VMware and Trend Micro: Security for the Software Defined Datacenter – Trend Micro

Hello, I'm Steve Kwan[sp].

And I'm here with Adim Nahid[sp] And we're excited to do another year of a great partnership between VMware and Trend Micro.

Over the last [xx] years our customer have been moving quickly to adopt cloud.

And security is top of mind for them and I think the relationship has really helped to [xx] [xx] that adoption, Trend Micro has been able to deliver a lot of the security capabilities from an end-point perspective and more within the context of the VMware environment.

Deep Security is a shield around our virtual [xx].

It does anti-malware, it does firewall, it does intrusion prevention log inspection.

It's very easy to deploy and manage.

Deep Security allows companies to scale at a very rapid rate.

Without Deep Security Virtual patching, we would not have been able to bring this project live.

Trying to have the in-depth knowledge of security in a virtual world, and in a the cloud that we needed.

Source: Youtube

Digital Security Software

SO, IF YOU AE THE PARENT OF A TEENAGER, YOUMIGHT WANT TO LISTEN UP.

I'M LISTENING BECAUSE I'VE GOT A PRE-TEEN.

MORE AND MORE TEENS ANDEVEN PRE-TEENS GO ONLINE AS WE KNOW.

THEY'RE USING THEIR CELL PHONES, THEIR LAPTOPS, THEIRTABLETS, MOMS AND DADS NEED TO BE EXTRA DILIGENT, 24/7 IN FACT TO KEEP THEM OUT OF DIGITAL HARMSWAY.

WITH US THIS MORNING TO DISCUSS HOW TO DO JUST THAT – HOW TO KEEP OUR CHILDREN SAFEIN AN ONLINE WORLD IS STACY CONNER, DIRECTOR OF WORLDWIDE RETAIL MARKETING FOR MCAFEE,HEY STACY, GOOD MORNING.

HI, GOOD MORNING DANIELLE.

TIMELY TOPIC, GIVEN THAT I DO HAVE A 12 YEAR-OLDIN MY HOUSE, RIGHT NOW, AND SO WHAT CAN YOU TELL US ABOUT KIDS ONLINE HABITS THAT WE ASPARENTS MIGHT NOT KNOW.

WELL, THE FIRST THING I WOULD SAY IS, THERE'SSOME GAPS, THERE'S SOME PRETTY BIG GAPS.

IT'S INTERESTING MCAFEE JUST DID A STUDY CALLEDTHE DIGTAL DECEPTION SURVEY, WHERE WE WENT OUT AND TALKED TO TWEENS AND TEENS ABOUT THEIRONLINE HABITS AND ABOUT THE DEVICES THAT THEY USE SUCH AS TABLETS AND SMART PHONES.

HERE'SWHAT WE LEARNED.

THE BIG THING? KIDS ARE ONLINE TWICE AS MUCH AS THE PARENTS THINK THEY ARE.

ALSO, THEIR TAKING MEASURES TO PUT VERY PERSONAL INFORMATION OUT ABOUT THEMSELVES ONLINE ANDALSO TAKING PROACTIVE MEASURES TO KEEP PARENTS IN THE DARK ABOUT WHAT THEY'RE DOING.

SO, THEIR BEING SLICK AND YRYING TO FOOL US IS WHAT YOU'RE SAYING (LAUGHS).

THAT'S A TEEN FOR YOU, RIGHT? UM, BUT THE OTHER THING THE MOST CONCERNINGTHING THAT I FOUND FROM THE STUDY WAS THE FACT THAT THESE TEENS AND TWEENS ALREADY AREHAVING NEGATIVE ONLINE EXPERIENCES IN THE FORM OF CYBER BULLYING OR OTHER CYBER THREATSAND THINGS LIKE THAT, AND YOU KNOW, ALL OF THIS DATA LED MCAFEE TO CREATE A NEW PRODUCTTHAT WE CALL MCAFEE LIVE SAFE.

I THINK I LOVE THAT BECAUSE ONE OF THE THINGSFOR ME AS A PARENT I WILL DO ANY AND EVERYTHING TO PROTECT MY CHILDREN IN THE PHYSICAL WORLD.

YES.

IT'S A LITTLE MORE DIFFICULT TO DO IN THECYBER WORLD, WHAT CAN WE DO TO PROTECT OUR FAMILY?WELL, I THINK TWO THINGS COME TO MIND, THE FIRST IS HAVE CONVERSATIONS WITH YOUR TWEENSAND TEENS, MAKE SURE YOU START THAT DIALOGUE AND AS A PARENT MAKE SURE THAT YOU'VE GOTTHAT AWARENESS AS FAR AS HOW YOUR TEENS ARE ENGAGING ONLINE AND WHAT TECHNOLOGIES THEY'REREALLY USING.

I ALSO LIKE TO REMIND PARENTS, THOUGH, THAT YOU HAVE TO HAVE SECURITY ONEVERY SINGLE DEVICE THAT THEY'RE GOING TO USE.

IF IT'S A TABLET, IF IT'S A SMART PHONE,WHETHER THEY'RE USING IT FOR FIVE MINUTES A DAY, OR FIVE HOURS A DAY, IT ABSOLUTELYHAS TO HAVE SUCURITY.

THE THING AS ADULTS THAT WE KNOW IS WE ALL HAVE GOT DIGITAL FOOTPRINTS,EVERY TIME WE PUT SOMETHING OUT OR PUT A POST ON FACEBOOK OR TWITTER OR ENGAGE WITH THEINTERNET IN ANY WAY, OUR DIGITAL FOOTPRINT GROWS.

BUT GUESS WHAT? OUR TWEENS AND TEENSARE ALSO STARTING THEIR DIGITAL FOOTPRINTS AND IT'S REALLY IMPORTNAT TO PROTECT THATFOOTPRINT FROM EARLY ON.

I THINK IT'S INTERESTING BECAUSE THEY DON'TKNOW WHAT WE KNOW ABOUT THAT DIGITAL FOOTPRINT, SO WE MAY BE MORE CAREFUL IN TERMS OF WHATWE PUT ONLINE THAT MAY BE TWEENAGERS AND TEENAGERS DO WHO DON'T KNOW.

SO, WHEN IT COMES TO SECURITYSOFTWARE, THEN WHAT FEATURES ARE MOST IMPORTANT? WELL, THE FIRST THING IS A SECURITY FEATURETHAT ALLOWS YOU TO PUT SECURITY ON EVERY DEVIE THATS IN YOUR HOUSEHOLD.

WE CALL THAT UNLIMITEDDEVICE COVERAGE.

WHEN YOU BRING A NEW DEVICE INTO YOUR HOME, YOU DON'T WANT TO HAVE TOWORRY ABOUT GOING OUT AND BUYING A NEW SOFTWARE SECURITY PACKAGE TO PUT ON IT, YOU JUST WANTA SECURITY PROGRAM THAT YOU CAN DEPLOY TO THAT DEVICE AS SOON AS YOU BRING IT IN THEHOME.

NOW, FOR OUR KIDS AND OUR TWEENS, ONE OF THE MOST IMPORTANT FEATURES THAT YOU CANHAVE IS SOMETHING CALLED PARENTAL CONTROLS.

OKAY.

THIS IS GOING TO ALLOW YOU TO TRACK INTERNET USAGE, MONITOR THE SITES THEY GO ON AND IT'SALSO GOING TO ALLOW THOSE TWEENS AND KIDS TO KNOW IF THEY'RE ABOUT TO GO TO A GOOD SITEOR MAYBE A NOT SO GOOD SITE.

FOR OUR TEEN SET, THE BIG THING IS A COUPLE OF THINGS;OUR TEENS ARE USING TABLETS AND SMART PHONES MORE AND MORE, AND GUESS WHAT? THEY GET LOST,THEY GET STOLEN.

UM HMM.

SO, HAVING A FEATURE THAT ENABLES YOU TO LOCATE, LOCK AND WIPE THE DEVICE, SHOULD IT BECOMELOST OR STOLEN, IS ABSOLUTELY CRITICAL.

SO STACY, IN ALL HONESTY, IS THERE A WAY THATWE AS PARENTS CAN KIND OF BE THAT SOFTWARE EXPERT AND TRULY PROTECT OURSELVES AND OURFAMILIES? THE ANSWER, DANIELLE, IS NO.

PARENTS DON'TNEED TO BE SOFTWARE EXPERTS, MCAFFEE IS THE SOFTWARE EXPERT.

LET US DELIVER THAT EXPERTISETO YOU, BUT IT IS ABSOLUTELY POSSIBLE FOR YOU TO PROTECT YOUR FAMILY WITH A GREAT PRODUCTWITH EASY TO USE FEATURES AND THAT'S MACAFEE LIVE SAFE.

JUST ABOUT TEN SECONDS LEFT, WHAT ARE THE MOST IMPORTANT THINGS THAT WE NEED TO REMEMBERWHEN IT COMES TO OUR KIDS ONLINE SAFETY? HAVE THE CONVERSATION AND BE AWARE ABOUT WHATYOUR TWEENS AND TEENS ANRE DOING ONLINE, HAVE SOME SECURITY ON EVERY SINGLE DEVICE THATTHEY MIGHT BE USING AND MAKE SURE THAT IT'S GOT THOSE CRITICAL FEATURES LIKE PARENTALCONTROLS AND AVAILABILITY TO LOCATE, LOCK AND WIPE, AND I JUST WANT TO POINT OUT THATOUR MCAFEE LIVE SAFE PRODUCT HAS ALL OF THAT.

AND YOU KNOW THEY'LL HATE US NOW BUT THEY'LLTHANK US LATER.

ABSOLUTELY.

I TELL MY KID THAT ALL THE TIME (LAUGHS).

THANK YOU SO MUCH STACY FOR COMING BY, GREATINFORMATION.

THANK YOU.

AND IF YOU'D LIKE TO PROTECT YOUR FAMILY VISIT THE FOLKS OVER AT MCAFEE BY GOING TO LIVESAFE.

COM,THAT'S LIVE, L-I-V-E SAFE DOT COM.

OH, AND DON'T FORGET TO VISIT US ON FACEBOOK, SHARENY OF YOUR INTERNET STORIES OR DIGITAL CONCERNS.

THATS FACEBOOKBALANCINGACTFANS.

Source: Youtube

Eagle Investment Systems: Ensuring Software Quality & Security with Coverity

Eagle Investment Systems is a financial servicestechnology firm.

Our objective is to help our customers to grow their assets efficiently.

We provide data management, accounting and performance solutions to a global client baseand as a result of being wholly owned by BN MELLON? we can offer a number of differentservices from either an on premise solution to a secure private cloud one to a full businessoutsourcing capability.

We wanted to take a holistic view of our SDLC,of our software development lifecycle.

We wanted to work with vendors that were industryexperts, best of breed technologists in their spaces.

Piece those together to really enhancea quality program around how we release software to the marketplace.

And we felt some of thecapabilities and checkers that Coverity provided gave us that.

Working with Coverity duringthat proof of concept, we were very, very impressed by the comprehensive and in-depthnumber of checkers that were available to us for our C++ code.

We were also really impressedby the access to some of the senior engineers that would work with us on a one on one basisto understand how the tool worked and how we can use it to drive our efficiency.

It was a tool built by developers, for developers.

So what that really meant was that we couldcontinue to maintain a good, healthy environment around development but at the same time ensurethat the developers were managing their own quality defects.

One of the things that wereally liked about the Coverity application was its alignment to the CWE, the Common WeaknessEnumeration library.

It helped us in terms of explaining the types of defects to notjust our engineering staff, but our services and support teams.

We have two implementation strategies for how we leverage Coverity.

The first is reallyensuring that there are no new defects in the application.

So as we're doing daily builds,our engineers are getting informed of defects or software coding flaws as early on in thecycle as possible.

The second piece is really around managing defect density and managingtechnical debt.

So if there's an error in our application where we feel we need to focusattention on, we shift resources into that area and drive down the defect density onthat particular subject.

Application security is a key discipline within a software developmentlifecycle, especially as we deliver our software through Eagle Access, our secure private cloud.

A recent extension of our use of Coverity has included checks on the C# code.

And whatthat allows us to do it help our engineers understand common vulnerabilities using theCWE libraries, as well as the OWASP libraries.

So Eagle's an Agile R&D shop.

A couple ofthings that we do and how plug Coverity into them is we build our software at least oncea day.

So what that means is as our engineers get Coverity defect feedback every morning,so whether it's the offshore guys or the onshore team, they're able to evaluate any flaws thatthey may have introduced into the previous day's development.

Quality is crucial to our business.

Our clients rely on our solutions every single day topower their investment decisions.

Really the ROI for us was being able to identify issuesearlier in the lifecycle.

It's fairly well known that the longer that a defect continuesdown that software development lifecycle and literally ends up into production, the morecostly it is for a firm.

What we wanted to do was identify as many of those issues aspossible, as early in the process as possible, so that we can continue to drive efficienciesand continue to deliver quality to our customers.

Source: Youtube

SolarWinds Security Software – Log & Event Manager

Hello, I'm Rob Johnson, Sales Engineer here at SolarWinds and today I'd like to introduce you to an important product in SolarWinds' security portfolio: SolarWinds Log & Event Manager or LEM.

Log & Event Manager is a Security Information & Event Management (or SIEM) product designed to make monitoring log data for security easy.

SIEM solutions, like LEM, are built on the principle that centralizing your log data, analyzing it in real-time, and providing you actionable intelligence is critical to keeping your business secure.

Core features of SIEM solutions include: Log & event data centralization, Event correlation historical analysis or search and reporting.

Log & Event Manager has these features and more.

The heart of any SIEM tool is data collection.

Collecting this data is the core of your ability to track, audit, and correlate critical security events.

LEM supports data collection from hundreds of different devices out-of-the-box.

These devices and logs generate messages that include things like authentication, network and security activity, system changes, and more.

Correlation is an important feature of true SIEM tools, and LEM provides real-time event correlation as your events are collected.

Correlation rules can be as simple as "any logon failure" to the more complex "alert on logon failures to my servers from remote desktop.

" Also, time and frequency correlations like "alert me when you see 5 logon failures from the same IP address to my servers from remote desktop" to multiple event correlations like "alert me when you see multiple logon failures followed by a successful logon from the same account.

" LEM also ships with hundreds of predefined correlation rules out-of-the-box to solve your most critical log & event monitoring needs quickly.

Beyond correlation, LEM has the ability to automate remediation steps with dozens of built-in active responses.

Within a correlation rule or manually from your LEM console, if you spot suspicious activity yourself , you can instantly perform actions like disabling a domain user account after repeat suspicious activity, removing a user from a privileged group like local admins, or blocking an attacking IP address.

LEM's visibility extends beyond servers and network devices into endpoint activity as well.

With USB-Defender, you can monitor systems for usage of USB mass storage devices, including what files and processes are being launched.

If you see something you don't like you can detach the USB device or build correlation rules to detach automatically based on what should be allowed.

If you need to extend your USB device policy to laptops that might be regularly disconnected or isolated, USB-Defender includes local policies that will be enforced as if they were.

Once you've started collecting log & event data, it's critical to have extended historical analysis, search, and reporting capabilities as well.

Troubleshoot or perform some basic forensic analysis with LEM's historical search functionality, which includes visual tools to help spot potential issues without combing through text of log records.

Report on historical data to create audit trails using our hundreds of pre-built report templates.

Last but not least, compliance initiatives all but spell out that a SIEM system is critical in establishing and maintaining compliance with requirements like PCI, HIPAA, Sarbanes-Oxley and others, not to mention countless internal audit requirements.

LEM includes content categorized specifically for compliance, making it easy to find various rules and reports applicable to a range of industries.

To learn more or to download a fully-functional 30-day trial of LEM, go to www.

Solarwinds.

Com.

Source: Youtube