Below you will find reports with the tag of “Virtualization” BlackOasis APT and new targeted attacks leveraging zeroday exploit This post discusses the following event - “On October 10, 2017, Kaspersky Lab’s advanced exploit prevention systems identified a new Adobe Flash zero day exploit used in the wild against our customers. " (more available) Added: November 15, 2018 FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY FireEye recently detected a malicious Microsoft Office RTF document that leveraged CVE-2017-8759, a SOAP WSDL parser code injection vulnerability. This vulnerability allows a malicious actor to inject arbitrary code during the parsing of SOAP WSDL definition contents. FireEye analyzed a Microsoft Word document where attackers used the arbitrary code injection to download and execute a Visual Basic script that contained PowerShell commands. FireEye shared the details of the vulnerability with Microsoft and has been coordinating public disclosure timed with the release of a patch to address the vulnerability and security guidance, which can be found here. (more available) Added: November 15, 2018 Inexsmar: An unusual DarkHotel campaign The DarkHotel attack Inexsmar from 2016 has striking similarities to attacks from as early as 2011. Inexsmar is also focusing on political targets rather than the group’s normal choice of senior corporate officials, corporate research, and development personnel. (more available) Added: November 12, 2018 The Machine Identity Crisis “The use of machines is driving unprecedented improvements in business efficiency, productivity, agility and speed. With businesses increasing their reliance on machines, the number of machines on enterprise networks is growing exponentially. To communicate securely, each machine needs a unique identity to authenticate and secure communications. However, organizations’ abilities to create, manage and protect these machine identities is simply not keeping up with the pace of their evolution. " (more available) Added: November 6, 2018 7 Myths About Network Management In A Digital World This e-book seeks to help you understand all of the many details necessary for succesful network management. Added: October 26, 2018 Securing The Enterprise's Cloud Workloads On Microsoft Azure This paper seeks to help organizations understand that Microsoft Azure (Azure) has a lot more to offer than cost savings. Enterprises with the highest levels of cloud adoption, typically, not only completely re-architect their applications, but also take advantage of automation to streamline the entire development and deployment process. They adopt DevOps pipelines and use CI/CD (continuous integration and continuous delivery) tools with the objective of nimbly meeting customer and business needs. (more available) Added: October 26, 2018 The State Of The Kubernetes Ecosystem This eBook gives a detailed breakdown of the current state of the Kubernetes Ecosystem. Added: October 26, 2018 2017 Global Cybersecurity Assurance Report Card A survey-based report of over 700 individuals. The survey and resulting analysis was perfomed by CyberEdge. Added: October 25, 2018 Cross Domain Security Rising To The Clouds This report asks the question, “The US Government is beginning the migration to cloud services with FedRAMP providers and other dedicated resources – what’s the best approach for your agency?” (more available) Added: October 25, 2018 Kubernetes Deployment And Security Patterns This is the 2nd ebook from The New Stack’s series focused on the Kubernetes ecosystem. Unlike the 1st ebook that centered on the state of the Kubernetes ecosystem, this ebook shines a light on answering the question: How well does Kubernetes work in production? (more available) Added: October 25, 2018 Vendor Landscape Cloud Workload Security Solutions As businesses continue to adopt both infrastructure-as-a-service (iaaS) and platform -as-a-service (PaaS) cloud platforms, S&r pros struggle to protect their organization’s valuable data while minimizing the threat surface of cloud and hybrid cloud workloads. Cloud workload security (CWS) solutions provide automated and layered controls to secure configurations, network, applications, and storage of hybrid cloud hypervisors and workloads. this report provides S&r pros with an overview of the CWS vendor landscape, critical selection criteria, and key vendor differentiation. (more available) Added: October 25, 2018 The Continuum Of Cloud Native Topologies This report gives a clever way to understand Cloud security topologies. It breaks all of the concepts down into a simple continuum. (more available) Added: October 24, 2018 Mobile App Security Methods From The Report, “This article is third in a five-part series developed by Dr. Edward Amoroso in conjunction with the mobile security team from Blue Cedar. The article provides an overview of various mobile app security methods including per-app VPN, containers, and micro-segmentation.” (more available) Added: October 23, 2018 The Digital Business: Creating The Right IT Platform For Digital Transformation The purpose of this paper is to help CIOs and their boardroom colleagues find the right approach to building a digital infrastructure to achieve the right outcomes for their business. (more available) Added: October 23, 2018 2017 Security Annual Volume 1 This paper was written for one purpose: To serve as a useful guide for Chief Information Security Officer (CISO) teams. (more available) Added: October 22, 2018 5G Security Architecture White Paper From the report, “We are now seeing the first incarnations of 5G technology. It provides many capabilities that make it a preferred platform for the digitalized world. Solid security is one of the strengths of 4G networks and the same is expected from 5G. This cannot, however, be achieved just by adapting 4G security features to 5G system because the 5G service palette is more than just an extension from that of 4G. Completely new security functionalities and services are needed in addition to enhanced versions of 4G security features.” (more available) Added: October 22, 2018 6 Key Use Cases For Securing Your Organizations Cloud Workloads This ebook lays out several examples of how to effectively secure your cloud workloads. Added: October 22, 2018 AWS vs. Azure vs. Google: 10 Ways To Choose The Right DataCloud Center For You This is an e-Book that provides 10 ways to pick the right datacloud center. Added: October 22, 2018 Internet of Things Security Considerations In A MultiCloud Environment Security is a key consideration and challenge both for hybrid cloud/multicloud adoption and in taking advantage of the IoT. This Paper takes a look at the details of that consideration. (more available) Added: October 22, 2018 Report Summary: Network Management Megatrends 2016 This is the fourth megatrends study. For this latest version, they have carried forward a number of ongoing questions and threads that are designed to track how the network management landscape is changing over time. They’ve also included many new questions and queries intended to help us characterize and quantify the very latest technology trends. In particular, new questions were added in this report to begin assessing whether hybrid clouds, advanced analytics, and/or the Internet of Things were having an impact on network management tools and practices. (more available) Added: October 22, 2018 Virtualization's Hidden Traps This study explores the pressures cloud migration place on 1,051 IT security professionals from large enterprises with 1,000+ PCs and data centers, based in the US, the UK, France, Italy, Sweden, Denmark, and Germany. (more available) Added: October 22, 2018 «« « 1 2 3 4 » »»
BlackOasis APT and new targeted attacks leveraging zeroday exploit This post discusses the following event - “On October 10, 2017, Kaspersky Lab’s advanced exploit prevention systems identified a new Adobe Flash zero day exploit used in the wild against our customers. " (more available) Added: November 15, 2018
FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY FireEye recently detected a malicious Microsoft Office RTF document that leveraged CVE-2017-8759, a SOAP WSDL parser code injection vulnerability. This vulnerability allows a malicious actor to inject arbitrary code during the parsing of SOAP WSDL definition contents. FireEye analyzed a Microsoft Word document where attackers used the arbitrary code injection to download and execute a Visual Basic script that contained PowerShell commands. FireEye shared the details of the vulnerability with Microsoft and has been coordinating public disclosure timed with the release of a patch to address the vulnerability and security guidance, which can be found here. (more available) Added: November 15, 2018
Inexsmar: An unusual DarkHotel campaign The DarkHotel attack Inexsmar from 2016 has striking similarities to attacks from as early as 2011. Inexsmar is also focusing on political targets rather than the group’s normal choice of senior corporate officials, corporate research, and development personnel. (more available) Added: November 12, 2018
The Machine Identity Crisis “The use of machines is driving unprecedented improvements in business efficiency, productivity, agility and speed. With businesses increasing their reliance on machines, the number of machines on enterprise networks is growing exponentially. To communicate securely, each machine needs a unique identity to authenticate and secure communications. However, organizations’ abilities to create, manage and protect these machine identities is simply not keeping up with the pace of their evolution. " (more available) Added: November 6, 2018
7 Myths About Network Management In A Digital World This e-book seeks to help you understand all of the many details necessary for succesful network management. Added: October 26, 2018
Securing The Enterprise's Cloud Workloads On Microsoft Azure This paper seeks to help organizations understand that Microsoft Azure (Azure) has a lot more to offer than cost savings. Enterprises with the highest levels of cloud adoption, typically, not only completely re-architect their applications, but also take advantage of automation to streamline the entire development and deployment process. They adopt DevOps pipelines and use CI/CD (continuous integration and continuous delivery) tools with the objective of nimbly meeting customer and business needs. (more available) Added: October 26, 2018
The State Of The Kubernetes Ecosystem This eBook gives a detailed breakdown of the current state of the Kubernetes Ecosystem. Added: October 26, 2018
2017 Global Cybersecurity Assurance Report Card A survey-based report of over 700 individuals. The survey and resulting analysis was perfomed by CyberEdge. Added: October 25, 2018
Cross Domain Security Rising To The Clouds This report asks the question, “The US Government is beginning the migration to cloud services with FedRAMP providers and other dedicated resources – what’s the best approach for your agency?” (more available) Added: October 25, 2018
Kubernetes Deployment And Security Patterns This is the 2nd ebook from The New Stack’s series focused on the Kubernetes ecosystem. Unlike the 1st ebook that centered on the state of the Kubernetes ecosystem, this ebook shines a light on answering the question: How well does Kubernetes work in production? (more available) Added: October 25, 2018
Vendor Landscape Cloud Workload Security Solutions As businesses continue to adopt both infrastructure-as-a-service (iaaS) and platform -as-a-service (PaaS) cloud platforms, S&r pros struggle to protect their organization’s valuable data while minimizing the threat surface of cloud and hybrid cloud workloads. Cloud workload security (CWS) solutions provide automated and layered controls to secure configurations, network, applications, and storage of hybrid cloud hypervisors and workloads. this report provides S&r pros with an overview of the CWS vendor landscape, critical selection criteria, and key vendor differentiation. (more available) Added: October 25, 2018
The Continuum Of Cloud Native Topologies This report gives a clever way to understand Cloud security topologies. It breaks all of the concepts down into a simple continuum. (more available) Added: October 24, 2018
Mobile App Security Methods From The Report, “This article is third in a five-part series developed by Dr. Edward Amoroso in conjunction with the mobile security team from Blue Cedar. The article provides an overview of various mobile app security methods including per-app VPN, containers, and micro-segmentation.” (more available) Added: October 23, 2018
The Digital Business: Creating The Right IT Platform For Digital Transformation The purpose of this paper is to help CIOs and their boardroom colleagues find the right approach to building a digital infrastructure to achieve the right outcomes for their business. (more available) Added: October 23, 2018
2017 Security Annual Volume 1 This paper was written for one purpose: To serve as a useful guide for Chief Information Security Officer (CISO) teams. (more available) Added: October 22, 2018
5G Security Architecture White Paper From the report, “We are now seeing the first incarnations of 5G technology. It provides many capabilities that make it a preferred platform for the digitalized world. Solid security is one of the strengths of 4G networks and the same is expected from 5G. This cannot, however, be achieved just by adapting 4G security features to 5G system because the 5G service palette is more than just an extension from that of 4G. Completely new security functionalities and services are needed in addition to enhanced versions of 4G security features.” (more available) Added: October 22, 2018
6 Key Use Cases For Securing Your Organizations Cloud Workloads This ebook lays out several examples of how to effectively secure your cloud workloads. Added: October 22, 2018
AWS vs. Azure vs. Google: 10 Ways To Choose The Right DataCloud Center For You This is an e-Book that provides 10 ways to pick the right datacloud center. Added: October 22, 2018
Internet of Things Security Considerations In A MultiCloud Environment Security is a key consideration and challenge both for hybrid cloud/multicloud adoption and in taking advantage of the IoT. This Paper takes a look at the details of that consideration. (more available) Added: October 22, 2018
Report Summary: Network Management Megatrends 2016 This is the fourth megatrends study. For this latest version, they have carried forward a number of ongoing questions and threads that are designed to track how the network management landscape is changing over time. They’ve also included many new questions and queries intended to help us characterize and quantify the very latest technology trends. In particular, new questions were added in this report to begin assessing whether hybrid clouds, advanced analytics, and/or the Internet of Things were having an impact on network management tools and practices. (more available) Added: October 22, 2018
Virtualization's Hidden Traps This study explores the pressures cloud migration place on 1,051 IT security professionals from large enterprises with 1,000+ PCs and data centers, based in the US, the UK, France, Italy, Sweden, Denmark, and Germany. (more available) Added: October 22, 2018