Strategic Security: Risk Assessment
You can't build effective security policies without involving non-IT business stakeholders. Here's how to get them to help you assess and address those threats.
NWC ANALYTICSHost Intrusion PreventionHow does Host IPS compare with conventional antivirus solutions? What's the difference between network IPS and host IPS? We answer these questions and more in this Tech Report based on an exclusive survey of enterprise users and in-depth lab analysis.
Keep Your Guard Up
Moving to a virtualized environment doesn't put conventional security measures out of business; however, a few factors are worth considering. First, you can't always deploy a tap or span port on virtualized systems, as you can on conventional devices. Fortunately, IT can use VMware's ability to create vSwitches to its advantage--by putting security right next to virtual server instances, you decrease the perimeter that must be protected.
The main thing to remember: Don't treat a large virtualized infrastructure as a network black box. Security systems must be able to look inside the virtual infrastructure. If it's treated as one solid "box," or system, you might find that an attacker who compromises one VM has a large sandbox in which to play.
We were intrigued by the concept of inline patching. When a vendor releases a patch to an OS or application that VirtualShield protects, Blue Lane tears apart and analyzes the patch, deciphering exactly how it changes the OS's behavior to eliminate a vulnerability. The company promises to produce an inline version in less than 24 hours for critical patches and in no more than 72 hours after the original is released for lower-priority patches.