the State of Security

What Virtualization Problem?

Virtualization And Increasing The Rate Of Fire Looks Like…

by ~Previous Contributers

Mark Gaydos wrote an entry called “Virtualization Doesn’t Kill People. People……”, but somehow the imagery that he evoked didn’t seem quite right to me. Here’s the imagery that comes to my mind when the topic of virtualization, lack of controls, and increasing the rate of fire come up… As auditors say, where’s there’s smoke, there’s [...]

Read More

Maybe The VM Admin Really Is Dead? Long Live the VI Architect!

by ~Previous Contributers

Matthijs from VirtualFuture wrote a very thoughtful response to my blog entry “Is The VM Admin Really Dead? Sure Seems Unlikely To Me…” It made me rethink some of my assumptions, and compels me to restate my position more clearly (and, I believe, makes it more accurate.) Thank you, Matthis! Here’s an excerpt of his [...]

Read More

Living Dangerously, Vol 1: Should You Put Production And Test On The Same ESX Cluster?

by ~Previous Contributers

Last week, I had great fun presenting a webinar with Mike Poor from Intelguardians on “Understanding And Mitigating Virtualization Security Risks in VMware ESX.” For me, the best kind of webinar are interactive, where there are a bunch of thought-provoking Q&A that are being fielded throughout the presentation. This webinar was definitely one of those. [...]

Read More

Is The VM Admin Really Dead? Sure Seems Unlikely To Me…

by ~Previous Contributers

In my last article, I had written about the “The Sometimes Fun, But Scary, Risks Of VM Administrator Access” and the sometimes startling amount of access to systems and data that the VM administrator has. As Mike Poor from Intelguardians put it… “virtualization does wonders to solve the IT asset management problem, but creates some [...]

Read More

Why Virtualization Amplifies The Disconnect Between Security and IT Operations, And What You Can Do About It

by ~Previous Contributers

Perhaps you’ve heard information security being labeled by IT operations or the business with the following words: shrill, hysterical, irrelevant, bureaucratic, bottleneck, difficult to understand, not aligned with the business, immature, perpetually focused on irrelevant technical minutiae… Almost every information security practitioner I’ve talked to (myself included, by the way), admits to having heard some [...]

Read More

The Sometimes Fun, But Scary, Risks Of VM Administrator Access

by ~Previous Contributers

Earlier this week, I was working with my friend Mike Poor from Intelguardians on an upcoming webinar that we’re doing together on understanding virtualization security risks, and practical steps any organization can take to mitigate them. As we were capturing our screenshots on a semi-production ESX server, I had several a-ha (or maybe it’s holy [...]

Read More

← Previous Entries

Next Entries →