Friday, March 18, 2016

Confidence and Control at RSAC '16

A View of RSA from the Hall

RSAC ‘16, hit San Francisco with a record number of attendees, topping out at 40,000 a 15% increase from 2015. The security conference by the Bay, “where the world talks security” has seen steady growth in the past few years. The increase in attendance is mirroring the growth of the industry and fears around cyber crime, cyber espionage and, well, anything cyber.

The exhibition hall was no different as vendors packed in, illustrating not only on-going investment from the big guys like Fortinet, FireEye, Palo Alto and Cisco but also representing the over $4.6 billion dollars of venture capital that has been flowing into start-ups over the past two years. There are a lot of solutions out there, as organizations strive to obtain visibility into what is going on in their environments.

With all this attention, money and great parties at the W, are we any closer to achieving the very reason we are here? Not to get existential, as in the proverbial "why are we here," but where do our networks stand today? Are we any safer than we were just a few years ago? And who is managing all these shiny new boxes full of blinky lights? Isn't there a drought as big as California in the security talent pool, some million strong? California is counting on El Nino to save their day. When is the info-sec rain coming, and will it bring with it much-needed talent? The only clouds we see drive a lack of control and visibility, and create an application and access nightmare.

Before we fall into the familiar pit of pessimism, let's not forget what we are all doing here. We are keeping the connection alive. Keeping the connected workforce on the go, bringing moms closer to their children, doctors to their patients and driving unprecedented economic growth. Guarding the connection is kind of cool, and it matters.

At RSA, visibility and control reigned supreme, combined with ease of management. There are a number of "single panes of glass" solutions that aggregate your visibility at the management plane. These are great to see what is or what has happened within your network, and they even provide cool graphs. But they are doing nothing to feed the tools with the data that supplies the visibility and they provide little control.

After visibility, the underpinning issue of time to detection was everywhere. Plugging every hole and building a massive wall around our perimeter is no longer a viable form of defense in today's connected world. With every new device comes a new IP address and a point of access. Time to detection in weeks, months or years is not something we can afford in the "it's not a matter of if but when" era of security incidents.

We need to see who has entered our network, where they have gone, what they have done. We must react and deploy a response quickly. Recognizing that failures will happen while establishing a well-orchestrated response is a sign of a maturing security posture. Having the ability to respond quickly while being poised under pressure permeates confidence within our systems and the craft of securing the connected. Our security teams and systems need confidence more than anything, in response and in deployment. Because many of these expensive tools are not deployed in active blocking mode, due to fear of disrupting the connection, where is the confidence with partially implemented solutions?

The exhibitors’ hall at RSA is full of possibilities for investment. But no single pane of glass, magic bullet or high price tool is going to be effective if we do not provide the proper support. The lack of personnel and fear of automated systems are compounding a passive approach to prevention and detection. Teams are managing and deploying shiny new boxes while fighting for access to traffic and visibility. Instead of actively protecting the connected.

A wise person once said, "judge me not by the mistakes I make but by the lessons I learn." With these post-incident lessons, how do we respond not only with the right internal behavioral change but with the appropriate technology as well? The speed of deployment and confidence in implementation is an essential factor in incident response. We need to be able to provision new solutions with confidence, with all available active in-line services up and running, while reducing management and provisioning overhead. Freeing our teams from the deployment and management cycle to redeploy them to the protection cycle. This way we can not only be good, we can also be cool, until we all meet again in the City by the Bay. 


Learn more about how you can confidently deploy security in your environment and mature your security posture without disrupting the network connection.

 http://www.vssmonitoring.com/security/

Thursday, March 10, 2016

What European Soccer Can Teach Us About Defending the Network



Real Madrid, the star of European soccer, is one of the best teams in the world and as such, attracts top talent from all over the planet. The team won the most coveted club trophy, the Champions League, ten times. However, the road to glory has been a bumpy one and, within their failures, there are lessons for network security professionals.

Real Madrid won its 9th Champions League trophy in 2002 largely thanks to its defensive midfielder Claude Makelele. He left the team the following year and Real Madrid, unable to acquire an adequate replacement, didn’t win the trophy again until 2014 after they finally found the world-class replacement in Xabi Alonso.

Why were Real Madrid’s defensive midfielders so critical to the team’s success and why are they relevant to defending the network? The defensive midfielder’s job is to break up the other team’s attacks, win the ball back and pass it to his offensive players so they can score. They have the skills and the right perspective on the field to provide visibility to the whole team. Coincidentally, visibility is one of the defining features of a mature security posture and key to enhancing cybersecurity capabilities.

Combining a comprehensive traffic delivery strategy with advanced security capabilities creates a pervasive defense system against a broad range of attacks.

A mature cyber-security approach takes into account both the internal enterprise network and the external world of threats; they are dynamic environments that are always evolving. Therefore, protection requires a dynamic security architecture built-in – not added after the fact. It advocates for combinations of security solutions. Some of the most common mixes are:

  • Active inline network analysis
  • Passive, out of band network forensics
  •  Active payload analysis

For this architecture to be effective, it needs to have access to all traffic that moves through the network, and it should be flexible enough so that changes can be made at a moment’s notice. Even today, most network changes are done during a maintenance window, when the volume of traffic is low and the threat of disrupting the business is small. However, imagine a world where, as a network administrator or security professional, you are able to have visibility into all network traffic, and enhance and modify your security infrastructure without any disruptions to the business. This is the promise that unified visibility, enabled by the VSS Network Packet Brokers (NPBs), can deliver on for an organization.

The NPBs aggregate traffic from various network links creating a Unified Visibility Plane. It allows organizations to collect relevant traffic from many locations at speeds from 1Gbps to 100Gbps and deliver it to a centralized security architecture that inspects and analyzes the traffic, generating alerts and possibly blocking traffic in real time. Additionally, it allows the network operator to construct a chain of security devices which inspect network traffic in sequence. Only the traffic of interest is sent to each security device. 


Imagine being able to deploy inline, active, real-time security inspection without any risks to the network performance (no more worries about being fired because of a network outage!). Imagine being able to constantly exercise the application stack of a security system so you know it is working as expected. Go beyond simple pings telling you if the security system’s port is up or down – they are insufficient in a world of real-time traffic inspection.

Network and security professionals have been fighting an uneven match with cyber-criminals. While the “bad guys” can change weapons in a matter of minutes, you, in most cases, have to wait for maintenance windows to upgrade your architecture. This results in a belated modification, and, perhaps worse, an irrelevant one. What makes this battle a more even one is a mature cyber-security posture based on pervasive visibility.

The VSS ActiveProtection Suite and the Unified Visibility Plane deliver these benefits, and more. Now network administrators, like soccer coaches, can adjust their arsenal in real time without having to worry about disrupting the flow of the game or the business operations of the company. Just like Real Madrid’s all-star midfielders, a Unified Visibility Plane provides visibility to all traffic and allows security systems to do what they do best: inspect and block potentially malicious traffic while other systems search for threats inside the network. 

Not a bad world to live in, don’t you think?

Learn how VSS can help you be the best midfielder on your security team. Support multiple layers of defense without risk to network performance or network uptime with our inline tool-chaining capability. See the on-demand demo.