Why Not SNMP?

The Simple Network Management Protocol, also known as SNMP, has been long considered a vital protocol for Network Administrators. SNMP is often touted as THE solution for monitoring computer based systems, so what's the problem? The problems are so numerous, it is difficult to itemize them all. This whitepaper covers the most important ones.

VIRTUAL-ekg Virtualization Analysis Engine

VIRTUAL-ekg is the first virtualization analysis engine to collect all console data from the physical infrastructure, the hypervisor and the virtual infrastructure. VIRTUAL-ekg can serve as ongoing baseline monitor to make sure applications are performing within the thresholds of their variances.

VIRTUALfx – Security for Virtualized Systems

The nature of the virtual infrastructure presents inherent security problems. VIRTUALfx provides complete security for the virtual environment - VMware, XEN or any other major virtual system.

VIRTUALfx – Monitor, Manage, Remediate in a Virtualized World

TDI's VIRTUALfx technology logs, monitors, manages and remediates problems in a virtualized infrastructure. It does so for VMware or XEN hypervisor systems today and will add more vendor technologies as they are more generally accepted. VIRTUALfx is built on TDI's Consoleworks' well proven, mature business critical infrastructure management technology which provides well understood management and remediation of physical infrastructure. Combining these technologies provides the user with a mature, single solution to monitor, manage, log and remediate the virtual and physical environment within the same solution.

Security and Compliance GAPS in Traditional Logging Systems

Log management, aggregation and mining are the heart of both security and event management in the enterprise. Today, all log management systems are dependent on the SNMP protocol. Thus, they cannot log the critical data at the BIOS level which constitutes the root cause data necessary for remediation. Nor can traditional log management systems protect the enterprise - corporate or government from intrusion at all times and under all conditions.

Performance Monitoring In A Virtualized World

Agent-based performance management systems are, by definition, intrusive: they require the presence of an agent to monitor the system. Virtualized environments are particularly susceptible to the problems and overhead generated by agent-based systems.

Proactive Event Management In A Virtualized World

The goal is to find problems, identify their root cause and remediate them before they take down a major business process, network or cascade into taking down a major part of the infrastructure. You want to be able to see when the first redundant drive goes down, not wait until the second one goes down to know you have a problem.

The Persistence Gap: The Dirty Little Secret of Security Compliance

The Persistence Gap is a widely recognized, though not widely discussed, hole in the nation's infrastructure security. It is a wide open door to every hacker, vengeful employee, or terrorist.

Mitigating Risk Disaster Recovery

Disaster recovery in a physical or virtualized world has new, more challenging hurdles to overcome. Companies now recognize if their disaster recovery depends on the network that is down, it is not possible to recover quickly or without serious pain.

Log Management In A Virtualized World: Are You Naked?

In the age of virtualization, traditional log management systems are open to intrusion and fail to meet standard compliance tests for HIPPA, Sarbanes-Oxley, NERC CIP and other federal agencies. There are four major problems with these systems.

Managing Virtualization Across The Enterprise

The advent of virtualization, and hardware service processors, has changed all the best practices for infrastructure management, compliance and logging. Production virtualization has forced a new paradigm. Rapidly deployed "Outside In" infrastructure management will replace traditionally deployed "Outside In" management.

You're Compliant, But Are You Protected?

Being PCI, HIPAA, SOX or NERC-CIP compliant is no protection when you are breached. Recently the country watched as Hannaford Brothers, a major grocery retailer in Maine, had to disclose its security had been breached by insiders who stole credit card information and caused millions of dollars in damages.

Security Alert - PCI Compliance Issues Discovered with Service Processors

SANS Institute, the nation's largest IT security and audit training organization (www.sans.org) recently discovered every computer delivered today has an onboard service processor that is discoverable and open to hacking. Existing log management systems are blind to this threat. PCI standards mandate companies using credit card information must protect against this threat or be subject to fines and litigation if credit card information is stolen. Service processors present an unaudited entry point where credit card data can be stolen or compromised.

Security Alert - Green Data Center

The green data center is the new buzzword in computing. Going "green" entails a move to virtualization, use of the service processor to power on and off equipment, using rack mounted devices and monitoring, then optimizing power consumption in the data center.

NERC CIP Cyber Asset Alert: Service Processors Classified As Critical Cyber Assets

Problem: Onboard service processors present on virtually every computer or infrastructure device have been determined to use a "routable protocol" and thus constitute access points to "critical cyber assets." This is a clear threat to the energy power grid and must be mitigated.

IT Audit Security Alert: Log Management Systems Blind to Virtualization

Virtualization is on the lips or in the budget of every major IT shop. New security problems with virtualized environments are being discovered rendering virtualization a potentially insecure solution for PCI, HIPAA Compliance, Sarbanes Oxley compliant environments.

IT Audit Security Alert: Service Processors Subject to Inside and Outside Intrusion

SANS Institute, the nation's largest IT security and audit training organization (www.sans.org) recently discovered every computer delivered today has an onboard service processor that is discoverable and open to hacking. Existing log management systems are blind to this threat.

DOD Bans the Use of Removable, Flash-Type Drives

The Defense Department has banned the use of removable flash media and storage devices from all government computers, according to a series of notices put out by the services in November 2008.

Real IT Problems In Virtual Environments

Originally, many of the problems plaguing virtual environments were licensing, support, and emerging technologies, but as more players have entered the field and active installations go live, these initial challenges are taking a backseat to emerging challenges.

Gartner Says Organizations That Rush to Adopt Virtualization Can Weaken Security

Virtualization offers organizations the opportunity to reduce costs and increase agility, however, if this is done without implementing best practices for security, virtualization may actually increase costs and reduce agility, according to Gartner, Inc.

Virtualization Security

More security attacks against virtualization software may be coming, according to IT security expert Ed Skoudis. He urges IT managers to make security a higher priority as server and desktop virtualization continue to carpet IT networks.

HHS Takes Privacy and Security Rule Enforcement Action

On July 15, 2008, Providence Health & Services, a Seattle-based not-for-profit hospital and health care system, agreed to pay a $100,000 "resolution amount" - not a civil monetary penalty - as redress for multiple incidents between September 2005 and March 2006, in which portable media containing unencrypted ePHI were taken off-site, left unattended and subsequently stolen. The ePHI of over 368,000 patients was compromised.

Black Hat Spotlights Virtualization, DNS Issues

LAS VEGAS (8/8/08) — The 12th Black Hat conference convened at Caesar's Palace last week, where the 4,500 attendees (a 12.5% increase over last year) heard about the security problems that will plague virtualized environments...

How To Root Out Rootkits

Find out how and where they hide, what they're hiding, and how you can (and can't) stop them.

VMs Can Hurt You

Recently Verizon Business released its 2008 Data Breach Security Report, summarizing the results of four years of forensic research into more than 500 security incidents. While it doesn't focus on server virtualization specifically, it does illustrate a lot about virtualization security as well.

2008 Data Breach Investigations Report

Data breaches. You've gleaned all you can from the headlines; now you have access to information directly from the investigator's casebook. The 2008 Data Breach Investigations Report draws from over 500 forensic engagements handled by the Verizon Business Investigative Response team over a four-year period. Tens of thousands of data points weave together the stories and statistics from compromise victims around the world.

Infrastructure Assessment

This evaluation questionnaire helps to identify key assessment areas within the organization for infrastructure management, enterprise log management, event management and virtualization. By completing the assessment, you and the professionals at TDI will gain a better understanding of your organizations needs and specific requirements.

SANS Technology Institute - Bill Johnson CEO TDI

Bill Johnson, CEO TDI
April 2nd, 2008
By Stephen Nortcutt

Bill Johnson, CEO TDI, was the first person in the industry, that I am aware of, to sound the clarion call that we might be vulnerable to attacks via the Baseboard Management Controller (BMC). That certainly qualifies him as a security thought leader, and we certainly thank him for his time.

SANS Newsletter

Hundreds of millions of devices are being placed on networks with built-in back doors. Printers, routers, computers, control systems, storage systems, medical devices, nearly every automated device has them. The manufacturers of these systems never told you how vulnerable you are.

2007 E-Crime Watch Survey

The Insider Threat Team has also teamed with the U.S. Secret Service and CSO magazine to conduct, analyze, and publish findings from an annual E-Crime Watch survey from research that was conducted to attempt to identify electronic crime fighting trends and techniques, including best practices and emerging trends.

Requirements for Virtualized Systems: Virtualization Management RFP

Listing of key features and values for a virtualized systems, virtual management RFI/RFP.

Requirements for Virtualized Systems: Log Management RFP

Listing of key features and values for a virtualized systems, log management RFI/RFP.

Emulators