How to detect side-channel attacks in cloud infrastructures

Cloud Computing is a disruptive technology which brought enormous benefits. However, even if the benefits are countless, there are several security challenges, such as elasticity and multi-tenancy, which require an innovative approach. Indeed, traditional security tools are not suitable for Cloud Computing, since infrastructures can be very dynamic. Therefore, automation is the only answer to…

Elastic Vulnerability Assessment (EVA) Credentials for AWS EC2 and VPC

One of the major obstacles to Elastic Detector adoption is the step where infrastructure API credentials are asked. Security guys do not easily give their keys to strangers. We fully understand that, so we have proposed two solutions: Virtual appliance, such as an AMI on the AWS marketplace. We provide VMware (vmdk) and KVM versions…

vSphere 5 Hardening Guide

Vmware has just released a great guide: the official hardening guide for vSphere 5.  The terminology has changed and if you are used to the version 4.1, there is a nice companion document to help you compare. The security of the virtualization layer is fundamental for the security of the cloud infrastructures. This is acknowledged…

Launch of HP Cloud with OpenStack

We’ve been busy lately with the second version of Elastic Detector, that supports Amazon EC2, Terremark’s vCloud Express and Eucalyptus. Today we’re thrilled to announce support of another leading cloud infrastructure: HP Cloud. Please find the complete announcement here. We are strong believers in OpenStack and we have participated to the private beta of HP…

CloudyScripts for vCloud

Starting from now, CloudyScripts – our popular open-source library (more than 10000 downloads up to now) that aims at relieving administrators from finicky scripting details to secure and manage cloud infrastructures – now supports the vCloud API in addition to Amazon EC2. vCloud is the cloud stack provided by VMWare and already adopted by around 30 hosting…