Sample Security tools for the Cloud Computing Environment

I listed the sample essential Security tools for the Cloud Computing Environment. I welcome any comments.

Security Controls	Sample Tools
Identity and Access Management (IAM)	IAM is on the top of list due to its crucial importance to any organization’s IT asset. IAM is the lock to the front door of business data and assets. Poorly defined and implemented IAM can negatively impact productivity and overall security of organization. Centralized and Enterprise wide IAM with Identity Federation and Extension to the Cloud is the best industrial practice. Good tools including ·         Symplied suite of IAM products, ·         Ping Identity, ·         CA, Oracle, IBM and Microsoft IAM suite of Products, etc The most innovative products are from Symplified, not from big and old companies such as Oracle or IBM.
Security Event Management tools (SIEM)	Due to the requirements of continuous monitoring, SIEM knowledge become important. Sample tools including ·         Arc Sight, ·         Q1Labs, etc
Encryption	With the Cloud Computing become main stream, Encryption knowledge and experience is more relevant due to more data move to the cloud. Understanding of FIPS 140-2 requirements and some strong encryption such as AES, 3DES is necessary for the data security in the cloud.
Anti Virus, Network IDS/IPS, and other security monitoring tools	Organization will need to understand basic deployment model and configuration and administration of these tools. Sample tools including Sample Anti Virus tools including ·         McAfee, ·         Symantec, ·         Trend Micro, ·         Webroot, ·         Norton, ·         AVG etc. Sample network IDS/IPS tools including ·         Barracuda, ·         Checkpoint, ·         CISCO IPS, ·         eEye, ·         Juniper’s IDP, ·         McAfee’s NSM, ·         Radware’s IDS, ·         Sourcefire’s ETM, ·         IBM Proventia IPS, ·         Watchguard, ·         TippingPoint, ·         Corero, etc
Enterprise Forensics Tools	Forensics tool is needed for the Cloud Security professionals to aid in Forensics investigation and litigation process. The following are sample tools: ·         EnCase Enterprise, ·         ProDiscover, ·         Forensic, ·         EnCase, ·         Sleuth, ·         dtSearch, ·         Paraben, etc
Logging and Auditing tools such as	Centralized log and event correlation  with analytic capability is essential for fraud and vulnerability detection and investigation, sample tools including: ·         Sensage, ·         Splunk etc
Data Leakage Prevention tools	Proactive tools for preventing data loss is become important in the cloud, sample tools including ·         Vontu, ·         Orchestria , ·         Verdasys, etc
Vulnerability management and penetration testing program.	A good vulnerability management tool would include capabilities for asset management, vulnerability assessment, configuration management, patch management, remediation, reporting, and monitoring. In realty, the tool only provides part of the above functionality. Cloud Service Provider will need a combination/integration of those tools to get best results Sample tools including ·         McAfee's Foundstone Enterprise(www.mcafee.com), ·         StillSecure (www.stillsecure.com), ·         eEye Digital Security (www.eEye.com), ·         Symantec/Bindview (www.bindview.com), ·         Attachmate/NetIQ (www.netiq.com), etc
Infrastructure and/or application vulnerability scanning toolsets.	The following are sample tools/vendors. Some tools can be installed in premises or used in the cloud. ·         Qualys, ·         Cenzic, ·         Fortify, ·         Nessus etc
Application Security Assessment	Sample tools includes ·         BurpeSuite, ·         Paros, ·         HP WebInspect, ·         IBM Rational AppScan, ·         Cenzic Hailstorm etc
DR tools	Sample tools including ·         VMWare SiteRecovery Manager, ·         SunGard, ·         Barracuda Backup Service, ·         Double-Take Software etc.