A book by Davi Ottenheimer
Winter, 2024

John Wiley & Sons
ISBN: 978-1118559215
Paperback US $27.95

From the Back Cover

Big data requires big security; here’s what you need to know

More data is collected, at a higher speed, in more formats than ever before. Traditional information security simply has been unable to keep up with this transformation, which presents IT managers with a difficult dilemma. On the one hand everyone from the smallest company to the largest government is beginning to make use of giant lakes of information. The value proposition is clear. On the other hand, more harm than benefit looms when considering many of the realities of big data security. Even without specific solutions there may be workarounds and compensating controls to consider. The Realities of Big Data helps IT leaders identify how and where to best protect Big Data environments from disclosure, disruption or loss.

• Reveals emerging security risks of Big Data from the view of both IT and business management.
• Details the underlying reasons behind security gaps, how to find the gaps quickly and reliably, the options to consider for reducing risk from those gaps and the most likely dangers to avoid until choices improve.
• Shows how to balance performance and progress against safety and control
• Presents measurements and results to improve risk management
• Offers compensating controls and workarounds
• Shows how to leverage Big Data for security

Organizations need to carefully manage risks to their data as more important decisions are based on it. If you’re a manager, architect, or developer charged with a big data project, you should have a copy of The Realities of Securing Big Data.

A book by Davi Ottenheimer and Matthew Wallace
May 2012

John Wiley & Sons
ISBN: 978-1118155486
Paperback US $49.99
Kindle US $32.99

Ordering

Order in paperback: Book Depository | Powell’s | Amazon | Barnes & Noble | Wiley

Order as an e-book: Amazon | Barnes & Noble | Wiley

Find the book in a library

Reviews and Responses

• ” I was not familiar with Davi’s work, and when he gave me a copy of his book I thought the subject would be a bit boring. Yet back to my hotel I started reading a couple pages from various chapters, and suddenly found it more interesting: the book is really accessible, seems to provide a comprehensive and up-to-date coverage of the topic, and is extremely well written (compared to the average security book).” (Jean-Philippe Aumasson, Principal Cryptographer, Kudelski Security, Feb 2014)
• “Anyone who is serious about virtualization security should certainly make sure that Securing the Virtual Environment: How to Defend the Enterprise Against Attack is on their reading list, and that of every security administrator in their company.” (Ben Rothke, InfoSec Mgr Wyndham Worldwide Corp, May 2012)
• “Anyone who needs to understand virtualization security theory and attack strategy should pick up this book, without a doubt.” (David Shackleford, principal consultant at Voodoo Security and author of “Virtualization Security: Protecting Virtualized Environments,” June 2012)
• “Definitely a recommended read for security professionals needing a substantial and solid introduction to what ‘security’ actually involves in the cloud and other virtualized environments.” (Richard Austin, HP Security Engineer, September 2012)

From the Back Cover

Your virtual environment might be a prime target for hackers and attackers who want to steal data or exploit your resources. This book arms you with the knowledge and tools to safeguard your virtual and cloud environments against external and internal threats. You’ll gain insight into how to avoid denial of service, log and audit activity, protect virtual networks from eavesdroppers, and harden virtual servers. If your job involves protecting assets in virtual and cloud environments, this book will be invaluable to you.

• Perform vulnerability assessments of your virtual environment to uncover security weaknesses
• Learn how attacks in a virtual model differ from traditional computing models and how to best use technology and processes to defend yourself
• Learn how attackers use and abuse APIs to manipulate and gain entry to virtual environments
• Understand the risks of Software as a Service and how to get the protection you must have
• Be ready for audits by ensuring that your virtual and cloud environments comply with standards and regulations such as PCI DSS and ISO 27001
• Build your own low-budget virtualized test lab for hands-on evaluation of attacks and to practice prevention and response

On the DVD

Use the files on the DVD to follow along with the hands-on examples, or use them as the basis for your own code. Using the code and the book, you can

• Conduct a “hypervisor escape”, breaking out of a virtual machine into the host system
• Load the included, ready-made penetration testing virtual machine, preloaded with tools such as nmap, ettercap, the Open VAS vulnerability scanner, and more directly into your virtual environment
• Test the security posture of your Xen or VMware environment using automated scripts that peek at virtual disks and copy or modify virtual machines
• See the code used for hands-on exercises in the book that audit or attack virtual environments