Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

1/15/2009
12:40 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Third Brigade Launches Solution To Deliver Unified Protection For Physical, Virtual, Cloud Computing Environments

Deep Security 6 meets demands for PCI compliance and next-generation server and application protection for dynamic data centers

Ottawa, ON and Reston, VA January 13, 2009 Third Brigade (www.thirdbrigade.com), experts in server and application protection, today announced the availability of Third Brigade Deep Security 6, the next generation in server and application protection for dynamic datacenters. It is the first comprehensive protection software to unify security across cloud computing, virtual and traditional datacenter environments to help prevent data breaches and business disruptions, enable compliance with key regulations and standards, including PCI, and support operational cost reductions that are necessary in the current economic climate.

Because of the open nature of a universitys IT environment, the perimeter gets bombarded from all sides, and we are constantly asked to do more with very little resources, said Ralph Michaelis, CIO at Carleton University. We turned to Third Brigade for our physical and virtual server protection and are now looking to the cloud to increase IT efficiencies, while maintaining the same level of security.

In this latest release, Third Brigade adds three significant product enhancements to complement the existing Deep Security host intrusion prevention system (IDS/IPS) and ICSA-certified firewall. First, seamless integration with VMware vCenter provides simplified deployment and increased visibility into an organizations VMware environment. Second, Deep Security 6 now includes two new product modules, integrity monitoring and log inspection, that further support PCI compliance initiatives and detect malicious behavior targeting virtual machines and physical servers. The new integrity monitoring module alerts on critical operating system and application changes that could signal attacks, while the new log inspection module is built using the multiplatform log monitoring capabilities of the OSSEC open source host intrusion detection project. Finally, all Deep Security product modules IDS/IPS, firewall, integrity monitoring and log inspection can now be purchased individually or in combination, and then deployed and managed via the powerful, centralized Deep Security management system.

Our public and private sector customers run datacenters that combine thousands of physical and virtual servers in dynamic, multiplatform environments. And now, many are looking to extend these resources to cloud computing, said Wael Mohamed, president and chief executive officer at Third Brigade. They turn to us because as server security experts we deliver comprehensive protection that enables greater operational efficiency and helps achieve cost savings. I am often told that we are also more responsive to our customers requirements than other vendors, which is crucial when business continuity and corporate reputation are on the line.

Deep Security 6 allows both virtual machines and physical servers to become self-defending. In many ways, managing the security of virtual machines is the same as for their physical counterparts, except when it comes to understanding the state of the system. Having visibility into whether a virtual machine is 'paused or offline has significant impact on the ability to deploy and manage protection of the virtual infrastructure. Seamless integration with VMware vCenter enables this visibility.

Enterprises oftentimes find themselves deploying several small physical VMware ESX clusters in order to meet security zoning requirements, said Burton Group senior analyst and virtualization expert Chris Wolf. Host-based security deployed to VM guest operating systems can allow organizations to move enterprise security to the virtual infrastructure, which may allow them to realize higher consolidation densities and more efficient utilization of shared infrastructure.

In cloud computing environments, network-based IDS/IPS no longer offers protection for virtual machines residing outside the enterprise perimeter. Deep Security 6 enables perimeter-like defenses to be applied directly to mobile, virtual machines. Combining these defenses with the integrity monitoring and log inspection capabilities in Deep Security 6 renders virtual machines cloud-ready and enables organizations to confidently deploy them in public cloud computing environments.

The VMware vCloud Initiative enables customers to combine the benefits of cloud computing with the business agility, service availability, and cost reduction benefits of the industry-leading VMware platform. A key component of vCloud is security for the cloud, said Wendy Perilli, director of product marketing at VMware. Whether businesses want to expand their IT infrastructures into internal clouds or leverage off-premise compute clouds, combining the VMware platform with partner security solutions like those from Third Brigade helps to provide them the flexibility and confidence to deliver business-critical applications when and where they want, while increasing IT security.

Deep Security 6 is available today through Third Brigade and its distributors. Software list price for 500 servers ranges from $150/server for single module protection, to $600/server for comprehensive protection, with all modules. Pricing for unlimited virtual machines per VMware ESX host is also available.

The software modules include: Integrity Monitoring, Log Inspection, Deep Packet Inspection and Firewall. The Deep Packet Inspection module enables IDS / IPS, web application protection and application control. All modules are available across Microsoft Windows, Solaris, Red Hat and SUSE server platforms and work with VMware, Citrix and Microsoft virtualization platforms. This software solution also protects these servers and applications when deployed in cloud computing environments like Amazon EC2, GoGrid and more.

For more information, please download the whitepaper at: http://resources.thirdbrigade.com/productwp/

About Third Brigade Third Brigade (www.thirdbrigade.com) specializes in server and application protection for dynamic datacenters. Our advanced software and vulnerability response service allows virtual machines and physical servers to become self-defending; safe from the latest online threats. This comprehensive, proven protection helps customers prevent data breaches and business disruptions. It enables compliance, supports operational cost reductions and addresses the dynamic nature of datacenters, including virtualization and consolidation, new service delivery models, or cloud computing. Third Brigade also owns and maintains OSSEC, the Open Source Host Intrusion Detection Project actively used in 50 countries around the world. Third Brigade. Thats control.

Note: Third Brigade, Deep Security Solutions, and the Third Brigade logo are trademarks of Third Brigade, Inc. and may be registered in certain jurisdictions. All other company and product names are trademarks or registered trademarks of their respective owners.

For more information: Laura Maio Claire Barton Third Brigade, Inc. Nadel Phelan, Inc. (T) 613-219-2800 (T) 831-440-2406 [email protected] [email protected]

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-28048
PUBLISHED: 2021-04-14
An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2021-28157
PUBLISHED: 2021-04-14
An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete.
CVE-2021-26030
PUBLISHED: 2021-04-14
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error page
CVE-2021-26031
PUBLISHED: 2021-04-14
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI.
CVE-2021-27710
PUBLISHED: 2021-04-14
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system funct...