the State of Security

Chris Hoff

The Tripwire IT Security Incident Top 5 (or is it Bottom 5?) for 2010

by ~Previous Contributers

What are your Top 5 IT Security Events for 2010?
Needless to say, it got the hamster wheel spinning faster than usual. Any time I’ve been asked to cobble together a list of “Top anythings”, it has always been akin to “What are your Top 5 bands or movies?” By that, I mean, they usually change George Costanza-style on the drive home (video) (ohhhhh, I should’ve said ).

With that in mind, here are my Top 5 IT Security Stories/Incidents worthy of consideration in no particular order, with a detailed rationale for each of my choices. Agree? Disagree? Think of one on the drive home? Fire away in the comment section.

Read More

Regulations need to get unreal

by Dwayne Melancon

I’ve had offline discussions about this with a number of customers, but was just reading an article about how PCI needs to address virtualization in its standards.  The fact is, virtualization is being used by most of the companies I’ve met who are subject to PCI, but the “acceptability” of virtualization is very much subject [...]

Read More

Virtualization and PCI: Your Jedi Mind Tricks Won’t Work Forever

by Michael Lohr

IT Jedi Knight: These are not the servers you are looking for. Auditor: (To other auditor) These are not the servers we are looking for. IT Jedi Knight: There is no need to audit the hypervisor. Auditor: We do not need to audit the hypervisor. IT Jedi Knight: Now move along. Auditor: (To IT Jedi [...]

Read More

Virtualization: the promise or the peril?

by Dwayne Melancon

I was just reading George Hulme’s article, “Securing Virtualization, Or Is That Virtualizing Security?” which discusses his reaction to the sessions he saw at BlackHat about virtualization security. In particular, he focuses on his reactions to Chris Hoff’s “The Four Horsemen of the Virtualization Security Apocalypse” session. “What I did walk away from the presentation [...]

Read More

I Want My ROI!

by Michael Lohr

About a month ago, Mark Gaydos and Chris Hoff(Security Pros Say VirtSec Is An Operations Problem?) discussed who owned security for the virtualization space. Mark thought that it was interesting that security did not want to own the virtualization space and Hoff added a wrinkle, saying security was never involved in the first place so [...]

Read More

Who Owns Virtualization Security, the VI Admin or the Security Group?

by ~Previous Contributers

Depending on the situation and who you listen to, you can get different answers to this question. This is not the same debate that Simon Crosby (Citrix CTO) and Chris Hoff have been having. This question is aimed at the customer – who cares about virtualization security today and who will care about virtualization security [...]

Read More