ALIST: Jay Botelho of WildPackets
We hope you greatly enjoyed the first ALIST posting last week focused on Rob Andrews of Sonicwall. This week, we turn to a Product Management professional at WildPackets, Mr. Jay Botelho. Enjoy!
Name: Jay Botelho
Title/Role: Director of Product Management
Company: WildPackets, Inc.
Product Focus:
Distributed network monitoring
Analysis and troubleshooting
Twitter Handle: @wildpackets
1. What is your company’s flagship product, and why is it important for security purposes?
WildPackets flagship product is the OmniPeek Distributed Analysis Suite, a combination of network probes and visualization software that provides real-time visibility into every part of the network simultaneously from a single console. OmniPeek provides the capability of capturing, analyzing and storing every packet on the network, providing both real-time monitoring for a broad range of security issues as well as providing the record of every network event, providing the very best data for true root cause analysis of security issues.You never have to “reproduce” a problem, or wait for it to happen again – all the proof you need is in the captured packets.
2. What areas of security are most important to you professionally, and which do you enjoy working with most?
Network forensics, using stored packet data to drill down and determine the root cause of a security issue, is what we enjoy speaking about the most. Personally I also enjoy and have a background in wireless security.
3. What is the most common security challenge you are brought in on to help fix on behalf of customers?
It isn’t so much a specific security challenge as it is the overall challenge of identifying exactly how a security breach or attack happened in the first place. That’s what we’re most often called in to do.
4. How do you see Cloud Computing, virtualization, and Social Media affecting security in the coming months?
Both Cloud Computing and Virtualization can be thought of as enterprise security issues, and as such, I believe both are fairly well understood as to their security implications. Cloud computing will likely make tunneling protocols ever more popular, driving the need for better support for tunneling protocols in security solutions. Virtualization is already driving a new niche market for security products, like virtual firewalls, and this trend will continue for the next several years. Social media scares me far more than the other two, not because of the underlying network technology itself, but because of the way it is used. I already see a trend where corporate data is being shared by users of these systems, mostly with good intentions, but sometimes with bad. I see tremendous difficulty staying on top of such communication. It’s analogous to the market that sprung up in the last 2-to-3 years for monitoring corporate content through firewalls, like email content, email attachments, etc. to ensure the sensitive corporate data is adequately protected and contained. Now extend that to personal devices that are typically off the corporate network, and to communications that are often transmitted during non-work hours. Though sensitive corporate documents may not be as much at risk, musings about corporate strategy, trends, acquistions, layoffs, product plans, etc. make for interesting Twitter and Facebook posts. I’m not sure that enterprises have yet realized the risk, and once they do, they will be hard-pressed to find solutions in the short-term to address this type of security “breach”.
5. Tell me what your most pressing security concern is over the next 1-2 years.
I see increased network speed as being a real security concern, especially since the move to 10Gig seems to be in full swing now. Increased network speeds will not in and of themselves create security issues, but the increased data on 10Gig networks will significantly tax existing security solutions in terms of analyzing, reporting and addressing security issues. 10Gig networks will most likely cause a realignment of what is currently addressed in “real-time” analysis.
6. How do you stay abreast of the latest market developments in your space? Shows, social media, RSS, etc.
Web seminars (a.k.a. webinars) currently seem to be the best way to stay on top of market developments. Every company and every analyst seems quite willing to share their knowledge and insights on an extremely broad range of topics via web seminars. They are easy to attend and also make it very easy to multitask.
One outstanding golden egg could make them all turn to gold
7. In closing, give us one idea you have about security that everyone should consider. Your “Golden Egg”, so to say.
Most of the industry seems satisfied with security solutions that identify problems and alert administrators of their existence. The proliferation of IDS/IPS solutions seems to support this, but security solutions need to provide much more, including the discovery of the source of attacks, identification of ways to prevent similar attacks, and even the identification of the specific perpetrators. Network forensics based on packet capture, analysis, and storage provides the information needed to address all of these issues.
