Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:25 PM
Dark Reading
Dark Reading
Products and Releases

eIQnetworks Extends Security, Compliance Management To The Cloud

New features within security and compliance management platform SecureVue helps organizations identify and manage security concerns within virtualized cloud infrastructures

ACTON, Mass.—September 29, 2009—eIQnetworks, Inc., today announced new features within its SecureVue security and compliance management platform solution that identify security concerns within virtualized cloud infrastructures. With new scalability and virtualization mapping capabilities, customers can now rely on the comprehensive security picture SecureVue creates when deploying in cloud computing environments, assisting with overall IT security and aiding compliance with internal policies and industry or government regulations.

Deploying in a cloud, companies typically rely on multiple virtual hosts running on physical servers. While this creates efficiencies by maximizing data center resources, it also presents security challenges in pinpointing where a specific virtual machine is and remediating against security exposure. With the enhancements to SecureVue, available in version 3.2, eIQnetworks has integrated with VMware-based hypervisors to receive critical information from virtual hosts, which can be used to evaluate IT security.

Going far beyond traditional log-based security information and event management (SIEM) solutions, SecureVue provides a comprehensive view of enterprise security based on managing and correlating data from numerous sources, including Logs, Vulnerabilities, Configuration, Asset, Availability, NetFlow and other security-relevant data from network devices, security devices and servers. Today's announcement adds to SecureVue's ability to identify security threats other solutions cannot even begin to see, extending this breadth to virtual machines within cloud environments.

"Based on the direction of technology and the push for virtualization, MAXIMUS was excited to see the implementation of cloud computing security management capabilities in the new version of SecureVue," said Jamie Giroux, director, OIS Security & Audit, at MAXIMUS. "We are excited to see these features, so that we can incorporate our growing virtualization investment into our Security Incident Management program. Compliance requirements are not restricted to device types and we are ecstatic to be working with a vendor that shares our vision."

The new SecureVue functionality provides visibility into a number of issues that are unique to virtual servers and cloud computing environments:

Identifying virtual machines: SecureVue can now identify virtual machines and provide a picture of which virtual machines are operating on various physical hosts. This identification is necessary to remediate the virtual machines if evidence indicates they are vulnerable to attack or being targeted.

Managing configuration information from virtual machines: SecureVue ensures that virtual machines are configured according to enterprise and/or best practice policies (including those published by the Center for Internet Security), and can create reports on the configuration of virtual machines, in the cloud, in the same manner as for physical machines, a process essential for the consistent reporting required for regulatory compliance. The data from cloud infrastructures can be included in all standard or custom SecureVue dashboards and reports.

Correlating data from virtual machines to identify nefarious activity: SecureVue can identify vulnerabilities or evidence of an attack on virtual machines within the cloud based on a clear understanding of overall network activity. This reduces the threat of newer attacks that might take advantage of "blind spots" created by virtual servers or log-based security solutions.

Scalability to the Cloud One of the key requirements in supporting cloud-based initiatives is scale and flexibility. With an infinite number of deployment models for cloud services and applications, ensuring security of data residing in the cloud is paramount to successful deployments. Featured in SecureVue 3.2, eIQnetworks' unique Six-Tier (T6) architecture and flexible software or hardware-based deployment provides unparalleled global scale allowing for comprehensive management by different teams, in different geographies, without sacrificing enterprise visibility. Designed to scale to a million nodes (network devices or servers) over 6 levels of data collection, SecureVue is the industry's most scalable security management solution.

"As organizations embrace cloud computing, companies are still on the hook to protect that data and ensure compliance with regulations despite not knowing exactly where data and applications may reside," said Vijay Basani, Founder and CEO at eIQnetworks. "With these enhancements to SecureVue, customers receive the same level of visibility across their virtual servers—the fundamental building block of cloud computing—that they receive on their physical servers. With unmatched scalability, SecureVue enables enterprises and government agencies to consistently substantiate security controls, demonstrating compliance and managing security within both traditional and cloud-centric data centers."

Availability SecureVue 3.2, which includes functionality for managing security in the cloud, is immediately available through eIQnetworks global distribution channels.

About eIQnetworks eIQnetworks is redefining security and compliance management by proving "log data is not enough" and fostering collaboration across security, network, data center and audit teams to more quickly isolate the root cause of security issues and ensure compliance mandates are being enforced. Global financial, retail, media, healthcare, manufacturing, and government enterprises rely on eIQnetworks to make sense of formerly disparate data sources to react faster to emerging threats, automate their compliance efforts, and more effectively monitor security policies. Headquartered in Acton, Mass., eIQnetworks is located online at www.eIQnetworks.com and can be reached at +1 877.564.7787.


Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...