Elastic Security

Icon

Security for the Cloud

September 6, 2011 • 16:49 1

Elastic Detector for free

Elastic Detector, our fully automated security event detection tool for Amazon EC2, is now available for free. It helps administrators and users of Amazon EC2-based infrastructures to continuously identify holes on security groups and applications, thus dramatically reducing the risk of external and internal attacks. In contrary to existing tools, you don’t need to install any additional software, such as agents, and do not need to configure any monitors up-front.

If you want to know more about Elastic Detector, watch the video below or try the service for free under elastic-detector.secludit.com.

Filed under: Internals, ,

June 16, 2011 • 09:02 0

How to increase security and visibility of Amazon EC2 instances?

Amazon EC2 administrators have to deal with daily problems such as:

  • Ensuring security of new instances,
  • Detecting performance and capacity problems,
  • Keeping track of the modifications on the infrastructure.

We would like to provide you some insights in our solution to address those problems and to facilitate the life of cloud-administrators by detecting security related issues and events: Elastic Detector. What makes this product unique is that it is fully automated and agentless. You can see how Elastic Detector works on this short video:


Filed under: AWS, Cloud Computing, Elastic Security, IaaS, Internals, Secure Cloud, Solutions, , , , , , , , , ,

April 3, 2011 • 10:53 0

Presentation at CloudOps

Videos and slides from the CloudOps Summit in Frankfurt are available online.

Here is the video of our Elastic Detector pitch.

Don’t hesitate to contact us if you have questions or if you are interested in a free trial.

Filed under: Internals, Presentations, ,

December 20, 2010 • 20:24 1

Elastic Detector Private Beta

After more than 6 months of development following another 6 months of trying to understand the most important security needs of people that use infrastructure clouds today, we released our monitoring and security tool called Elastic Detector as private beta.

Elastic Detector runs as Software as as Service (noblesse oblige ;-) ) and allows you to easily and fully automatically monitor and secure your virtual machines on Amazon EC2. Our idea is to take away the burden of configuring and deploying monitoring (and later also firewall rules and access rights) in dynamic infrastructures. By inspecting characteristics and security perimeter of an infastructure via different means, we reduce human interventions to a minimum.

We have granted access to a limited number of users during a closed beta-phase. If you are interested to participate during the private beta phase (until end of January), you can contact us under private-beta {at} secludit-dot-com.

Filed under: Internals, Solutions

February 19, 2010 • 12:44 0

Programming the Cloud: Cloudy_Scripts

Scripting is indispensable to automate IT infrastructures. IT automation gets even more important when resources are run in cloud infrastructures due to higher frequency of changes: usecases include scaling up to cope with peaks of load, scaling down to more efficiently use resources, or temporary usage for developing, testing, or rolling out marketing campaigns. There are a couple of commercial (e.g. RightScale) and open-source solutions (e.g. Chef) with quite impressive capabilities, which also require some significant effort to learn correct usage.

However, we found that sometimes we only need to run a script once. For example, we wanted to encrypt an EBS storage for an instance or create a bootable instance from a snapshot. We packed our scripts into an open-source project (written in Ruby) and wrote an easy-to-use web-application called Cloudy_Scripts that presents the necessary input information in a form and provides status updates and log-messages to track progress. Cloudy_Scripts does not require registration, credentials for the cloud providers are not stored anywhere. The scripts basically use the cloud provider API and ssh-wrapped bash-commands to fulfill their goal. We start with two scripts for now.

Please let us know if Cloudy_Scripts is helpful for you, if there are other scripts you would like to be added, if you detect bugs or flaws, or if you want to participate in the open-source project.

Filed under: Internals, Solutions,

June 8, 2009 • 14:49 5

Requirements for Cloud VPNs

The CSA guide is a comprehensive effort to list the security risks brought by cloud computing. A good overview but there are security requirements that are spread among several domains. Two such examples are confidentiality and integrity. Moreover, these requirements need to be fulfilled in different situations. For example data integrity in transit and at rest.

Let’s start by focusing on confidentiality and integrity of communications. We have to deal with confidentiality and integrity of communications in several scenarios:

  • Communication from the internet to the cloud
  • Communication between the internal network and the cloud
  • Communication between applications within the cloud (an interesting example is between amazon EC2 and S3)
  • Communication between clouds

With PaaS and SaaS, we may use SSL. In IaaS the solution to provide you full access to your cloud network is a VPN.

The requirements for a cloud VPN in all scenarios are as follows:

Clientless: The need to deploy agents should be avoided when possible. The use of standards like IPSec which is supported by security gateways or existing operating systems solves this problem as well.

Centralized management: Modifications on the configuration of servers or clients should not imply a re-deployment.

Authentication and authorization features : The solution should support different authentication methods and it should allow to specify access control lists as well (role based or RBAC).

Integration with endpoint security: The VPN should integrate with endpoint security solutions.

Advanced logging and reporting: At a given moment it should be possible to know who is or was connected and what kind of operations are or were performed.

Support of different communication methods and devices: Legacy applications, some windows applications such as outlook, or applications that use multicast should be supported. On the top of that, several types of devices such as smart-phones need to be supported as well.

High availability: when a server is down, the clients must be able to connect to other available servers in a transparent way.

Static addressing: the number of static public IPs is limited, so it is practical to build a private IP infrastructure.

In a follow-up post we will focus on tools and the scenarios listed above.

Filed under: AWS, Discussions, Internals

May 22, 2009 • 16:32 0

Welcome to the Elastic Security Blog

Welcome to everybody interested in the security challenges of cloud computing!

In this blog, we want to bring in depth discussions about cloud security and in this way contribute to the work being done by the Cloud Security Alliance (CSA). We believe that today everybody is aware of the security challenges being brought by cloud computing. A good starting point for anyone interested in security in the cloud is the CSA guide, a comprehensive effort to list the security risks related to cloud computing and to present first approaches to address those risks. In this context, we also recommend the Blog cloudsecurity.org, which illuminates terminology, economics and various aspects of cloud security.

The time is ripe for solutions! We want to find answers to the question “How to secure applications in the cloud?” and therefore make propositions, discuss best practices, and work towards innovative solutions to address cloud security issues. We will start by focusing on Infrastructure As A Service (IaaS) and specifically on one of the pioneers and most popular provider of infrastructure services: Amazon Web Services. Our intention is to come up with solutions that achieve the same security/risk level as legacy applications when these applications are deployed in a virtual environment. We strongly believe that this is possible with a lower security budget and with a better security/risk level compared to today’s applications.

Our ultimate goal is written in the tag-line of this blog: we want to contribute in making your cloud a safe heaven.

Filed under: Internals

Twitter Updates

Follow

Get every new post delivered to your Inbox.