Posts Tagged ‘Management’
Cloud Security Start-Up: Dome9 – Firewall Management SaaS With a Twist
Last Updated on Monday, 12 March 2012 01:18 Written by Celframe Security Team Tuesday, 19 June 2012 09:38
Dome9 has peeked its head out from under the beta covers and officially launched their product today. I got an advanced pre-brief last week and thought I’d summarize what I learned.
As it turns out I enjoy a storied past with Zohar Alon, Dome9′s CEO. Back in the day, I was responsible for architecture and engineering of Infonet’s (now BT) global managed security services which included a four-continent deployment of Check Point Firewall-1 on Sun Sparcs.
Deploying thousands of managed firewall “appliances” (if I can even call them that now) and managing each of them individually with a small team posed quite a challenge for us. It seems it posed a challenge for many others also.
Zohar was at Check Point and ultimately led the effort to deliver Provider-1 which formed the basis of their distributed firewall (and virtualized firewall) management solution which piggybacked on VSX.
Fast forward 15 years and here we are again — cloud and virtualization have taken the same set of security and device management issues and amplified them. Zohar and his team looked at the challenge we face in managing the security of large “web-scale” cloud environments and brought Dome9 to life to help solve this problem.
Dome9′s premise is simple – use a centralized SaaS-based offering to help manage your distributed cloud access-control (read: firewall) management challenge using either an agent (in the guest) or agent-less (API) approach across multiple cloud IaaS platforms.
Their first iteration of the agent-based solution focuses on Windows and Linux-based OSes and can pretty much function anywhere. The API version currently is limited to Amazon Web Services.
Dome9 seeks to fix the “open hole” access problem created when administrators create rules to allow system access and forget to close/remove them after the tasks are complete. This can lead to security issues as open ports invite unwanted “guests.” In their words:Keep ALL administrative ports CLOSED on your servers without losing access and control.Dynamically open any port On-Demand, any time, for anyone, and from anywhere.Send time and location-based secure access invitations to third parties.Close ports automatically, so you don’t have to manually reconfigure your firewall.Securely access your cloud servers without fear of getting locked out.
The unique spin/value-proposition with Dome9 in it’s initial release is the role/VM/user focused and TIME-LIMIT based access policies you put in place to enable either static (always-open) or dynamic (time-limited) access control to authorized users.
Administrators can setup rules in advance for access or authorized users can request time-based access dynamically to previously-configured ports by clicking a button. It quickly opens access and closes it once the time limit has been reached.
Basically Dome9 allows you to manage and reconcile “network” based ACLs and — where used — AWS security zones (across regions) with guest-based firewall rules. With the agent installed, it’s clear you’ll be able to do more in both the short and long-term (think vulnerability management, configuration compliance, etc.) although they are quite focused on the access control problem today.
There are some workflow enhancements I suggested during the demo to enable requests from “users” to “administrators” to request access to ports not previously defined — imagine if port 443 is open to allow a user to install a plug-in that then needs a new TCP port to communicate. If that port is not previously known/defined, there’s no automated way to open that port without an out-of-band process which makes the process clumsy.
We also discussed the issue of importing/supporting identity federation in order to define “users” from the Enterprise perspective across multiple clouds. They could use your input if you have any.
There are other startups with similar models today such as CloudPassage (I’ve written about them before here) who look to leverage SaaS-based centralized security services to solve IaaS-based distributed security challenges.
In the long term, I see Cloud security services being chained together to form an overlay of sorts. In fact, CloudFlare (another security SaaS offering) announced a partnership with Dome9 for this very thing.
Dome9 has a 14-day free trial two available pricing models:“Personal Server” – a FREE single protected server with a single administrator“Business Cloud” – Per-use pricing with 5 protected servers at $20 per month
If you’re dealing with trying to get a grip on your distributed firewall management problem, especially if you’re a big user of AWS, check out Dome9.
Employee Deception & Theft – Remote Asset Management Infographic
Last Updated on Sunday, 18 March 2012 02:23 Written by Celframe Web Team Friday, 25 May 2012 11:53
Fraudulent overtime claims – wrongly submitted time sheets.Private Mileage – Using company vehicles for personal use.Automobile Idling – warming cab of vehicle, wasting fuel costs.Stuck in Traffic – Common excuse for tardiness.Cash in hand work – Working for non-taxable paying side job on company time.Doing “flyers” – Having the workers on a job far away from home base and paying for living, but they come home during weekends.Route Diversion – Diverting the driving route to park up with friends, sometimes going 30 miles off route.Turning Off Phones – Used as an excuse to rest and avoid additional assignments.Taking the Scenic Route – Longer routes to ease boredom adds fuel costs.Speeding – the most common cause of wear and tear on a vehicle.
Lots of clip art fill this uninspired infographic. The car images look like they are from an 80s video game. I’m guessing Frogger.
Statistics are provided for each activity that an employee might be getting away with, but the 10 choices leave much to be desired. An employee can’t warm up a car first?
via: RAM Tracking and RAM Infographic
Jun 15, Identity Theft Risk Management
Last Updated on Monday, 12 March 2012 01:17 Written by Celframe Security Team Saturday, 19 May 2012 10:08
An effective identity theft risk management program must consider all risks associated with identity theft and related fraud including the unauthorized download of customer information, operations fraud resulting from stolen personal information from internal and external sources, and, excessive and inappropriate access to view customer information inside and outside of the information systems. In general, identity theft risk management efforts are usually concentrated around four general areas which are protection of personal information, compliance, fraud prevention and lawsuits.
As we increasingly share information with third parties due to outsourcing and other reasons, and digitally store business information including customer personal information, incidents of system intrusions by employees or outsiders become inevitable as we have witnessed in recent news. The excessive collection, retention and sharing of personal information as well as their storage in computer systems which are often connected to the public networks make computer incidents much more devastating for companies and their millions of customers. System intrusions have a much higher impact that non-technical theft of personal information such as hard copy reports containing personal information because digital information can be stolen, stored, carried around and shared in much higher quantities and speed. Many business databases have millions of customer information such as email addresses, names, credit card numbers, date of birth, and unique identifiers such as a social security number used in the United States which can easily be used to commit fraud.
External intrusions as well as unauthorized activities by internal employees to view and download confidential business information pose some of the greatest identity theft risks management challenges for companies. In fact, damage inflicted by insiders is huge and very common and although some employees may have authorized access to business information for legitimate business reasons, their access to systems and information is often not monitored to detect unauthorized activities. This lack of control is often due to the perception that since their access is authorized, inappropriate activities will not occur. This assumption can not be further from the truth as it is only an assumption. Companies must implement internal controls specifically designed for restricting and monitoring insider activities in the areas of information download, storage on external devices, and activities during unusual times of the day.
Identity theft risk management specialists are not only concerned with the protection of their customers’ personal information from external and internal sources for fraud prevention and compliance purposes, but they are also concerned with personal information stolen from other companies which can be used to defraud their own companies. Companies often face Identity theft and fraud risks regardless of where the information was obtained from. High quality information stolen from any source which can be used to easily commit fraud has a wider identity theft ripple effect affecting many other companies. Affected companies may have the best information protection practices; however, if their identity theft risk management efforts do not address their operations, they are likely to experience fraud due to another company’s negligence.
In fact the Red Flags Rule was created to address fraud prevention at the transaction point regardless of where identity fraud components were stolen from. This law is a huge step in the right direction for the identity theft risk management field. For many years, the focus had been around protecting customer information although with less oversight around insider activities. However, we now recognize that information stolen from other sources can affect other companies and their customers which is why the Red Flag identity theft prevention law was created; to force and guide high risk companies toward an effective identity theft risk management and prevention strategy which identifies, detects and mitigates identity theft red flags.
Learn about identity theft risk management certification programs at Identity Management Institute.