Wednesday, February 19, 2014

New breed of cyber-attacks needs new breed of cyber-warriors




It should not be a surprise to network owners that there is a vivid rise in the number and complexity of cyber threats and targeted cyber attacks. The bad guys have simply gotten smarter, have more money to spend, and are simply better equipped than before. Those of us trying to defend the IT fortress with aging perimeter defenses see this well equipped enemy on the rise. We are seeing more frequent and highly targeted attacks resulting into higher financial and brand degradation impact to business and intelligence agencies worldwide. There is also a more noticeable diversity when it comes to key motivations behind these attacks. Script kiddies are all grown up: hacktivism, cyber crime (focusing primarily in financial gains), cyber espionage or cyber warfare (state sponsored) are the order of the day.

Hackmageddon Summary of Top 20 Breaches of 2013 shows that 9 of the top 20 breaches in 2013 resulted in incidents affecting more than 20 million users. Many have seen the most recent attack on Target Stores, which, initially, was led to believe it had affected 40 million users and later proved to be even higher (70+ million of users).

The good news is that we are seeing an influx of technology innovation and solutions focused around network, big data visibility, and security. Just taking a look at the Hot Security picks for 2013 and 2014, we already see emerging solutions aimed to address challenges around cyber-security and Big Data security analytics.


The Challenges
We are also seeing more collaboration between intelligence agencies, i.e. ISCA Council, as well as partnerships between government, innovators and investors lead by organizations like SecurityInnovation Network (SINET).

However, IT security organizations worldwide, big enterprise, government or SMBs are still faced with some major challenges regardless of a healthy 41% increase in security budgets in 2014, positive collaboration seen between intelligence agencies, and increased number of security start-ups because:

A) They can’t simply afford the time and the cost needed to acquire, validate, deploy and manage the new breed of security tools needed to combat new threats.

B) They can’t find the right breed of Cyber-Security Soldiers (and when they do, many can’t afford to keep them) needed to effectively operate the next generation of security and forensic tools effectively to combat new breed of attacks.

First challenge: If IT security organizations where to follow the good old proven Defense-in-Depth strategy, there is simply a massive number of tools needed to combat these attacks that need to be deployed and managed. IT Security Operation teams must be able to rapidly evaluate, deploy and operationally managed the new set of bleeding edge technologies developed in an efficient and cost effective manner. These tools must keep up not only with the emerging type of threats, but also with the rapidly growing network speeds and the amount of data that needs to be captured, analyzed and acted upon.

Second challenge: A more difficult one to solve is that there are just far too few subject matter experts (SMEs) that pose a well-rounded experience and a much needed “context”. You need experts that can help look for the next unknown threat or the advance targeted attack that may already be inside your enterprise. These can be a new breed of DDoS technique, or a hidden multi-stage Advance Malware Techniques, or good old SQL Injections techniques already targeting your intellectual property and key assets like your customer’s credit card data or personally identifiable information.

The Good News
Security Webinar on BrightTALK
Free webinar on how to build a defense in depth security with NPB

To help address the first challenge many enterprises have turned to new complementary technologies like Network Packet Brokers (NPB) or Network Visibility Controllers (NVC) as well as more academic solutions like OpenFlow. These new complementary solutions aim to help IT organizations worldwide speed deployments and optimize security and forensics infrastructure as they design and build new generation cyber fortress needed to combat new type of targeted attacks.

To help with the second challenge, this week, Embry-Riddle Aeronautical University in Prescott, Arizona announced formation of the nation’s first College of Security and Intelligence. This is a way to address “the growing need for highly skilled cyber security, forensics and global security and intelligence experts.”

  

Friday, February 7, 2014

VSS Monitoring Optimizes SDN-based Traffic for Enhanced Performance Monitoring and Security Agility

NPBs and SDN VE Deliver Flexible, Cost-Effective Monitoring and Security Solutions

Last week, VSS Monitoring announced its joint solution with IBM (NYSE: IBM) delivering a converged monitoring fabric for virtual environments. Powered by VSS Monitoring Network Packet Brokers (NPBs) and IBM SDN Virtual Environments (SDN VE), organizations can leverage the solution to accelerate SDN-based environments for performance optimization and fail-safe monitoring at wire-speed, essentially creating a converged monitoring fabric for both physical and virtual-host traffic (including OpenFlow switch traffic). Announced at the OpenDaylight Summit on February 4, 2014, IBM SDN VE solution consists of the new unified controller, virtual switch overlays, non-SDN gateways, and open interfaces. SDN VE supports OpenStack as well as VMware and Kernel-based Virtual Machine (KVM). VSS Monitoring NPBs, in combination with the IBM unified controller, enable organizations to leverage OpenDaylight technologies to facilitate SDN deployments with enhanced performance monitoring and security agility. NPB solutions provide fail-safe monitoring and total visibility into virtual traffic, with VSS’s vMesh, vNetConnect and vSpool. Only VSS Monitoring NPB solutions enhance big data visibility for business intelligence analytics or Big Data applications. 

Total Visibility for New Lines of Business

As networks evolve, incomplete visibility to decentralized monitoring and security tools and scaling large network deployments become challenging due to the their inelastic nature. This often requires a rip-and-replace approach or successive proof-of-concepts as organization grows. Network packet brokers have emerged as a critical element of the network infrastructure to solve network visibility and monitoring challenges. Well established for physical networks (LAN, WAN, and Distributed), NPBs now address the same challenges for virtual-host traffic (VMs) in addition to SDN-based environments. By having complete visibility into any and all packets traversing the converged network, organizations gain powerful, timely analytics into the network and application performance for faster root-cause resolution, high service level assurance, 99.999% availability, accelerated user experience, and – in light of Big Data – new lines of business from meaningful customer insights. 

An All Encompassing Monitoring Fabric

Today’s network monitoring environments utilize monitoring and security tools from any number of different vendors. The ability to easily manage and deploy all tools in a coordinated manner is critical for both network operations and security operations. VSS Monitoring NPBs are vendor-neutral and are currently deployed with a wide variety tools that could be deployed in conjunction with or in parallel to the IBM SDN Virtual Environments.

For more information, check out the IBM and VSS Monitoring joint solution brief.

Tuesday, February 4, 2014

IBM SDN VE & VSS Monitoring NPB Deliver Converged Monitoring Fabric for SDN

It's an exciting time for the Software Defined Network (SDN) world as IBM unveils the new unified controller, an OpenDayLight technology, at the OpenDaylight Summit this week in Santa Clara. In the press release, IBM claims that its Software Defined Network Virtual Environments (SDN VE), "which consists of the (new) unified controller, virtual switches for creating overlays, gateways to non-SDN environments and open interfaces for application integration," will not only integrate SDN into private and public cloud infrastructure, but also unify and simplify control of the converged nature of today's hybrid networks. (Read IBM press release.)

What's more exhilarating is the joint solution between IBM and VSS Monitoring, i.e. SDN VE and Network Packet Broker (NPB). In addition to traditional network, this combination delivers a converged monitoring fabric for virtual hosts as well as traffic traversing through OpenFlow switches.

What does that mean?
It means SDN-based OpenFlow traffic can now be aggregated to monitoring and security tools through NPB with advanced packet optimization services such as slicing, de-duplication, port & time stamping, fragment re-assembly, encapsulation filtering and load balancing, for both inline and out of band implementation. Such services are not possible within SND-based systems previously.

How does it apply to SDN?
According to IBM & VSS Monitoring's joint solution brief, IBM virtualization solution inserts "an SDN layer that enables TAP aggregation for virtual hosts and OpenFlow networks" while VSS Monitoring vendor-agnostic NPB provides immense flexibility in selecting application and network performance management and security monitoring solutions. Using the combined solution, adding SDN traffic is as easy as programming the OpenFlow switch to act as traffic aggregator. 

Solution Benefits
While one may argue otherwise, immediate inherent benefits of this joint solution are not limited to: 
  • Wire-speed and fail-safe monitoring;
  • Large scale, cost effective network monitoring for physical  & virtual networks, cloud infrastructure and SNDs; and
  • Incremental SDN deployment in a controlled, low risk environment.   
The possibilities are endless with NPBs in SDN-based environments now, specifically in light of recent announcements regarding Big Data Visibility and the soon possible Security-in-Series defense in depth model, which will be announced at RSA 2014 in San Francisco (complimentary passes are still available). 

To learn more: