On the last Virtualization Security podcast, our guest was Robert Rounsavall, CEO of Trapezoid. Trapezoid is looking into how to alleviate supply chain security issues; in essence, the security of the hardware. At many a presentation, I have asked attendees, “Do you trust the hardware?” Many times the answer is that they do; at other times, it is that they do not. Whether you trust the hardware depends entirely on your thoughts with respect to hardware security. But what can you do about hardware security? What is the worst that can happen if the hardware is infiltrated?
Articles Tagged with Virtualization Security Podcast
On many a Virtualization Security Podcast I tend to mention that we need greater visibility into the cloud to judge whether Cloud Service Provider security measures are good enough. But why should we bother? I am not saying we should not be concerned about a cloud’s security but that we should as tenants be concerned with clouds meeting our security, compliance, and data protection policies and requirements. Will a cloud service provider ever be able to meet a specific organizations requirements as well as the cloud service providers policies and compliance?
On the 8/9 Virtualization Security podcast, we continued our discussions on defense in depth with a look at end-user computing devices, specifically laptops and endpoint desktops, with Simon Crosby, CTO of Bromium. While we also discussed phones and tablets, we were focused more on the technology preview that now is Bromium vSentry. Bromium vSentry looks to protect laptops (and other machines) from unknown and zero-day attacks in a unique hardware-assisted way. There is now a new tool in our defense in depth toolbox that meets an ever-growing need. But what is the need, and what is the tool?
On the 7/29 Virtualization Security podcast we continued our discussions on defense in depth. We discussed authentication and authorization with IdentityLogix. IdentityLogix provides a unique solution that correlates users and groups against VMware vSphere’s own role based access control stores. In other words, IdentityLogix can identify if a user or group within active directory has more access to VMware vSphere’s management tools than they were intended to be allowed based not only on the user’s username but on the groups in which the user belongs. Why is this important to know?
Intelligence gathering is an oft overlooked aspect of system and data defense in depth. On the 7/12 Virtualization Security podcast we discussed new and old sources of such intelligence. We were joined by Urvish Vashi, VP of marketing, Alert Logic. Alert Logic has updated their report on cloud based security attacks. Add to this the yearly Verizon Breach and other reports, and we start to have a good handle on intelligence of past and possibly future attacks.
The 6/28 Virtualization Security Podcast we spoke about attacks, defense in depth, and compliance with Davi Ottenhiemer and Matt Wallace. Davi and Matt just published a book (available on the Virtualization Bookshelf under Security) on how to defend your virtual environment against attack. Unlike other books, this approaches the problem from the point of view of well know attacks. It even gives examples of some of the more interesting attacks against any of the virtual environments, not just VMware vSphere. The discussion eventually found its way to even newer attacks and their impact on the environment.