Security Forecast 'Cloudy' at Interop LV 2010: Page 2
E-mail-related cloud services were especially popular at Interop this year, with emphasis on making secure e-mail more scalable and manageable. For example:
- AppRiver earned a Best of Interop nomination for its Akamai-optimized Microsoft Exchange Service a refinement to this provider's popular Secure Hosted Exchange service which cuts average download time from 80 to 20 seconds. AppRiver baked SecureTide spam filtering and anti-virus into its basic hosted e-mail service not only to benefit customers, but to reduce storage requirements. Optimizing delivery with Akamai now makes this service more reliable and attractive to mobile users turned off by poor performance.
- Astaro announced a new Mail Archiving Service (now in beta), which makes it easier for companies to meet regulatory requirements by offloading long-term e-mail archival into Astaro's cloud. All messages are immediately transferred to the archive, stored in encrypted format, and available for discovery purposes. By using a cloud-based service, employers can control e-mail retention and ensure compliance, without buying or managing petabytes of on-site storage.
Of course, clouds weren't the only topic at this year's Interop. Several major security product announcements dealt with visibility or lack thereof. New technologies often introduce risk because they bypass traditional defenses, impeding our ability to monitor and inspect (much less control) what's happening.
For example, virtualized servers, desktops, and switches make it difficult to inspect traffic exchanged between logical environments residing on the same physical system. But TippingPoint's new vController (Best of Interop in the Security category) lets you scrub virtual machine (VM) traffic using a traditional TippingPoint Intrusion Prevention System. By making it possible to visualize, inspect, and control traffic flows between physical and virtual systems in exactly the same way, TippingPoint can eliminate blind spots otherwise introduced by virtualization.
Security Information Management (SIM) also attempts to restore visibility by aggregating and analyzing events logged throughout a network. But SIM has gotten a bad rap as a promising concept that often proves too expensive. TriGeo hopes to change that. The TrioGeo SIM doesn't gather logs it uses native feeds to collect live events, correlate them in real-time, and take corrective action (e.g., disabling offending NICs). Although TriGeo blurs the line between SIM and IPS, this turn-key appliance could help midmarket admins avoid overflowing unread logs and too-little-too-late mitigation.
Astaro's RED takes a unique approach to restoring remote office visibility -- it eliminates challenges commonly posed by ROBO firewalls by eliminating them. There's nothing to configure or watch because RED Ethernet extenders forward everything over a self-configured SSL tunnel to a head-end UTM (which can be any Astaro firewall). By bridging remote devices onto a central LAN, all packets (including those bound for the Internet) flow through a single point of control and visibility. Bonus: the $300 RED doesn't require annual UTM subscriptions or maintenance agreements.
Flying on auto-pilot
Sometimes, poor visibility results in loss of service. To this end, Cisco took a whack at automated RF interference mitigation by introducing the Aironet 3500 Series AP with CleanAir Technology. The premise: mission-critical mobile applications require self-healing WLANs. Cisco's solution: using AP-embedded, ASIC-based spectrum analysis to monitor, identify, classify, and map RF interference sources, determine their impact, and adjust WLAN settings as needed to maintain availability and performance.
According to Chris Kozup, Senior Manager of Mobility Solutions, Cisco ran beta tests at over 30 customer sites before releasing CleanAir (Best of Interop in the Wireless/Mobile Category). Those most likely to benefit include retail, manufacturing, and education venues that have little control over nearby RF devices, but where WLAN applications simply can't go down. "Retailers don't want to become a demo center for Amazon.com they need to engage you quickly, get your credit card number, and make the sale," he said. "That requires a robust WLAN as a foundation."
The key to automated mitigation, said Kozup, is a measured approach. "First, you need 100 percent clarity on what's out there you can't make the right decision without that, and people need to trust the system to make good choices," he explained. When CleanAir changes a channel to avoid interference, that channel won't be selected again for any other AP for a while to avoid flapping. The system also fingerprints and tracks interferers to help WLAN operators find and permanently eliminate trouble-makers.
Mitigating mobile threats
At this year's Interop, WLANs went quietly mainstream; exhibitors were largely those offering both wired and wireless infrastructure (e.g., Cisco, D-Link, Enterasys, Seimens, SMC). However, the same can't be said for mobile wireless clients. Safe-but-productive ways to fold smartphones and their applications into enterprise networks was a major topic of debate, both on the exhibit floor and during conference sessions.
Alex Wolfe, Editor-in-Chief at InformationWeek, kicked off his Mobile Security panel by stating "When it comes to deploying enterprise apps on smartphones, security is the elephant in the room. Comprehensive security must do more than simply wipe a device."
Jay Barbour, Security Advisor with RIM's BlackBerry Security Group, observed that smartphone shipments will outpace PCs by 2013, becoming a primary enterprise computing device. To navigate this shift safely, enterprises must address today's failure points: uncontrolled downloads, poorly-protected operating systems, devices vulnerable to physical threats, users with administrative privileges, and weak encryption. To mitigate these, Barbour recommended app sandboxing, hardware-based signature verification, tamper-proof policies, and phones with strong elliptical curve encryption and self-wipe. "But don't just look for checkbox support; ask how well is it implemented?" he said.
David Perry, Global Director of Education at Trend Micro, said "Every year, computing systems get faster, smaller, more connected, and more mobile." Although researchers find more than 100,000 new pieces of malware each day, most are still written for Windows. "The main advantage we have right now is that no one [mobile] OS is dominant it's too hard for bad guys to write malware for everything," he said. "But think your mobile devices are safe? Think again."
Perry warned that mobile attacks, when they take off, are likely to be different. "I dont think were going to see [many] viruses and rootkits on mobile devices," he said. Instead, attackers will exploit always-on connectivity in ways that users won't even notice. For example, Perry described an attack on NTT DoCoMo phones that overwhelmed Tokyo's 911 service for six hours.
Khoi Nguyen, Group Product Manager for Mobile Security at Symantec, warned that smartphone consumerization and app downloads may be a tipping point for mobile attacks. "Smartphones are the hackers next destination," he said. "The biggest risk today is about data loss and theft, not malware. But we do see malware data attacks being propagated already, like snoopware, pranking4profit, and SMS spam."
Given these trends, Nguyen argued that all endpoint needs to be secured including mobile devices. "Back in the 90s, most enterprises didnt centrally manage and secure PCs, but today its a basic requirement. On the smartphone side, were where we were 15 years ago. We need to secure and manage smartphones through their entire lifecycle, and we shouldnt be creating separate management frameworks just for mobile."
Ryan Naraine, Senior Security Evangelist at Kasperksy Lab, said that asking users to lock down and use their own smartphones safely is an exercise in futility. "User education never works on the PC side, its been proven that it doesnt work," he said. But Nguyen disagreed, stating "User awareness is still a key part of the overall solution, because social engineering is one of our biggest problems."
Make it work
Interop is always a great place to learn about new network hardware, software, and services, and to hear about how others are using them. But a secure network whether a traditional private, dedicated, on-premise deployment or some new virtualized cloud service involves more than technology and infrastructure. In the end, security must be accomplished through policies, practices, and people. At Interop LV 2010, attendees got a chance to see how the latter must adapt to safely use tomorrow's networks.
Lisa Phifer owns Core Competence, a consulting firm focused on business use of emerging network and security technologies. A 28-year industry veteran, Lisa enjoys helping companies large and small to assess, mitigate, and prevent Internet security threats through sound policies, effective technologies, best practices, and user education.