Monday, April 11, 2016

Blueprint: Endpoint Visibility in the IoT

A Five-Step Action Plan for Securing the Network in the Age of IoT

by Tom Kelly, CEO, AccelOps

A report from BI Intelligence projects that Internet of Things (IoT) deployments will create $421 billion in economic value for cities worldwide in 2019. Cities will enjoy benefits such as improved traffic flow, a reduction in air pollution and better public safety.

This is just one example of the advancements the IoT will bring to all sectors. However, along with all the positives comes the negative of heightened security concerns. The IoT represents a proliferation of endpoints such as has never been experienced, and at a stunning rate.

All these endpoints are creating pinholes across the enterprise security landscape. It is clear that the malicious intent of hackers has not only increased, but it has become more creative. The reality is that the IoT is changing everything, especially cyber security, and without the proper tools, it is nearly impossible to know what is connecting to your network.

The IoT’s Dark Side

Smart devices have proven to be a double-edged sword. While delivering greater work efficiencies, they also offer more inroads for crime. By using connected devices that are agentless, malicious actors are able to gain access to corporate networks and may not be discovered until after an attack.

To add to the problem, the vendor landscape has become more complex. CISOs now must extend their security monitoring policies and procedures to incorporate every supplier and vendor in the supply chain, no matter how benign their products might seem to network security.

A real-world example will serve to drive the point home. A major carrier recently suffered a breach, resulting in hackers posting 300,000 customer records online. Imagine the look on the CEO’s face when he learned that the data was stolen from a third-party marketing firm involved in the carrier’s supply chain. Smart CISOs and CIOs must look to implement vendor risk management processes as part of their own operational security reviews before they find themselves facing an angry board of directors who are looking for answers as to how the latest breach occurred.

Five Recommendations for Today’s Network Security

Security, availability and compliance have become inextricably linked as a result of the hyper-connected world of cloud-based apps, sensors and mobile devices. More importantly, if you can’t see it, you can’t protect it, so before proceeding, be sure you know what is connecting to your network.

Here are five recommendations to manage the corporate IoT environment.

1. Analyze and measure it to fix it. Turn to real-time network topology monitoring and best practices to improve correlation accuracy. Best-of-breed solutions incorporate rich analytics collection and cross-correlation along with third party big data analytics tools to help network and security operations personnel apply methods that are faster and more accurate. If you can’t measure it, you can’t fix it.

2. Analyze root causes and cross-correlate. It’s no longer good enough to simply monitor your network. Today’s security challenges require that network operations and security operations work together to ingest all meaningful data for analysis. Gone are the days of keeping technology domains in silos. Correlate across security, availability and performance for events, logs and configuration files. By pulling together all available network data, it is possible to turn data collection into a weapon against hackers and create actionable information that provides a mechanism for improved root cause analysis.

3. Compare intention to behavior. Network forensics will be easier if you map user identities, locations and behaviors. Look for solutions that help ingest more than just an event, but also correlate performance, log and security data. Additionally, by looking at user IDs, locations and behavior patterns, you can determine if the user connecting to the network through proper login and password entries is authorized or is a malicious actor with stolen credentials.

4. Use visual analytics to describe security health. Does upper management understand what has happened after a breach? With accountability moving down the chain of command, it is more important than ever to use the language of the business stakeholder. Communicate issues so that business people understand how IT affects the health of the business.

5. Manage compliance for audits proactively. Look for solutions that report across common compliance frameworks such as PCI, ITIL, COBIT, SOX, HIPAA etc. No matter your industry, establish a compliance posture for formalized management and gain a deep understanding of how compliance failures may affect your organization, looking beyond the revenue impacts and potential for fines, plus embarrassing media exposure, to things like impact on brand, reputation, trust with customers, supplier relationships and employee productivity.

Keeping IoT Devices in Check

There’s no practical way around IoT devices connecting to the network. These devices provide the promise of many new and useful tools in their ability to perform business better and to predict unforeseen risks. Where you have identified the needs for IoT devices in your organization, insure you fully understand the risk benefit analysis, before deploying them. Methodologies such as Synthetic Transaction Monitoring can help you safely identify what the baseline behavior, or “normal” functionality, is as well as expected behaviors for how it should interact with other devices, and applications in the network.

Like any vulnerable and protected resource, it is important to insure these devices are kept behind trusted firewalls and, as with any device in your network, constantly monitor them for changes against normal. Other best-practice methods include establishing a “multi-tenant” reporting environment consolidating and isolating IoT devices into a unique and highly granulated reporting domain.

About the author

Tom Kelly is a technology industry veteran, having led companies through founding, growth, IPO and strategic acquisition. He has served as a CEO, COO or CFO at Cadence Design Systems, Frame Technology, Cirrus Logic, Epicor Software and Blaze Software.  Tom led successful turnarounds at Bluestar Solutions, MonteVista Software and Moxie Software, having served as CEO in repositioning and rebranding the companies in advance of their new growth. He serves on the Boards of Directors of FEI, Fabrinet, and ReadyPulse.  Tom is a graduate of Santa Clara University where he is member of the University’s Board of Regents.

Got an idea for a Blueprint column?  We welcome your ideas on next gen network architecture.
See our guidelines.

Dell SecureWorks Sets IPO

SecureWorks, a provider of information-security services based in Atlanta, announced its initial public offering of 9,000,000 shares of its Class A common stock. The initial public offering price is expected to be between $15.50 and $17.50 per share.

SecureWorks will trade on the NASDAQ Global Select Market under the symbol “SCWX.”

Some background notes on the company:

  • Dell acquired SecureWorks in 2011.
  • Claims 4,200 clients worldwide.
  • Generates revenue from managed security and threat intelligence solutions through subscription-based arrangements, as well as revenue from security and risk consulting engagements through fixed-price or retainer-based contracts. 
  • Total revenue was $339.5 million in fiscal 2016, $262.1 million in fiscal 2015 and $205.8 million in fiscal 2014, for annual growth of 30% and 27%, respectively. 
  • Incurred net losses of $72.4 million in fiscal 2016, $38.5 million in fiscal 2015 and $44.5 million in fiscal 2014. 
  • Headed by Michael R. Cote
  • Total of 2,47 employees

IDC: Worldwide Cloud IT Infrastructure Spend Grew 21.9% in 2015

Vendor revenue from sales of infrastructure products (server, storage, and Ethernet switch) for cloud IT, including public and private cloud, grew 21.9% year over year to $29.0 billion in 2015, according to a new report from IDC.

"The cloud IT infrastructure market continues to see strong double-digit growth with faster gains coming from public cloud infrastructure demand," said Kuba Stolarski, Research Director for Computing Platforms at IDC. "End customers are modernizing their infrastructures along specific workload, performance, and TCO requirements, with a general tendency to move into 3rd Platform, next-gen technologies."

Some highlights:

  • Compared to overall IT infrastructure spending, the share of cloud IT infrastructure sales climbed to 32.2% in 4Q15, up from 28.6% a year ago. 
  • Revenue from infrastructure sales to private cloud grew by 17.5% to $3.3 billion, and to public cloud by 14.6% to $4.9 billion. 
  • In comparison, revenue in the traditional (non-cloud) IT infrastructure segment decreased 2.7% year over year in the fourth quarter, with declines in all three technology segments (server, storage and Ethernet switch).
  • All three technology markets showed strong year-over-year growth in both private and public cloud segments, except for storage in the public cloud, which declined 4.0% in 4Q15 on a difficult compare with a very strong quarter in the prior year. 
  • Private cloud growth was led by Ethernet switch with 19.6% growth. In public cloud, Ethernet switch led the way with 56.9% year-on-year growth, while public cloud revenue from server grew 28.9% year on year in 4Q15. For the full year, server revenue in private cloud grew by 23.0% year on year, while Ethernet switch revenue in public cloud grew by 36.6% during the same period.

SmartSky Picks Brocade + VMware for NFV Capabilities

SmartSky Networks selected Brocade and VMware to supply the pre-certified network functions virtualization (NFV) capability for its air-to-ground broadband network. SmartSky's new Air-to-Ground, pan-US network network connects more than 250 cell sites strategically placed across the continental U.S.

SmartSky is deploying the Brocade Virtual Evolved Packet Core (vEPC) running on VMware vCloud NFV. The network will deliver differentiated services for different types of customers.

“We are building SmartSky’s network from the ground up, enabling us to rethink how a cross-continental air-to-ground network such as this should be built,” said David Claassen, Vice President of Network and Service Architecture at SmartSky. “As we worked through the design, it became clear that using an NFV approach and leveraging commodity hardware for the underlying physical fabric would deliver the best ROI while increasing our service-ability and reducing many of the operational headaches common with traditional hardware-based networks. Brocade and VMware are delivering a combined NFV solution that will help us accelerate our delivery of this unique service offering.”

Brocade said its full-function vEPC features independent slices of control, data and session management capabilities. The vEPC provides seamless data service across the continent while eliminating redundant functionalities and internode dependencies.

“Brocade and VMware have collaborated for years as NFV partners, driving performance, scalability and life-cycle management for network functions to customers such as SmartSky,” said Nishi Kant, vice president of mobile networking, Brocade. “Stability, ease of deployment and ongoing management of the Brocade vEPC solution are recurring themes in our customer deployments, and certification of the Brocade vEPC as VMware Ready for NFV gives customers confidence in the interoperability of our NFV platforms.”

SanDisk Brings 12 Gbps to InfiniFlash for Data Centers

SanDisk introduced its InfiniFlash IF150 system featuring upgraded 12Gbps SAS connectivity and the same massive capacity for big data and hyperscale workloads.

The IF150 system delivers up to two million raw IOPS and consistently low latency, the IF150 system supports demanding workloads by addressing scalability and availability challenges. It offers up to half a petabyte (512 terabytes) of flash storage in one 3-rack-unit (3U) system and can directly connect up to eight off-the-shelf-servers.

SanDisk cites a $1 per GB price point for raw flash.  Compression and de-dupe capability in storage software (available from SanDisk InfiniFlash ecosystem partners) can further reduce the effective price per GB.

“Since its launch, the game-changing performance and economic benefits of the InfiniFlash System have been recognized by customers—from data centers in research institutions doing big data analytics to web providers, hyperscalers and video streaming companies who manage data on a massive scale, and more,” said Ravi Swaminathan, vice president and general manager of systems and software solutions at SanDisk. “With our new IF150 system, we have pushed the performance even further, while at the same time delivering massive-scale storage at a price point that makes business sense.”

DragonWave and Mitel Target 5G

DragonWave and Mitel are collaborating on 5G technology development.

Mitel, which supplies network function virtualization (NFV) mobile solutions, will contribute software and mobile network expertise to the project. DragonWave will contribute all outdoor networking expertise combined with small cell-focused and high-capacity, spectrally-efficient packet wireless backhaul solutions.

"Enabling increased coverage in both dense urban and rural environments while supporting the thrust for virtualization drives the need for new relationships," said Peter Allen, President and CEO, DragonWave. "We are pleased to work closely with Mitel who has both scale and a common customer base. We share a focus to bring innovative solutions to the 5G mobile market."

"5G opens the door to a fundamental new way to architect mobile networks, including increased integration between access and backhaul components and smaller cell sizes, where an integrated solution becomes more critical," said Pardeep Kohli, President of 5G Cloud Connectivity, Mitel. "This collaboration enables an integrated 5G solution set that will be easier to deploy, optimize and maintain."