As a delegate for Tech Field Day 6 in Boston, I was introduced to several virtualization and performance management tools from vKernel, NetApp, Solarwinds, Embotics, and a company still in stealth mode. With all these tools and products I noticed that each was not integrated into the roles and permissions of the underlying hypervisor management servers such as VMware vCenter, Citrix XenConsole, or Microsoft System Center. This lack of integration implies that a user with one set of authorizations just needs to switch tools to gain a greater or even lesser set of authorizations. This is not a good security posture and in fact could devolve any security to non-existent. Continue reading Centralized RBAC Missing from Virtualization Management Tools
In 2008 Tripwire made itself known in the virtualization space with the release of two free tools, Tripwire’s ConfigCheck and OpsCheck. By the time 2009 came around, Tripwire was getting itself fully established in the virtual space for the release of its new product, Tripwire’s vWire. vWire was released in the summer of 2009 and then killed by the end of that year as Tripwire shifted its focus to an acquisition it made for log management to expand the capabilities of its flagship product, Tripwire Enterprise.
Although Tripwire seemed to completely drop of the face of the earth, at least from the virtualization space, they continued to grow and expand in the Security and Compliance space led by the continued success of Tripwire Enterprise. All seemed to be going well for Tripwire as they filed for an IPO with the SEC and continued on its way to going public.
It seems those plans for going public have changed, or at the very least, delayed. It has been announced that the private equity investment firm Thoma Bravo has entered into an agreement to purchase Tripwire Inc for undisclosed terms. Thoma Bravo has quite the portfolio with investments in companies like Attachmate Corporation, LANDesk Software Inc. and SonicWALL Inc. to name a few. I do not think Tripwire Inc will focus on the virtualization space specificately and will continue down the path of being able to monitor and report on as many different types of hardware in the infrastructure that it can. It’s lack of focus on cloud computing or virtualization in general may really come back to haunt Tripwire in the near future, but they are jumping on to the bandwagon by changing the marketing approach to add mention of the securing the cloud. “Secured by Tripwire – IT Security and Compliance for Cloud and Managed Service Providers”. I really think Tripwire is going to have to work on expanding its own portfolio itself by continuing to innovate and expand its horizons. I was working for Tripwire throughout the creation and release of vWire and have nothing but good things to say about the people and the company itself. I found Tripwire to be an absolutely wonderful place to work and I wish them well and continued success moving forward.
Last year there was a rush of investment in the virtualization security startups which led to some interesting team-ups:
- HyTrust was invested in by Cisco and others.
- Altor Networks was invested in by Juniper and teamed up with Juniper as well.
- Reflex Systems teamed up with Tipping Point.
Missing from this list until now was Catbird Security. Their continuous compliance products where however picked up by some rather large customers: Amazon and many government agencies.
Catbird and HyTrust have teamed up to deliver a product that provides front-end access and compliance control for well understood actions via HyTrust, for all other actions, including intrusions, Catbird Security provides compliance control, firewall, IDS, and IPS. In other words, proactive security via HyTrust and reactive security via Catbird. Continue reading Virtualization Security Team-Ups
When working with VMware ESX there are some tips that I can share that can help you manage your environment. This tips are not anything really new or exciting but rather a reinforcement of some best practices to live by in order to improve auditing for compliance and troubleshooting. Use of the following in conjunction with remote logging functionality will improve your compliance stance and improve your ability to troubleshoot over a period of time.
How you may ask? By using a tool that logs all local administrator actions to a remote logging host. There are two ways to do this today for ESX (SUDO and the HyTrust Appliance) and only one mechanism for ESXi and vCenter (the HyTrust Appliance).
I was privileged to speak at the 3rd Annual South Florida ISACA WoW! Event with Robert Stroud, Alan Shimel, and other great speakers. What I discovered from this conference is something I have feared for quite a number of years. Compliance actions are not continuous but often only enacted when the auditor shows up at the door. Secondly, very few auditors raised their hand when I asked if they are working with Virtualization or have customers that virtualize, this was quite a surprise. Several things pop to mind when talking about Compliance after the ISACA WoW! Event: Continue reading Security and Compliance only when Auditor is at the door