a finer point on it, not adopting VM-focused solutions has the added impact of taking away those hard earned efficiency gains, promised by a virtual environment.

With more data centers in the cloud than ever, waiting around to address this problem is no longer feasible. Just look at what happened with the VENOM exploit — a vulnerability that put millions of virtual machines at risk — and you’ll see that hackers have started to attack these ubiquitous virtual machines in sophisticated new ways.

Now that virtualization has become the norm  it’s time we re-examined the need for better, virtual-specific modes of keeping your servers safe and secure.

[Read more…]

A Stark Reminder Of The Need For Virtual Security

A Stark Reminder Of The Need For Virtual Security

Now that the VENOM vulnerability has been dealt with, it’s time for technologists to seriously consider how ready they are for virtualization security.

Especially if you’re working in an organization with a significant investment in the cloud, this is one area you can’t afford to ignore any longer.

The VENOM vulnerability was discovered last May in an old string of code used in a majority of modern day virtualization hardware. The glitch allows an attacker to login to a virtual machine from the front door (e.g. buying space on AWS) and then “escape,” gaining code execution ability on the host, as well as any other VMs operating on that machine.

And while the threat was neutralized almost immediately with a series of patches, the story underlines a sad state of security in the virtualized world. As is the case with all major technological advances, security has lagged behind for years in the world of virtualized computing.

And it’s the IT department – not a lack of technology – that is to blame for the hold up.

[Read more…]

15 upgrade FAQs for Symantec Backup Exec 15

Upgrade FAQ Symantec Backup Exec 15

If you’re considering Backup Exec 15, this blog post has (almost) every detail you need to know in 15 questions. I parsed through Symantec’s documentation to provide the top 15 things you need to know about Symantec’s latest release. So let’s jump right in.

[Read more…]