Subscribe in a reader
Thanks Mike for mentioning my last blog on the 5 critical requirements of data center security. You can get the whole white paper at www.bluelane.com BTW. :)
Exception-based versus Anomaly Detection
I think anomaly detection refers to the detection of a broad spectrum of unusual patterns or behaviours. I think the business case for anomaly detection is problemmatic because the world is a "never a dull moment" planet (lots of false positives). Are all unusual behaviours/events security risks? Is there a business case for accurately anticipating all strange behaviours which are threatening? Hard to tell at this point.
Exception-based as I used it is the ability of processing power to be focused on flows headed to known and well-defined software vulnerabilities (and away from repoeatedly scanning innocent traffic). Exception-based means a very low incidence of false positives while anomaly means false positives are an expected result.
Hoff
As for the Hoff comment (and because I still have 900 or so words left on this train of thought) I think virtsec will force the issue of the effectve use of processing resources and flow visibility/intelligence. Imagine each hypervisor with layers of hooks and hairpins for each security appliance, a kind of packet ping pong with every paddle inspecting every pattern and possible permutation before it crosses the net to the next.
I think the Immutable Law will be that big iron security hardware solutions will face a shrinking habitat as security pros try to move the deep packet perimeter inside to protect the hypervisor layer. Leaner and meaner (and more comprehensive) solutions (that address my 5 critical factors) and can see inter-VM traffic will fare much better. I think Hoff talked about the apocalypse a few thousand words ago..
Thanks again
G
Recent comments
4 days 21 hours ago
6 days 3 hours ago
6 days 22 hours ago
1 week 2 days ago
1 week 5 days ago
1 week 5 days ago
1 week 5 days ago
1 week 5 days ago
1 week 5 days ago
1 week 5 days ago