March 03, 2014
$1,000/month for up to 20 servers for vCage Manager.
Trust no one. It's not just an X-Files slogan, it's the only way to assure a computing environment. It is the basis for the notion of trusted computing. When we look at major breaches where the adversary has used techniques such as memory scraping, we realize that any bit of the computing footprint that is left unprotected - no matter how small -offers a vector for compromise. vCage is exactly what it sounds like it is: a virtual cage around a computing asset.Today, we are increasingly accepting that it is a high probability that our computing infrastructure already has been compromised. Malware introduced by phishing or drive-by attacks may sit dormant for extended periods in our enterprise before it starts harvesting sensitive information. Much of that malware is zero-day and, as long as it keeps quiet, is not picked up by our scanners When it activates, though, it's likely too late.
vCage uses the trusted computing notion of attestation. This is tested proof that an asset is clean and protected. Typically, data is encrypted in motion and at rest. But it isn't encrypted when it is executing - in memory. One of the things that is exposed in memory is the encryption key. If that is extracted, the entire system is compromised. vCage protects data everywhere in the computing platform.
The vCage host is packaged as a stateless live image Linux KVM on a RAM disk - boot from it and attest it with the management server. Nothing outside the CPU is in clear text. The vCage manager provides provisioning, attestation and management reporting. The system currently support Linux, which is appropriate for most large organizations that use Linux as their core server structure.
At a glance
Price $1,000/month for up to 20 servers for vCage Manager.
What it does Secures servers with software-based attestation, full-memory encryption and OS hardening, providing a foundation for trusted computing.
What we liked Instantiates the concept that a system likely is already compromised into a trusted computing model that includes the entire computing infrastructure, including memory.
Sign up to our newsletters
SC Magazine Articles
- Long list of devices believed to be affected by NetUSB vulnerability
- Website observed serving 83 executable files, more than 50 percent malware
- Scammers target oil companies with sneaky attack
- CareFirst BlueCross BlueShield breached, more than one million individuals notified
- TeslaCrypt used to extort over $76K in recent months
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- Thousands of Bellevue Hospital Center patients notified of data breach
- Study: 86 percent of websites contain at least one 'serious' vulnerability
- Investigation ongoing in reported multimillion member Adult FriendFinder breach
- Report: $19M breach settlement between MasterCard, Target terminated
- FTC gives thumbs up to companies that cooperate during breach probes