ThreatSTOP is spending the week up in San Francisco at RSA. We will be on the Vyatta booth, #452, showcasing our joint solution for the protection and centralized management of virtual and cloud firewalls.
We started things off by attending the Cloud Security Alliance event on Monday morning.
There was one clear theme that emerged from the various panels and speeches - namely that the really big security challenge for cloud computing revolves around the fact that people want to be able to connect to the cloud from anywhere with whatever they happen to have at hand - a mobile handset, a tablet, a PC in an internet cafe and so on. This leads to a whole bunch of potential pain to do with device authentication, web security and the like.
As I listened however I realized that ThreatSTOP can offer a good deal to help with some of this. The most obvious thing that we can help with is stopping attacks on the cloud servers. This is because we have the IP addresses of currently active recon bots and other attacking computers. A cloud provider can (and we have customers who do) put ThreatSTOP on the firewall they have in front of their servers. This blocks all communications with those IP addresses a. As a result, the attacker thinks their is no server active at the target IP. Rather than waste time, resources, or potentially be detected by a darknet, they move on. Unlike signature based approaches, which accept the connections and inspect the data stream, the servers are not subjected to additional attacks and scans designed to enumerate and exploit known vulnerabilities.
ThreatSTOP can also be applied on a Vyatta VM which is used on a per hosted customer basis to protect their virtual infrastructure and not the entire hosting company. This means that each cloud customer can customize the block lists they select and use their own custom allow and deny lists, exactly the way they do on a standard physical firewall.
However that's only a part of the story. The other part is that we can protect the mobile device - at least when it's on the corporate network - from bot infection and can detect when it has been compromised outside the corporate network and returns to it.
By stopping attacks on cloud servers and detecting when malware has infected the clients ThreatSTOP can protect your cloud and physical infrastructure in ways no other product can.