TrendMicro to 'protect the cloud'

TrendMicro last year introduced its cloud computing strategy to deliver security to desktop PCs. Now the security software vendor, according to CEO Eva Chen, is taking cloud security a step further by protecting the cloud itself.

An update to its Deep Security product, introduced Monday, offers protection for the "entire server," including the operating system, network, and applications layers, according to the company.

So is why there a need for yet another layer of server protection. Don't servers already have an enormous amount of protection?

She acknowledged that servers are typically protected by a firewall, an intrusion detection system (IDS), and an intrusion prevention system (IPS). "But now people are doing virtualization," Chen said. "And once you do virtualization, the server can move from one network center to another network center or move from your own data center to a public data center, and therefore the server is not just behind the firewall all the time. It needs to protect itself."

Another issue is the changing nature of servers. In the past, they mostly were used to serve up data. But with cloud computing, applications run on the server and that makes them vulnerable to hackers. "In last two years an enormous amount of Web servers were attacked by cybercriminals. They just insert SQL injections or a malicious link in your site or serve up malicious content from your site," Chen said.

Initially, TrendMicro's product is aimed at the enterprise but, long term the company plans to develop services to support small Web sites and blogs.

As a small site owner, I understand the need. SafeKids.com, which is a WordPress blog I maintain, was attacked a couple of years ago due to a security flaw in a template I was using. The attacker embedded hidden links to sites that offered male enhancement products. I discovered the problem when I was embarrassed by Google Viagra ads appearing on my site. I don't have anything against Viagra, but the ads weren't appropriate for a site that focuses on Internet safety for children. Google, which places ads that are related to the site's content, was fooled into thinking that my site covered male enhancement rather than children's safety. Chen said that TrendMicro is exploring technology that could protect sites like mine by alerting owners to potential problems as soon as they occur.

In a partnership with RSA, the company is also working to protect financial sites against phishing attacks. It has software that looks for phishing sites that mimic legitimate ones and warn the legitimate site owners who can then take action against the impostors.

Listen to Larry's interview with TrendMicro CEO Eva Chen.

Listen now: Download today's podcast

[Random_Walk]

"And once you do virtualization, the server can move from one network center to another network center or move from your own data center to a public data center, and therefore the server is not just behind the firewall all the time. It needs to protect itself."

Wow - talk about FUD!

Sure - you can move a VM from one farm to another (and not even incur downtime if you do it right), but it stands to reason that you should insure the destination has its own firewalls in place first (hint: 99.9% of the time it will).

...any DC that has a public pipe but doesn't have the requisite (and basic!) security controls in place should have its admin fired for incompetence, and/or the person who authorized such a move w/o checking first.

Besides - it's a lot cheaper to get up the firewall/IDS/etc to cover your physical network*, than it is to pay out to an A/V vendor for some nebulous "OAMG it's virtual so you need our super-duper-doubleplusgood CLOUD firewallz0r!!!!11!".

This is Admin 101 stuff.

*yes, just your physical - VM internal networks behave just like switches, you can treat them the same way, and VMWare meshes in just fine with VLAN tag schemata (dunno if Xen or Hyper-V do, but mostly because I haven't bothered with either lately). Hell, Cisco even goes out of its way to design products now that take advantage of it... (see also the Nexus series).

[santuccie]

They do have firewalls. The problem with servers is that you can't use full SPI on them; you have to allow unsolicited incoming connections. With client machines, the client software periodically contacts the server to check for updates. Only then will the firewall admit data from the server's IP address, in sequential order. On a server, it's different. You must always have a program listening on a certain port, using a certain protocol. In order for this to happen, you have to create a permanent firewall exception. This loophole is open to exploitation without some manner of Intrusion Prevention/Detection, honeypot, or whatever. Just having a firewall doesn't make you invincible.

[santuccie]

BTW, even if a certain attack method is recognized by NIPS, it is still limited by how much bandwidth it can handle. And it might interest you to know that some of these hackers have plenty of bandwidth at their disposal. In February of 2007, somebody knocked out two of the world's top-level DNS servers in a DDoS attack (supposedly to demonstrate to a prospective client how much power they had at their disposal). That was 2-1/2 years ago; imagine what the Conficker botnet could do!

[VoiceOfLogic]

Sick of hearing about THE CLOUD. As if this is some new concept. Please. Maybe for you 20-somethings who do not know what a mainframe computer is, I could understand. Do your research and learn about computing history. There is NOTHING NEW with this "cloud" thing. Trust me.

[larrymagid]

I can assure you, I'm not a 20-something. I got my start in mainframes and it's true that cloud computing, in some ways, resembles the "time sharing" we used to do. But it's a much larger "cloud." Back then it was pretty much one-mainframe which limited connectivity to other University mainframes.

[xceo37]

I don't know anything about this cloud, but I do know I truly like Trend Micro Security. My license expires in February and I will be sure to renew it. In the meantime, I am wondering if this new protection will be offered for a download? Keep up the good work of protecting my computer.