_____________

Anue Systems is exhibiting in the Vendor Expo at booth 2631. I was personally present for the first day, and I must say, the show was busy right from the start. In what turned out to be a very productive first day, we were able to chat with nearly 200 IT professionals. While we of course highlighted our products, we were also able to check out some cool new technologies, learn a bit about some real world needs among data center and security professionals, and generally meet some intelligent and engaging professionals.

If you intend to be at the show today or tomorrow, please come by to visit with us. Here are some of the highlights of our booth space.

Free Coffee in our booth until it runs out on Thursday

Scan Your Badge to Enter Our Google Nexus One Drawing

Meet our Executives and Sales Team

In 2010, I predict we will see more of…

1. Malware for Mobile. Mobile has yet to be seriously attacked by cybercriminals and hackers, and the most likely reason is that they do not share a common OS or platform like PCs do. However, in the past year, we have seen accelerated adoption of the iPhone, new models from Google itself, and continued fragmentation everywhere else but with Blackberry products. With so many developers creating literally thousands of applications for the iPhone platform, it is only a matter of time before we start to see scareware and other malware. It’s officially time for Apple to get serious about security.

2. Social Media Mayhem via Social Engineering. Unless you’ve been living under a rock, surely you’ve seen all the FUD out there about how insecure social networking sites are and how the problem will only get worse. Why haven’t we seen a barrage of problems in addition to the few big roadbumps we’ve encountered to date? Two words – Early Adopters. Those of us who have been on social media services for years are usually the most technically savvy users out there. Now that the masses have come, the floodgates of scams and other social engineering trickery has officially begun to open. In 2010, I can’t see any reason it won’t start to get worse, and quickly. At least enterprises can fall back on social media policies, but consumers are in for some unpleasant surprises.

3. Meet Mr. Botnet Alpha Prime. Remember our old friend Conficker? Well, to coin a cheesy old cliche, “You ain’t seen nothin’ yet.” We’ve already seen variants of this beast’s descendents that not only take over systems for spamming, but also ping back to servers in various third world countries for code updates. Yes, botnets have developed counterattack measures. Don’t get used to the decrease in SPAM we saw when we made it past April Fools’ Day, because the next generation will take it one step further. Sigh.

Will Social Engineering Make Social Media More Risky in 2010?

4. Taking Advantage of the Cloud. No, this won’t be another panic-laden diatribe about how the cloud is not secure enough and we’re all going to have our identities stolen. Rather, I’m concerned not just about the ability of skilled hackers to decrypt private data and sell it on the black market. The problem comes from a combination of techniques, perhaps where pay-as-you-go cloud services are manipulated in order to hold companies hostage by damaging performance and skyrocketing data transfer costs. Think of the security implications in this scenario, and you can see that privacy concerns are only one of many. Now imagine they can do this to online banking or other financial applications, and there’s a lot at risk. One day the cloud will be a godsend, but for now, it’s still merely a work-in-progress that will pose new challenges, many of which we may not have even fathomed yet.

5. Data Breaches Squared. Remember all those security breaches we saw in 2009? Did they scare you? What did you do within your own data center and WAN to avoid a similar fate? Wrong-doers are increasing their sophistication every day. The techniques we’ve witnessed in the past year may already be on the radar, and you’ve likely put in measures to prevent them in the future. Doesn’t matter. Someone somewhere is working on a new way to break in, and these guys are getting smarter and (believe it or not) more organized as cybercriminals. I see similar or even worse attacks on the horizon heading into the new year.

There you have it…five predictions for IT security in 2010. What predictions do you have? Share in the comments and let’s exchange some ideas. And as always, thanks for reading.

The following commentary is based on IDC’s top 10 tech predictions: cloud and analytics, which just recently appeared on NetworkWorld.com.

The Maturing of Cloud: SLA Implications on Service Providers will Improve and Emerge
We’ve commented and covered criticisms regarding cloud security quite a bit on The Network View, and there has been a great deal of debate about this topic. Performance is another crucial piece to this puzzle. For enterprises to truly take the cloud seriously, we need to get performance and uptime to reasonable SLA levels, we need to determine the best and least “crackable” method by which to encrypt traffic that moves into and back out of the cloud, and business continuity / disaster recovery practices must be much more buttoned-down. Sure, I think it will only be a matter of time before we get there, but I remain skeptical that we will take this major step within the next 12 months. If you are privy to some data that will change my mind, I’d love to read about it in the comments.

The Tipping Point: The Inevitable Adoption of Social Media in Enterprises
I, personally, love this prediction and truly hope it will come to pass. The open issue is exactly what “adoption of social media in the enterprise” means. In all likelihood, it will not be a full tolerance and acceptance across the organization due to security concerns, particularly in the most conservative and old school of the corporations. What I envision in the near term is that corporate communications teams will be authorized to spread only approved messages and topics, much like PR is currently managed, only in real-time. In reality, it will take another year or two before we can reach critical mass of knowledge among enterprises regarding the best ways to enforce security measures, monitoring behaviors, and incorporate such traffic-heavy activities into the day-to-day management and optimization of network performance. In the meantime, here’s to your company not blocking Twitter, blogs, or other social media until they can get it figured out.

Converged Fabric and the Evolving Data Center
Data Centers have already been evolving, there’s no question about it. Now, with a massive shift toward reducing footprint and power consumption, consolidating equipment and applications, and generally making the most of reduced budgets, network operations and architecture teams are forced to look at new ways of managing the network – and all of this is happening as we are smack dab in the middle of a migration to faster 10GbE architectures in many companies.

Virtualization technologies deployed across FCoE (Fiber Channel over Ethernet) will provide outstanding abilities to dynamically manage bandwidth and server cycles. The cost savings and productivity improvements in the long term are obvious, but we need to be absolutely positive that complementary training and skillset growth are taken into account to ensure full enjoyment of the expected benefits.

The Dawn of the Enterprise Appliance
I’m not so sure the word “dawn” is the right analogy, as we already have quite a few different single-purpose hardware-driven solutions for monitoring and other activities. The key here, in my mind anyway, is how this plays with virtualization technologies. Since we can virtually manage bandwidth and storage already, and virtual machines can dynamically relocate based on server load, I’m a bit dubious that this actually makes sense in the long run (vs. implementing these single-purpose activities virtually). That said, aggregation and distribution technologies like Monitoring Optimization solutions will be even more important in a virtualized environment, particularly one where appliances become commonplace.

Okay, that’s it for me and my soapbox today. Hit me with your thoughts, criticisms, embellishments, or questions. And as always, thanks for your time and attention.

Data Centers: The next five years

Last week at the annual Gartner Data Center Conference in Las Vegas, key analysts overviewed the most important issues that data centers face in the next five years. As expected, rising energy costs and the movement toward “green” solutions was a primary topic, as was social networking technology. But there were several other hot topics which the responsible network operations professional should be pursuing.

Below is our take on eight of the top 10 issues, as raised by Gartner. As a refresher, the top 10 issues were virtualization; the data deluge; energy and green IT; complex resource tracking; consumerization of IT and social software; unified communications; mobile and wireless; system density; mashups and portals; and cloud computing.

1. Virtualization – As virtualization technologies continue to advance, adoption is accelerating. Savvy data centers have already begun implementing virtualized servers, and this growing trend is here to stay for a variety of reasons including dynamic server load management, a need to reduce power consumption, and fast growing network complexity.
2. The data deluge – Not a new issue, albeit an accelerating one, the vast amount of data that traverses today’s networks creates a variety of problems, from storage management to throughput to monitoring. And here’s the kicker…the problem will only continue to expand over time. Faster and more efficient network infrastructures (10G today, 40G and later 100G in the future) will help with throughput. Gartner’s automated tiering idea for storage holds water strategically, but not all data centers are poised to implement it in the near term. Monitoring is particularly concerning, as higher bandwidth tools are required, yet virtualized servers and applications can be a challenge to pinpoint for monitoring in dynamic environments. Advanced capabilities for data/traffic aggregation and filtering are not only “nice to have” in virtualized environments, but a must.
3. Energy and green IT – Not much to say that you haven’t already heard. When it comes right down to brass tacks, this is a cost saving move, and fortunately (for your corporate communications division), it can be leveraged for some positive PR. Given current global issues related to energy costs and environmental concerns, this trend is here to stay.
4. Consumerization of IT and social software – This is an issue that has grown significantly over the past year or two, and one that Gartner has said will continue this accelerated growth path over the next several years. Consumers are very interested in new technologies, and especially in the ability to control their own user experience. Coupled with a growing trend toward a distributed workforce, work-from-home privileges, and the vast volume of unstructured data that result from social web-based applications, we see consumerization as inevitable (and in some respects, a good thing).
5. Unified communications - UC has been touted as the grand vision for bringing all communications media together, and it most certainly has its benefits, idealistically. That said, the growing trend toward digitization of communications is a prerequisite to truly achieving this vision. Kudos to Cisco and other thought leaders in this area, because as we analyzed in our post about the Net Generation, real-time and cross-platform (even cross media) integration is exactly the type of capabilities the younger sect of the population desires.
6. 

   Mobile devices like the Android now function like mini-computers

   Mobile and wireless – Continuing on the idea that the younger generation wants pervasive connectivity and interaction, mobile and wireless are growing in importance by the day. This is yet another way that social technologies are forcing our hand at considering new strategies for accommodating user needs. Coupled with the desire for “real time everything”, we have seen mobile phones advance to the point where they can serve as mini computers. The key issues then are how to secure devices that are not physically attached to the network itself, how to accelerate performance over time as mobile network speed increases, and how to properly provision devices and connections.  Brace yourselves, because the complexities that this will pose may not even all be known as of today.

7. Mashups and portals – Both similar in nature, in that they serve important content aggregation purposes, mashups and portals offer different challenges due to the nature of how they work. Of particular concern to us is the mashup concept, where not only content but code can be aggregated. The obvious problem is that you risk exposing yourself to untrusted code, not to mention potential copyright issues related to syndicating content that is not authorized for distribution and/or republication. Since browsers were not designed with mashups in mind, this is an issue that absolutely cannot be overlooked from a security standpoint.
8. Cloud computing – With all of the cost and efficiency benefits that cloud computing offers, cloud security remains a wild card. Two of the most common arguments about cloud security center around the access / authorization process and storage / transmission of sensitive data. Access can be a problem for anything that falls outside of your physical environment, but that is a lesser concern in our eyes than securing the actual traffic stream that transmits across the ultimate cloud…the Internet. It will be fun to watch how this all plays out in the coming months and years.

So there you have it, our take on eight of the 10 issues that Gartner said will be the most important to data centers heading into the second decade of this century.

We’d love to hear your thoughts on the issues and our commentary. Feel free to agree or disagree. Debates can be very useful in helping hone our viewpoints on all of these issues, so I truly hope this post sparked a new idea or thought for you.

ALIST: Bill Roth of Log Logic

Name: Bill Roth
Title/Role: EVP / Chief Marketing Officer
Company: LogLogic
Product Focus: Security, Log Management, Compliance
Twitter Handle: @loglogic

1. What is your company’s flagship product, and why is it important for security purposes?
Our flagship product is our Open Log Management Platform, which collects, normalizes, indexes, stores, and searches log data automatically with our easy-to-deploy appliances or hosted solutions. This provides a platform for collecting system information from a wide array of products and devices, especially those related to security. Our security products, on top of the platform, allow system admins and IT security staff to analyze and correlate diverse log data in real-time for identification and management of security events.

2. What areas of security are most important to you professionally, and which do you enjoy working with most?
Security event management. The only true way to detect a security breach is by tracking what actually happens in real time. In addition, it is crucial to be able to understand the security profile across many different devices, systems, and environments, and to be able to correlate those events to detect sophisticated security threats. Personally, I enjoy working on the areas of security which most closely align with public policy, especially in areas like HIPAA and HITECH.

3. What is the most common security challenge you are brought in on to help fix on behalf of customers?
Vsibility of security events in an environment. Most customers we encounter are unaware of the scale of security information they have or do not know the scope of the security issues they have occurring right in front of them. Many companies are stunned to learn the amount of simple, out-of-policy activities that are going undetected in their organizations, such as illegal P2P file sharing or employee-driven data-leakage.

4. How do you see Cloud Computing, virtualization, and Social Media affecting security in the coming months?
These are three very different topics, each with a different set of security issues surrounding them.

Cloud computing security will be the most vexing issue in the foreseeable future for two reasons. First, it will be vexing because the subject is so ill-defined. Second, because the fundamental essence of cloud computing is to trust your computing assets to “the network.” As soon as you begin to broadcast any of your bits to the internet, your security exposure goes up by several orders of magnitude. Much more attention will need to be paid to secure cloud computing in the future.

The juxtaposition of virtualization and security results in no new security issues, just more of the security issues we already know about. Virtualization is, at its core, about making the hardware boundaries more flexible so that you can run more “images” on the same amount of hardware. This means a proliferation of events to watch and an explosion of correlations to watch for.

Of the three topics mentioned, social media is the likeliest to be transformative. Social media is essentially a means of exposing fine-grained information about oneself, one’s assets, or one’s behavior. This implies a more fine-grained analysis of who has been granted what data, and in what context. The implication of this is that fine-grained authentication and authorization will be more important than ever.

5. Tell me what your most pressing security concern is over the next 1-2 years.
Providing people with the ability to comply with the suite of security and privacy laws around the world. With the major portions of the HITECH act coming into force this year in the US, and with federal penalties of up to $1.5M, my most pressing concern is being able to provide products to protect our customers. I have the same concerns for EU legal regimes.

6. How do you stay abreast of the latest market developments in your space? Shows, social media, RSS, etc.
Oddly enough, RSS via FireFox’s Live Bookmarks feature allows me to quickly scan the day’s news and to get up to date quickly on what is happening around the world. Using this feature, I can quickly scan 5 major newspapers (San Jose Mercury News, New York Times, Washington Post, Wall Street Journal, and USA Today) and 10-15 trade publications. I am a huge fan of CMO.com, from Adobe’s Omniture unit. To be honest, I do not get much information from Social Media. But that is another story for another time.

7. In closing, give us one idea you have about security that everyone should consider. Your “Golden Egg”, so to say.
While systems security is vitally important, security is not just about security products. It is about people, process, and products.

Several recent studies have shown that the greatest sources of security breaches are not from hackers or terrorists, but from people inside your organization. A holistic approach to security involves good systems monitoring, to be certain, but also involves making sure the right processes and people are in place as well.

_________________________________________________

Thank you for playing Bill!

For those of you who want to learn more about the people and process part of this equation, please view one of our archived Security Policy Webinars, courtesy of Erin Jacobs and Anue Systems. We also recommend you sign up for the next three so you can earn your certification in Security Monitoring Optimization!

ALIST: Johnnie Konstantas of Altor Networks

After our one-week hiatus from the ALIST series, we turn our attention back here to profile a key executive at Altor Networks. Johnnie Konstantas has a long track record of technical and marketing leadership success at leading companies such as Juniper Networks, CheckPoint, and most recently, Varonis Systems. Now, she leads the charge to market Altor Networks’ virtualization security products. Let’s get right to the interview…

Name: Johnnie Konstantas
Title/Role: Vice President of Marketing
Company: Altor Networks
Product Focus: Security for virtual data centers and clouds
Twitter Handle: @altornetworks

1. What is your company’s flagship product, and why is it important for security purposes?
Altor Networks’ flagship product is Altor VF – an industry first purpose-built firewall that offers comprehensive security of virtualized networks and the hypervisor. Now in it’s third major release, the Altor solution protects virtualized servers and the platform they run on from unwarranted access and malware without impacting throughput or virtualization’s scalability (i.e. vMotion, DRS).

2. What areas of security are most important to you professionally, and which do you enjoy working with most?
Virtual network and cloud security impact me most at the moment, since it’s my current charter to educate the market on the risks and mitigation strategies. After [having spent] 16 years in the market, there are a lot of areas which fascinate me, although I have to admit that, in this place I find myself now,  there is extreme gratification in seeding and educating a market on what you know to be imminent risks. You feel a little like Steve Carrell playing Noah in Evan Almighty, trying to convince the townspeople to come to the boat.

Evangelism: Explaining Virtualization Strategy Akin to Noah's Quandary

3. What is the most common security challenge you are brought in on to help fix on behalf of customers?
Restoring the virtual environment to a compliant or compliance-acceptable security posture is the biggest driver to Altor deployment at the moment. People virtualize their servers and then someone asks “How are we going to demonstrate access control enforcement and separation of duties?”

4. How do you see Cloud Computing, virtualization, and Social Media affecting security in the coming months?
Enterprises of all sizes are shifting their workloads to virtualized platforms in droves. When they do, the questions start flowing: How do I demonstrate compliance? How do I segment my resources? How do I control VM sprawl and mitigate security risks? There are available products and approaches, but the degree to which they preserve virtualization’s savings vary, so I suspect there will be a rush to educate and implement. To the extent that clouds may use virtualization as their platform, the net effect is the same. How do I protect my business and my customer’s assets?

[Companies need] corporate guidelines in play regarding what can be shared outside the firm via social media outlets, which largely requires that  people know the right thing to do. That effort is largely a focus on  building and “socializing” (pardon the pun) proper use policies.

5. Tell me what your most pressing security concern is over the next 1-2 years.
I worry that, in a rush to build green, efficient, data centers, well-intended folks who are short handed and following corporate mandates may shortchange security in the architecting of these new networks. I worry that my personal information maybe more at risk in the next two years than it is today.

6. How do you stay abreast of the latest market developments in your space? Shows, social media, RSS, etc.
All of the above. It is imperative to leverage the “groups” features of the various social media outlets so that you not only get the latest breaking stories, but for me as a marketeer, I need to understand what the prevalent attitudes are about a company, a market, a trend, etc.

7. In closing, give us one idea you have about security that everyone should consider. Your “Golden Egg”, so to say.
Assuming that you are using some sort of cloud service (and chances are good you are, i.e. Gmail, Hotmail, Salesforce), make sure you know what protects your piece of the cloud from someone else’s? What one measure, policy, or guarantee can the provider make to you?

ALIST: Rick Basile of Fortinet

Welcome to the third installment of our ALIST series. Today we offer you Rick Basile, the Senior Director of Technical Services for Fortinet.  We want to thank our friend Jennifer Leggio (@mediaphyter), Strategic Communications Director at Fortinet and Social Business blogger for ZDnet, for helping us arrange this interview with Rick.

Name: Rick Basile
Title/Role: Senior Director, Technical Services
Company: Fortinet
Product Focus: Entire security product portfolio
Twitter Handle: @fortinet

1. What is your company’s flagship product, and why is it important for security purposes?
Our flagship product is our FortiGate security appliance line, a hardware platform allowing enterprise companies to deploy multiple security applications, i.e. IPS, firewall, VPN, antivirus, and so on, in a more manageable security solution. Our consolidated security approach allows for a more secure, cost-effective, and easy-to-manage solution for our customers.

2. What areas of security are most important to you professionally, and which do you enjoy working with most?
Network perimeter based security; [which is] the ability to help corporations control access into their infrastructures, as well as controlling what intellectual assets and behaviors are allowed out of their infrastructures. This can be done with our FortiGate product line as a multifaceted security appliance, or our FortiMail secure messaging product, which allows for the mitigation of inbound SPAM and threats and also intelligent encryption of sensitive data leaving the infrastructure.

3. What is the most common security challenge you are brought in on to help fix on behalf of customers?
The most common security challenge for customers is looking for an enterprise-wide posture and policy. It’s my job to help them secure their infrastructures against internal and external threats. While our product set is all about the ability to consolidate, it does not minimize the need for a layered security policy. We help our customers determine where those layers need to be in the infrastructure.

4. How do you see Cloud Computing, virtualization, and Social Media affecting security in the coming months?
As more enterprises investigate leveraging cloud computing environments to store and manipulate their data, they have to be confident that these providers are ensuring the segregation and security of their data and resources from unwarranted access.  Beyond these basic concerns in choosing a cloud computing environment, I also have concerns around the ability of an enterprise to have confidence in their continued control of their intellectual property.  As an example, should an enterprise choose to leave one cloud computing vendor for another, how would they know that their data truly leaves with them?  What mechanisms are being put in place to guarantee the revocation of that data from a vendor’s cloud?

On the social media side, these social networks don’t just offer a security risk from malware exploits or unwanted access, they present risks on authenticity of information as well. Information mishandling is another concern against which companies need to protect.  As these social media outlets grow, it is becoming increasingly challenging to ensure that users are going to the authoritative owners of the data for their information.

5. Tell me what your most pressing security concern is over the next 1-2 years.
My most pressing concern is around people focusing more on being compliant than on being secure. Compliance is what drives a lot of buying cycles, but being secure should be first and foremost when they look at what they are going to deploy and how they are going to deploy it. Compliance is clearly important, but you have to make sure you are secure as well.

6. How do you stay abreast of the latest market developments in your space? Shows, social media, RSS, etc.
I spend a lot of time researching and working with our own research analysts and product and development teams. Most of what I do to stay abreast is working directly with customers in pre- and post-sales situations. I also get to spend a lot of time with analysts in the space, learning what they are hearing from their customers.

7. In closing, give us one idea you have about security that everyone should consider. Your “Golden Egg”, so to say.
When considering a security solution, ask yourself, “What are the assets you are trying to protect? What are you trying to accomplish?” Don’t get lost in trying to purchase a solution on name alone. Even though I work for a vendor, it’s my job to best position our product line to actually address customer needs. Determine your requirements and your needs, and work with the vendor that best matches your requirements.

ALIST: Jay Botelho of WildPackets

We hope you greatly enjoyed the first ALIST posting last week focused on Rob Andrews of Sonicwall. This week, we turn to a Product Management professional at WildPackets, Mr. Jay Botelho.  Enjoy!

Name: Jay Botelho
Title/Role: Director of Product Management
Company: WildPackets, Inc.
Product Focus:
Distributed network monitoring
Analysis and troubleshooting
Twitter Handle: @wildpackets

1. What is your company’s flagship product, and why is it important for security purposes?
WildPackets flagship product is the OmniPeek Distributed Analysis Suite, a combination of network probes and visualization software that provides real-time visibility into every part of the network simultaneously from a single console. OmniPeek provides the capability of capturing, analyzing and storing every packet on the network, providing both real-time monitoring for a broad range of security issues as well as providing the record of every network event, providing the very best data for true root cause analysis of security issues.You never have to “reproduce” a problem, or wait for it to happen again – all the proof you need is in the captured packets.

2. What areas of security are most important to you professionally, and which do you enjoy working with most?
Network forensics, using stored packet data to drill down and determine the root cause of a security issue, is what we enjoy speaking about the most. Personally I also enjoy and have a background in wireless security.

3. What is the most common security challenge you are brought in on to help fix on behalf of customers?
It isn’t so much a specific security challenge as it is the overall challenge of identifying exactly how a security breach or attack happened in the first place.  That’s what we’re most often called in to do.

4. How do you see Cloud Computing, virtualization, and Social Media affecting security in the coming months?
Both Cloud Computing and Virtualization can be thought of as enterprise security issues, and as such, I believe both are fairly well understood as to their security implications. Cloud computing will likely make tunneling protocols ever more popular, driving the need for better support for tunneling protocols in security solutions. Virtualization is already driving a new niche market for security products, like virtual firewalls, and this trend will continue for the next several years. Social media scares me far more than the other two, not because of the underlying network technology itself, but because of the way it is used. I already see a trend where corporate data is being shared by users of these systems, mostly with good intentions, but sometimes with bad. I see tremendous difficulty staying on top of such communication. It’s analogous to the market that sprung up in the last 2-to-3 years for monitoring corporate content through firewalls, like email content, email attachments, etc. to ensure the sensitive corporate data is adequately protected and contained. Now extend that to personal devices that are typically off the corporate network, and to communications that are often transmitted during non-work hours. Though sensitive corporate documents may not be as much at risk, musings about corporate strategy, trends, acquistions, layoffs, product plans, etc. make for interesting Twitter and Facebook posts. I’m not sure that enterprises have yet realized the risk, and once they do, they will be hard-pressed to find solutions in the short-term to address this type of security “breach”.

5. Tell me what your most pressing security concern is over the next 1-2 years.
I see increased network speed as being a real security concern, especially since the move to 10Gig seems to be in full swing now. Increased network speeds will not in and of themselves create security issues, but the increased data on 10Gig networks will significantly tax existing security solutions in terms of analyzing, reporting and addressing security issues. 10Gig networks will most likely cause a realignment of what is currently addressed in “real-time” analysis.

6. How do you stay abreast of the latest market developments in your space? Shows, social media, RSS, etc.
Web seminars (a.k.a. webinars) currently seem to be the best way to stay on top of market developments. Every company and every analyst seems quite willing to share their knowledge and insights on an extremely broad range of topics via web seminars. They are easy to attend and also make it very easy to multitask.

One outstanding golden egg could make them all turn to gold

7. In closing, give us one idea you have about security that everyone should consider. Your “Golden Egg”, so to say.
Most of the industry seems satisfied with security solutions that identify problems and alert administrators of their existence. The proliferation of IDS/IPS solutions seems to support this, but security solutions need to provide much more, including the discovery of the source of attacks, identification of ways to prevent similar attacks, and even the identification of the specific perpetrators. Network forensics based on packet capture, analysis, and storage provides the information needed to address all of these issues.

ALIST: Rob Andrews of Sonicwall

So let’s get this ALIST party started…

Name: Rob Andrews
Title/Role: System Engineer
Company: Sonicwall
Product Focus:
UTM Firewall
SSL VPN appliances
Email Security
Secure wireless

1. What is your company’s flagship product, and why is it important for security purposes?
The Sonicwall NSA E7500 is our enterprise class UTM (Unified Threat Management) Firewall.  It combines firewall, routing, IPS/IDS, gateway anti-virus, gateway anti-spyware, content filtering, IPSEC, and SSL VPN capabilities into one slim 1u chassis.  It’s the only appliance on the market that can deliver nearly 2 Gbps of UTM scanning at its price point.

2. What areas of security are most important to you professionally, and which do you enjoy working with most?
I suppose I am a bit biased, but I really enjoy working with my company’s products, but more specifically the Sonicwall NSA firewalls and SSL-VPN.  Building a secure network requires the basic building blocks – firewall and secure remote access.  Essentially, these devices are the gateway to your “kingdom,” and the network admin holds the “key”.

I find it gratifying in knowing that I control and safeguard access to my resources including where, when, and how; and I think a lot of other IT admins do as well.  Keeping undesirables off my network, whether it is due to access controls or threat prevention mechanisms (i.e. IPS), helps me sleep at night.  Sonicwall’s browser based management of the NSA line makes it super simple to configure firewall rules, intrusion prevention/detection policies, content filtering, and routing.  I find anyone that used to have to manage a PIX  falls in love with the simplicity and power of our GUI.

3. What is the most common security challenge you are brought in on to help fix on behalf of customers?

I have two common scenarios I’m engaged with.  Almost everyone knows they need a firewall to build a secure network, but how to decide on correct model, features, capacity, and functionality is where I assist.  There are a lot of 5+ year old firewalls installed out there that don’t meet the demands of today’s requirements, i.e. throughput, IPS, etc.

The other is when customers need to deploy a VPN solution.  Many folks are using an IPSEC solution for VPN access, and they’ve discovered that it doesn’t meet their evolving business needs for things like granular access control, end point interrogation, and browser-based access.  I find many customers have an idea of what they’d like for VPN access but aren’t entirely sure how to meet their requirements.

4. How do you see Cloud Computing, virtualization, and Social Media affecting security in the coming months?
I just had this debate internally with some colleagues.  Some are on the side that cloud infrastructures have more sophisticated individuals maintaining and looking at the security stack, while companies that house data internally have limited IT staff, so the “cloud” is therefore it is more secure.  On the other side of the fence, some argue that you are entrusting your data to a third party who may promise the world in security, but in the end, you have no real way of auditing what they are doing.  For most folks, it’s a balancing act.  If you have no idea what you are doing or how to properly secure your data (and possibly want someone else to blame when things go wrong), using cloud services is something you should consider.  If you’re on the opposite end of the spectrum…you have the tools and skill set…my recommendation is to approach cloud services with caution.

When it comes to virtualization, I’ve seen some folks take an interest in virtual firewalling.  I’d have to say this market is still relatively young and fits a certain niche of customers.  The issue with running a VM firewall is its overall performance.  If you are only using the VM firewall to do stateful inspection, it may not be such a big deal for you.  However, we know that most attacks are buried in the payload of allowed traffic. To do DPI (deep packet inspection) effectively, you need a dedicated UTM appliance so you can see reasonable levels of network performance.  We discovered long ago that x86 processors don’t scale well for UTM scanning.

With regard to Social Media, it is and will continue to be a source of malicious attacks and other threats.  I’m seeing more and more organizations restrict access to Web 2.0 sites with highly positive results, such as reclaiming network bandwidth and employee productivity.  We’ve already seen numerous issues with threats being propagated through Facebook, Myspace, and Twitter.  Anytime you have a place where you get a lot of traffic and information is easily and quickly distributed, there is room for the unscrupulous to take advantage.  This is part of the reason I limit my social networking consumption.  There are others, but that’s another story for another day.

5. Tell me what your most pressing security concern is over the next 1-2 years.
I have two concerns for your consideration.

The first how to get customers off old insecure technology.  I find far too many customers relying on antiquated, insecure, or (even worse) technologies that they believe are secure which, in fact, are not.  Unfortunately a lot of organizations are resistant to change, whether that be due to lack of expertise, laziness, budget, etc.  In the end, technology and threats evolve. You either keep pace, or you find yourself a victim or a target of attack.  For example, I recently worked with an organization that insisted on using WEP to secure their wireless infrastructure for hundreds of users.  Never mind the fact that WEP can be cracked in seconds by almost anyone.

Fallacy: Linux and Mac OS are inherently more secure than Windows

The other is what I would consider the “head buried in the sand” syndrome.  Too many individuals believe Linux and Mac operating systems are secure by default and don’t require any safeguarding.  Unfortunately, this myth is also further perpetuated by the media i.e. the Mac/PC commercials on TV. The worst part about this is the false sense of security it brings. Attacks and vulnerabilities have already been demonstrated against these systems.  While these platforms may not have as many vulnerabilities as Windows, they still have their own issues. As Mac continues to gain popularity, I’m confident we will be seeing more and more security issues for it.

6. How do you stay abreast of the latest market developments in your space? Shows, social media, RSS, etc.
For more “mainstream” type news, I use iGoogle and have about a dozen different gadgets that provide news feeds.  I also visit slashdot.org and hackaday.com on a daily basis, and  Sonicwall has an internal daily news bulletin with information from various sources that goes out to all employees. The folks over at insecure.org have a few different RSS feeds I subscribe to as well.

It’s almost alarming to see the rate at which vulnerabilities are discovered. If I want to read something on the plane, I’ll pick up a copy of Hakin9 or 2600.  Finally, I occasionally frequent sites like securitytube.net or the forums at remote-exploit.org.

7. In closing, give us one idea you have about security that everyone should consider. Your “Golden Egg”, so to say.
UTM should be on everyone’s checklist when it comes to firewall security.  There are far too many threats that are being propagated out there, because regular stateful firewalls are letting them through.  Securing your network is much more than closing ports, it’s also inspecting the allowed traffic through.  The best analogy I can use is a trip to the airport.  Would you let everyone that holds a boarding pass through security?  Or would you want to scan the payload of the passengers to ensure nothing malicious was brought on board?  Of course, we all know the answer there. This same approach needs to be taken for your network.

___________________________________________________________________

The Anue Systems Team wants to thank Mr. Andrews for jumping in as the first ALIST-er. We are still accepting requests to take part in this program from qualified technical sales / SE professionals at leading security tool vendors. If you wish to be considered for inclusion, please contact Tommy Landry at tlandry (at) anuesystems (dot) com.