March 03, 2014
$1,000/month for up to 20 servers for vCage Manager.
Trust no one. It's not just an X-Files slogan, it's the only way to assure a computing environment. It is the basis for the notion of trusted computing. When we look at major breaches where the adversary has used techniques such as memory scraping, we realize that any bit of the computing footprint that is left unprotected - no matter how small -offers a vector for compromise. vCage is exactly what it sounds like it is: a virtual cage around a computing asset.Today, we are increasingly accepting that it is a high probability that our computing infrastructure already has been compromised. Malware introduced by phishing or drive-by attacks may sit dormant for extended periods in our enterprise before it starts harvesting sensitive information. Much of that malware is zero-day and, as long as it keeps quiet, is not picked up by our scanners When it activates, though, it's likely too late.
vCage uses the trusted computing notion of attestation. This is tested proof that an asset is clean and protected. Typically, data is encrypted in motion and at rest. But it isn't encrypted when it is executing - in memory. One of the things that is exposed in memory is the encryption key. If that is extracted, the entire system is compromised. vCage protects data everywhere in the computing platform.
The vCage host is packaged as a stateless live image Linux KVM on a RAM disk - boot from it and attest it with the management server. Nothing outside the CPU is in clear text. The vCage manager provides provisioning, attestation and management reporting. The system currently support Linux, which is appropriate for most large organizations that use Linux as their core server structure.
At a glance
Price $1,000/month for up to 20 servers for vCage Manager.
What it does Secures servers with software-based attestation, full-memory encryption and OS hardening, providing a foundation for trusted computing.
What we liked Instantiates the concept that a system likely is already compromised into a trusted computing model that includes the entire computing infrastructure, including memory.
Sign up to our newsletters
SC Magazine Articles
- Skype targeted by T9000 backdoor trojan
- CISO salaries and demand for cyber-skills skyrockets, surprising no-one
- Student SSNs exposed in University of Central Florida breach
- Malwarebytes says sorry for multiple AV bugs, still unpatched
- Ransomware and POS attackers to zero in on small businesses, retailers
- Hearthstone gamers who download cheats may be cursed with malware
- Cryptowall has been a cash bonanza for criminals, failure for cops
- IRS hackers try to use stolen SSNs to generate E-file PINs
- Report: Pros urged to roll out IT projects before they are security-ready
- Security issues plague web dating software