I listed the sample essential Security tools for the Cloud Computing Environment. I welcome any comments.
Security Controls | Sample Tools |
Identity and Access Management (IAM) | IAM is on the top of list due to its crucial importance to any organization’s IT asset. IAM is the lock to the front door of business data and assets. Poorly defined and implemented IAM can negatively impact productivity and overall security of organization. Centralized and Enterprise wide IAM with Identity Federation and Extension to the Cloud is the best industrial practice. Good tools including · Symplied suite of IAM products, · Ping Identity, · CA, Oracle, IBM and Microsoft IAM suite of Products, etc The most innovative products are from Symplified, not from big and old companies such as Oracle or IBM. |
Security Event Management tools (SIEM) | Due to the requirements of continuous monitoring, SIEM knowledge become important. Sample tools including · Arc Sight, · Q1Labs, etc |
Encryption | With the Cloud Computing become main stream, Encryption knowledge and experience is more relevant due to more data move to the cloud. Understanding of FIPS 140-2 requirements and some strong encryption such as AES, 3DES is necessary for the data security in the cloud. |
Anti Virus, Network IDS/IPS, and other security monitoring tools | Organization will need to understand basic deployment model and configuration and administration of these tools. Sample tools including Sample Anti Virus tools including · McAfee, · Symantec, · Trend Micro, · Webroot, · Norton, · AVG etc. Sample network IDS/IPS tools including · Barracuda, · Checkpoint, · CISCO IPS, · eEye, · Juniper’s IDP, · McAfee’s NSM, · Radware’s IDS, · Sourcefire’s ETM, · IBM Proventia IPS, · Watchguard, · TippingPoint, · Corero, etc |
Enterprise Forensics Tools | Forensics tool is needed for the Cloud Security professionals to aid in Forensics investigation and litigation process. The following are sample tools: |
Logging and Auditing tools such as | Centralized log and event correlation with analytic capability is essential for fraud and vulnerability detection and investigation, sample tools including: · Sensage, · Splunk etc |
Data Leakage Prevention tools | Proactive tools for preventing data loss is become important in the cloud, sample tools including · Vontu, · Orchestria , · Verdasys, etc |
Vulnerability management and penetration testing program. | A good vulnerability management tool would include capabilities for asset management, vulnerability assessment, configuration management, patch management, remediation, reporting, and monitoring. In realty, the tool only provides part of the above functionality. Cloud Service Provider will need a combination/integration of those tools to get best results Sample tools including · McAfee's Foundstone Enterprise(www.mcafee.com), · StillSecure (www.stillsecure.com), · eEye Digital Security (www.eEye.com), · Symantec/Bindview (www.bindview.com), |
Infrastructure and/or application vulnerability scanning toolsets. | The following are sample tools/vendors. Some tools can be installed in premises or used in the cloud. · Qualys, · Cenzic, · Fortify, · Nessus etc |
Application Security Assessment | Sample tools includes · BurpeSuite, · Paros, · HP WebInspect, · IBM Rational AppScan, · Cenzic Hailstorm etc |
DR tools | Sample tools including · VMWare SiteRecovery Manager, · SunGard, · Barracuda Backup Service, · Double-Take Software etc. |
As you provided table listing sample essential Security tools for the Cloud Computing Environment.Its really interesting to read for those who are working in the area of security of those who are new to it.Good work man!
ReplyDeletedigital signature PDF
I have used AVG protection for a number of years, and I'd recommend this solution to everyone.
ReplyDelete