Trend Cloud Security Blog

Currently Browsing: Cloud-based Security

Cloud Security & Adoption Realities: OSSEC survey says…

Posted by Todd in Cloud-based Security, Privacy, Compliance and Identity, Securing the Cloud Dec 18th, 2009 | No Comments
OSSEC is an Open Source Host-based Intrusion Detection System project that has been around since 2003. It was acquired by Third Brigade in 2008, and then Third Brigade was acquired by Trend Micro in 2009. Trend Micro recently completed a global survey of the OSSEC installed base that yielded some interesting results. OSSEC performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alert and active response as ways to protect servers.  OSSEC has a phenomenally loyal base of users – we had 21% of the OSSEC email distribution list complete the survey (a... read more

Can Google Chrome OS Solve Our Security Issues?

Posted by Raimund in Cloud-based Security, Securing the Cloud, Threats from the Cloud Nov 30th, 2009 | 1 Comment
Recently I have been asked by many CISO’s, CSO’s and IT administrators–who have become very tired of the constant system patch battle and constant security software updates–whether new operating systems like Google Chrome could loosen Microsoft’s stronghold on the desktop OS and just maybe whether we could be safer 5 years from now. Actually this is a difficult question.  We in the IT industry will likely see more disruptive technologies 5 years from now.  So the safest way to answer questions like the one above is to reflect on what’s going on at the moment. It... read more

Security FOR the Cloud

Posted by Andy in Cloud-based Security, Securing the Cloud, Virtualization Nov 16th, 2009 | 1 Comment
At Trend Micro we are leading the way in security FROM the cloud with our Smart Protection Network by providing threat correlation in the cloud.  That strategy, rubbished by some at the time, has since been proved out by the number of competitors now trying to imitate it and the recent real world test results from NSS labs. We were also lucky enough to acquire Third Brigade, a Canada-based security firm,  earlier this year and get our hands on their superb “Deep Security” threat protection for Virtual servers.  More than just protection ahead of the patching cycle it offers excellent resource... read more

Myths and Misunderstandings of Cloud-based Security

Posted by Wei in Cloud-based Security Oct 13th, 2009 | 1 Comment
Andreas Marx and Maik Morgenstern presented their paper “Why in-the-cloud scanning is not a solution” at the recent Virus Bulletin 2009 conference.  The paper provided a list of the shortcomings of cloud-based security. Over the past year or so there have been several discussions on this topic, but Marx and Morgenstern have done a good job articulating the issues.  However, I’d like to counter their issues with some thoughts: Issue #1:  The implementations are not proactive, but reactive in nature, despite better response times to new threats. Reality:  Replacing hash signatures with... read more

DDoS and the Cloud: Sad but True

Posted by Todd in Cloud-based Security, Threats from the Cloud Oct 9th, 2009 | No Comments
Amazon EC2 customers recently suffered from a concerted Distributed Denial of Service (DDoS) attack that caused some consternation for the web-based code hosting service Bitbucket (news courtesy of my favorite IT tabloid, The Register).  An unfortunate fact of life about the massive DDoS such as Bitbucket appears to have suffered is that there is no defense once the incoming network pipes are full other than shutting off the DDoS.  Trend Micro has to wrestle with DDoS attacks as part of our antivirus business as well as our hosted security business (shameless sales plug: check out InterScan Hosted... read more

Why aren’t cloud services secured as a service?

Posted by Justin in Cloud-based Security, Securing the Cloud, Virtualization Sep 30th, 2009 | No Comments
Cloud-based security as a service offerings have seen a steady increase in popularity, due to the benefits that the deployment model provides. Security as a service enables rapid provisioning, cost savings and enhanced security through real-time updates and the community effect. With the explosive adoption of public cloud computing it’s time we apply the techniques used to provide security FROM the cloud, to provide security FOR the cloud. In public cloud environments like Amazon Web Services (AWS), the Elastic Compute Cloud (EC2) instances only provide firewall as a service. It’s up... read more

The Security as a Service Model

Posted by John in Cloud-based Security Sep 29th, 2009 | 1 Comment
It’s been almost four years ago since I started to look at the SaaS security model for Trend Micro. To be honest, being a software company, it was very hard getting anybody’s attention. However, the team persisted and sometimes learnt the hard way around what it takes to deliver high availability SaaS applications. Software as a Service (SaaS) is now a well established, cost effective way to deliver traditional software applications without the investment in infrastructure and qualified personnel. The most adopted applications for SaaS are around productivity such as CRM and ERP. However,... read more

Defining the Cloud

Posted by Todd in Cloud-based Security, Securing the Cloud Sep 13th, 2009 | No Comments
Cloud computing is the buzzword in the computing industry, but it can mean many things to many people.  Trend Micro is challenged to use a common vocabulary to describe the various facets of cloud computing.  This post articulates the various aspects of cloud computing so we can speak a similar language.  It is intended to be more pragmatic than doctrinaire and express what we see customers saying in their conversations around cloud computing and the different cloud formations. Lots of smart people have started looking at cloud computing security and the ways in which we consume cloud computing. ... read more

The Next Frontier: Securing the Cloud

Posted by Eva in Cloud-based Security, Securing the Cloud Sep 13th, 2009 | No Comments
Information technology is a great invention and giant step for humankind, almost as much the invention of paper and pen, because it enables the freedom and convenience of information sharing, which promotes and enhances the opportunity to learn, grow and prosper no matter where we are born and how we are raised (both for businesses and individuals). That is why Cloud Computing is even more exciting.  Its capability to correlate, compute and mine humongous amounts of unstructured data eventually will produce new applications that produce new knowledge to benefit more people.  Just think of how... read more