9 posts categorized "cloud"

September 14, 2011

Alert Logic CAPP Service

As I have written before I do some writing and consulting for several companies. One of them is Alert Logic, who offer a great line up of cloud-based, Security-as-a-Service solutions. 

Today Alert Logic announced their new CAPP program which allows most any security vendor to leverage the AL cloud based platform, turning their security solution into a cloud based managed security service. 

I wrote about over on SecureCloudReview.com, but wanted to mention it on here as well. Here is the article from over on SCR:

Today Alert Logic announced a significant new program that they are calling CAPP (Cloud Acceleration Partner Program). CAPP allows just about any security solution to plug into the Alert Logic Security-as-a-Service, cloud based architecture and become a cloud-based managed service.

This should be a huge development in the security marketplace.  Using the rich APIs developed for the CAPP program, security vendors seeking to integrate into the Alert Logic Security-as-a-Service offering can allow the cloud based platform to “ingest, correlate and analyze security data from individual security tools”.

The first CAPP partner announced for the program is Rapid7, the company behind the Nexpose VM solution and the Metasploit pen testing suite (Rapid7 is also hosting an exciting new conference called UNITED next week). Utilizing the CAPP API’s Alert Logic and Rapid7 now offer ASV PCI scanning as a service.  Other partners should be announced soon.

The CAPP program means that security solution providers don’t have to invest in developing a cloud-based delivery and management solution. They can concentrate on making their own solutions better, yet still enjoy a managed, cloud based option.

From the Alert Logic point of view it allows them to build on their strengths. They have invested millions of dollars and years of time developing their cloud-based Security-as-a-Service platform.  Now in addition to the solutions they already offered via this platform, a new wide range of solutions will be available as well.

It should be very interesting to see what new solutions come via the cloud as a result of CAPP.  It is certainly a program and technology whose time has come.

Related articles
Enhanced by Zemanta

Posted at 11:43 AM in cloud, Current Affairs, other security companies, outsourcing security, the security industry | | TrackBack (0)

May 10, 2011

Akamai–The Security Company

I am happy to be joined this week by Andy Ellis and Michael Smith of Akamai. As I wrote about, Akamai is supporting the Security Bloggers Network and promoting their latest research that shows 3 attack trends that threaten your site. Also prior to that Andy and Michael had another great webinar on DDOS attacks.

While most people think of Akamai as a content delivery network company, they are also on the cutting edge of security. Because up to 25% of the content on the Internet goes through their network, they have had to develop their own security solutions that work at that scale and with the problems they face.

So listen in as Andy and Michael tell us about Akamai, the security company.

andy.jpg    michael.j.smith.bluegrey-crop

Related articles
Enhanced by Zemanta

Posted at 02:16 PM in cloud, podcasting, security bloggers network, the security industry | | TrackBack (0)

October 08, 2010

Logs, Clouds and Open Source, Oh My!

Why can’t I have logs with my Amazon Cloud? So asked Misha Govshteyn, CTO of Alert Logic on Secure Cloud Review in response to an article on logs and clouds by Andreas M. Antonopolous in Network World. Why can’t Misha have logs with his Amazon?

I have assembled an all star cast of log experts to discuss this issue.   The answer may be that you will soon and it may be open standards, open APIs and open source that will make it possible. So listen in as Andreas M Antonopolous, SVP and co-founder of Nemertes Research, Misha Govshteyn, CTO and co-founder of Alert Logic, Raffael Marty, co-founder of Loggly, a Log as a Service provider and Dr. Anton Chuvakin, Security Warrior and former CTO of Log Logic join me to discuss logs in a cloudy world. Enjoy!

Andreas web (1) MishaGovshteyn raffy chuvakin_small

Posted at 11:16 AM in cloud, podcasting | | TrackBack (0)

August 30, 2010

Will Clouds Kill The SIEM Star?

MishaGovshteyn andrew hayIn this episode of the Security.Exe podcast we  examine an opinion recently voiced on the Secure Cloud Review site that the spread of Cloud Computing will have a negative impact on the SIEM Market. I am joined on this episode by Misha Govshteyn, CTO of Alert Logic who wrote the post on SecureCloudReview.com and Andrew Hay, senior analyst at the 451 Group.

Andrew, Misha and I spend some talking about how the dominance of cloud computing will change the security sector, what jobs in security will be hot in the cloud and why should you care about all of this.

So join us for about 40 minutes of great discussion on clouds and security.

Related articles by Zemanta
Enhanced by Zemanta

Posted at 01:39 PM in cloud, podcasting | | TrackBack (0)

August 12, 2010

Will the Cloud Rain on the MSSP Parade?

cute-cloud-rain-cartoon My friends Misha Govshteyn and Gray Hall from Alert Logic have a series of posts up on the Secure Cloud Review blog where they espouse the POV that MSSPs will wither in the cloud.  Reading both of their posts, I guess my initial comment is “it depends on what you call an MSSP”.

It would seem to me that Misha and Gray define an MSSP as a company that takes products (or appliances) from vendors, puts them on premises and then manages them for a customer.  While I suppose that is true at some level, I don’t know if it is true at all levels.  First of all lets list Misha’s 5 reasons why MSSPs will fail:

    1. MSSPs lack the ability to develop technology
    2. Cloud and MSSP architecture and delivery models are like oil & water. They just don’t mix
    3. Scaling up is hard
    4. Scaling down is just as difficult as scaling up
    5. Virtual appliances are next to useless in many cloud environments, especially when it comes to Platform-as-a-Service.

So lets look at each of these. While it is true most MSSPs are using other vendors technology, many of them have in fact developed the technology that allows them to manage to scale multiple customers, to consolidate and virtualize appliaces and wrap other services around the 3rd party technology.

There are many MSSPs who have leveraged the data center provider as a channel to the end user. I agree with Misha though, unless MSSPs change the delivery model, it is hard to make it jive with a cloud architecture. But necessity is the Mother of invention. As the cloud become more prevalent and dare I say, dominant, you will see MSSPs adopt a cloud based architecture themselves.

Yes scaling up to cloud levels is hard. It is hard for SaaS as well as MSSPs. Again though like the dinosaurs in Jurassic Park, nature finds a way (especially if there is money to be maid). I think many MSSPs are playing with cloud scalable solutions right now.

Scaling down is tough. Most MSSPs are not interested in scaling down below a certain monthly minimum. I think this is a greater barrier then designing automated solutions that give customers the ability to be “elastic” about their needs.

I had to reread the virtual appliances are useless part a few times. By the same token, so are non-virtual appliances.  The real issue is once the security is baked into the IaaS or the PaaS stack, do you think the cloud provider manages that itself, or do they outsource it to the security experts, your friendly local MSSP?

So as Misha says, I don’t think the MSSP is going away anytime soon.  I know that Alert Logic considers itself to be an SaaS provider, rather than an MSSP.  But I would challenge Misha and Gray to take your 5 points and why are you any different. If you don’t have the same issues, don’t you have other issues dealing with the cloud?

The cloud is going to change the way security is delivered and managed, but I am not sold that it means the MSSP model will greatly subside. I think “nature finds a way”. In fact I could see the MSSP “borrowing” some from SaaS providers, but still managing their clients security perhaps through a cloud provider

Your turn Misha

Related articles by Zemanta
Enhanced by Zemanta

Posted at 02:24 PM in cloud, MSSP, the security industry | | TrackBack (0)

July 13, 2010

Open source in the cloud: Is multi-tenant a must?

jilk Another episode of my Open Network Podcast is up. This week Mitchell Ashley and I are joined by Dave Jilk, CEO of Standing Cloud. We talk about open source and the cloud, does it have to be multi-tenant.

Great topic and one that Dave is very knowledgeable on.  Have a listen and enjoy!

 open-source-Shimel-100x100

Posted at 12:06 AM in cloud, open source, podcasting | | TrackBack (0)

April 08, 2010

Alert Logic Walks the Walk and Talks the Talk, Texas Style

Over the years I have hammered many a private company for putting out puffy press releases (usually right before RSA) touting “another record year”.  Just recently I came down on both Forescout and Bradford Networks for just these sort of “record number” releases without giving out the record numbers.

By the same token I feel obligated to call out a private company who put out a record year release and put up the goods to back up the talk.  Alert Logic, providing cloud security and compliance solutions, based down in Houston, evidently had a great Q1 in 2010. In fact it was the best quarter in the company's history.

Alert Logic is on track for a 13+million dollar revenue run rate. It promises to make its complete financial results public in a short time. Their CEO, Gray Hall attributes the record revenue to “doubling down” their bet on the hosting industry as their primary channel.  Seems like it is working for them.

I for one appreciate the transparency. If you are going to talk the talk, you should make damn sure you walk the walk and the Alert Logic crew is doing just that.  Good for them!

Related articles by Zemanta

Reblog this post [with Zemanta]

Posted at 12:50 AM in cloud, compliance, other security companies | | TrackBack (0)

March 18, 2010

The frustrations of mass market, web based services, Hotmail is the poster child

I know we dribble all over ourselves about the cloud and web based services. Isn’t it grand to be able to access stuff anywhere anytime. But there is a deep, dark side to the web based world we are living in. That is when something goes wrong.

We have all probably dealt with this one way or another. These web based services are built to scale to millions, tens of millions and more users. When they work they are great, when they don’t though, God help you.  Try getting support from Microsoft Hotmail, Yahoo, Google, Facebook or any of their brethren.

I first ran into this when my blog was hacked a few years back. I was locked out of my typepad, go daddy, hotmail and yahoo accounts and couldn’t get anyone there to do a damn thing about it following their usual support procedures.

Finally I had to resort to calling people I knew at each of these companies to get my problem resolved. But the average person would be up the creek.

That was a few years ago, but it is no better today. Today I experienced a similar story with Hotmail. I use hotmail for my personal mail and my The CISO Group mail for business. I get a ton of email on Hotmail though.  I noticed that I had not received anything though since early this morning. That is very unusual due to all of the Google alerts and other notices I receive in hotmail.

Both my iPhone and Outlook showed I was connected to Hotmail, there was just no new mail. I logged into Windows Live and it showed the same thing. I sent an email from my CISO Group mailbox to my hotmail box and it never made it there. I then sent a hotmail mail to my CISO Group and it came through in a matter of seconds.

So the problem seems to be that I can send and receive mail sent from within my hotmail account, but can’t receive anything from outside of it.  That is a problem. I get withdrawals without my email.

I logged into Hotmail help and followed the link to support. That is when I knew that something was very wrong. It took like 2 or 3 trys to pull up live support. When I did it took a few minutes for the page to load. Other web sites are running fine. Obviously there is a something rotten in Denmark with Hotmail today.

Do you think someone there has the sense to post something and let people know? Of course not. Is there anyway of contacting anyone? Of course not. Is this acceptable service? OF COURSE NOT!

So know I have to go through my contacts and go call someone from Microsoft who might know someone from Hotmail. I may get lucky or I may just have to wait until they figure out what is wrong and do something about it.

In the meantime mass market, cloud based service will never win until uptime issues like this and a better level of support are in place!

Posted at 11:50 AM in cloud, General Background, Web/Tech | | TrackBack (0)

March 17, 2010

Cloud Computing Killed the 3rd Reich

I was all set to write a blog article today on the new Cisco switches and borderless networking heralding a new age of true convergence. But that post has been interrupted and will be written another day. While I was digging around on the subject I ran into this video by Marcus Ranum and Gunnar Peterson. It is yet another “Hitler finds out” one.

This is what happens when Hitler finds about a security incident in the cloud effecting the 3rd Reich’s data.  You will love this:

Great work guys!

Posted at 02:57 PM in cloud, the security industry | | TrackBack (0)

My Photo

Subscribe to my blog

Enter your email address:

Delivered by FeedBurner

Lijit Search

Blog Networks

Creative Commons License
This work is licensed under a Creative Commons Attribution-Share Alike 2.5 License.

Search

Lijit Search

Attend a Computer Forensics Boot Camp to better your skills and become a better worker

Categories

Track my blog stats

Blog powered by TypePad
Member since 10/2005

About