Showing posts with label Cyber Security. Show all posts
Showing posts with label Cyber Security. Show all posts

Monday, June 8, 2015

Cisco Targets "Security Everywhere," Intros Firepower 9300

Cisco is rolling out a "Security Everywhere" initiative aimed at embedding security throughout the extended network – from the data center out to endpoints, branch offices, and the cloud. The goal is pervasive threat visibility and control for enterprises and service provider networks. To get there, Cisco is adding more sensors to increase visibility; more control points to strengthen enforcement; and pervasive, advanced threat protection to reduce time-to-detection and time-to-response, limiting the impact of attacks.

Cisco is launching the following set of solutions across the entire networking portfolio:

Endpoints: With Cisco AnyConnect Featuring Cisco AMP for Endpoints, customers using the Cisco AnyConnect 4.1 VPN client now can easily deploy and significantly expand their threat
protection to VPN-enabled endpoints to continuously and retrospectively guard against advanced malware.

Campus and Branch: FirePOWER Services solutions for Cisco Integrated Services Rou
ters (ISR) provides centrally managed Next-Generation Intrusion Prevention System (NGIPS) and
Advanced Malware Protection (AMP) at the branch office integrated in the network fabric, where dedicated security appliances may not be feasible.

Network as a Sensor and Enforcer: Cisco has embedded multiple security technologies into the network infrastructure to provide broad threat visibility to rapidly identify users and
devices associated with anomalies, threats and misuse of networks and applications. New capabilities include:

o Broader Integration between Identity Services Engine (ISE) and Lancope StealthWatch: Enterprises can go beyond just mapping IP addresses to identifying threat vectors based
on ISE’s context of who, what, where, when and how users and devices are connected and access network resources. This provides greater contextual threat visibility with
StealthWatch for accelerated identification of threats.

o NetFlow on Cisco UCS: Extending Cisco’s network-as-a-sensor capabilities to the physical and virtual servers, customers now have greater visibility into network traffic
flow patterns and threat intelligence information in the data center.

Using the new embedded security capabilities, Cisco networks now have the ability to automate and dynamically enforce security policies. Customers can segment applications and
users throughout the network – across the extended enterprise to use policy to define which users can get which applications and what traffic can traverse the network then automate
security operations.

o TrustSec + ISE and StealthWatch Integration: StealthWatch can now block suspicious network devices by initiating segmentation changes, providing rapid response to identified
malicious activity. ISE can then modify access policies for Cisco routers, switches, and wireless LAN controllers embedded with TrustSec technology.

Hosted Identity Services provide a secure, 24/7, cloud-delivered service for the Cisco Identity Services Engine, a security policy management platform that unifies and automates secure
network access control. The new hosted service speeds time to deployment, supporting business growth and providing role-based, context-aware identity enforcement of users and devices permitted on the network, streamlining enterprise mobility experiences.

pxGrid Ecosystem: Eleven new partners have joined the pxGrid Ecosystem with the addition of several new ecosystem technology categories, including cloud security and network/application performance management. pxGrid is Cisco’s security context information exchange fabric that enables security platforms to share information to drive better threat detection, mitigation and overall security operations.

Cisco is also expanding advanced threat-centric protection for its Evolved Programmable Network (EPN), which is its open network architecture designed to advance the adoption of Software Defined Networking (SDN) and Network Functions Virtualization (NFV). Cisco’s new service provider security solutions include the following:

Cisco Firepower 9300 Integrated Security Platform is a carrier-grade, high-performance, scalable and modular multi-services security platform purpose-built for service providers, that
can scale security for increased data flows due to accelerated service demands and carrier class requirements.

Expanded Advanced Orchestration and Cloud Capabilities enable Cisco’s new security solutions to integrate with the Cisco architecture and third-party SDN/NFV solutions, as
well as Cisco’s Adaptive Security Appliance Virtual (ASAv) with Cisco’s Network Service Orchestrator (NSO) and Application-Centric Infrastructure (ACI). These orchestration and cloud capabilities also include open APIs for integration with orchestration, Operation Support Systems/Business Support Systems, and Cloud Security-as-a-Service solutions.

• Advanced features such as secure containers to accommodate future security services and applications. Additionally, Cisco ASA firewall and third-party DDoS mitigation from Radware
are currently supported, with additional capabilities planned for the second half of 2015.

http://www.cisco.com

Gigamon and JDSU Develop Software-Defined Traffic Visibility

JDSU is developing closed loop integration plugins that support Gigamon’s Software Defined Visibility, a framework that allows customers, security and network equipment vendors, as well as managed service providers, to control and program Gigamon’s Visibility Fabric via REST-based APIs.

There are several use cases in which JDSU plans to utilize Software Defined Visibility:


  • Session-based Filtering – JDSU will take advantage of Gigamon’s Adaptive Packet Filtering capabilities to dynamically drop unwanted ‘streaming’ traffic such as Netflix or YouTube, thereby reducing the demand on monitoring appliance storage capacity.
  • IPv4 and IPv6 Traffic Filtering – As more networks begin deployment of IPv6 along with legacy IPv4 infrastructure, JDSU expects customers will need to selectively filter v4 and v6 traffic. Leveraging the intelligent filtering of the Gigamon Visibility Fabric, network administrators can rest assured knowing that they have comprehensive visibility and a future-proof path to simplify IPv6 adoption without creating new blind spots.
  • Reduce ‘Mean Time To Resolution’ – To assist with faster diagnosis of traffic anomalies, the ability to enhance captured packets that are subsequently stored on JDSU’s GigaStor appliances will improve diagnosis accuracy and focus. Through the addition of Gigamon’s “Flow Mapping” meta-data and “network neighbor” discovery information, Network Operators will be able to evaluate network incidents more effectively and isolate issues to specific segments of the network infrastructure.

“We are excited to be working with Gigamon to integrate with APIs that support Software Defined Visibility,” said Charles Thompson, senior director, Product Line Management for JDSU. “With this integration, we envision a multitude of possibilities where our customers can automate traffic visibility, so that they can focus their resources on other mission-critical activities.”

“Having partners like JDSU on board and adopting our recently released APIs accelerates our Software Defined Visibility market momentum,” said Ananda Rajagopal, VP of Product Line Management at Gigamon. “Not only is JDSU at the forefront of adoption, they are validating the market need for pervasive and active visibility. Their API-based development demonstrates the true power and flexibility that a programmatic framework can provide to quickly and automatically react to changes in network conditions.”

Gigamon's GigaVUE-FM 3.0 Fabric Manager offers a single pane-of-glass view of both physical and virtual nodes across the Visibility Fabric, while providing a wizard-based approach for configuring Flow Mapping and GigaSMART traffic policies. A single instance of GigaVUE-FM can manage hundreds of visibility nodes across multiple locations delivering more than a quarter of a million physical and virtual ports. Flow Mapping is a patented technology at the heart of Gigamon’s GigaVUE Visibility Fabric nodes that takes line-rate traffic at 1Gb, 10Gb, 40Gb or 100Gb from a network TAP or a SPAN/mirror port (physical or virtual) and then optimizes flows based on individual traffic profiles of the tools and applications that secure, monitor, and analyze the network infrastructure.

http://www.gigamon.com

Menlo Security Raises $25 million for Isolation Platform

Menlo Security emerged from stealth to unveil its Isolation Platform, a new technology that eliminates the threat of malware from key attack vectors, including Web and email.

The solution does not use endpoint software. Instead, the Menlo Security Isolation Platform isolates and executes all Web content in the cloud and away from the endpoint. It uses patent-pending, clientless rendering technology, Adaptive Clientless Rendering (ACR), to deliver a non-executable, malware-free copy of the user’s session to their native browser, creating a transparent user experience.

The Menlo Security Isolation Platform is available now as a public cloud-based service or as a virtual appliance for on-premise deployment. The Platform is compatible with any hardware (desktop, laptop, tablet, smartphone), any OS (Windows, MacOS, iOS, Android) and any browser (IE, Chrome, Safari, FireFox).

Menlo Security also announced $25 million in Series B funding, led by new investor Sutter Hill Ventures and joined by existing investors General Catalyst, Osage University Partners and Engineering Capital.

“Organizations and individuals should be able to interact online without the fear of being compromised,” said Amir Ben-Efraim, co-founder and CEO of Menlo Security. “By focusing on ease of deployment and a seamless user experience, the team at Menlo Security has reinvented isolation as a highly usable and scalable front line of defense against malware.”

Prior to emerging from stealth, Menlo Security in November 2014 announced $10.5 million in Series A funding to reinvent security. The new round of financing brings the total company funding to $35.5 million. Additionally, Stefan Dyckerhoff, managing director at Sutter Hill Ventures, is joining the Menlo Security’s board of directors.  

http://www.menlosecurity.com

Sunday, June 7, 2015

Intel Security and VMware Introduce SDN-powered IPS

Intel Security and VMware introduced an SDN-based Intrusion Prevention services (IPS) solution for the protection of east-west traffic within the data center.  The security solution leverages the VMware NSX network virtualization platform to automate the distribution and enforcement of Intel Security’s McAfee Network Security Platform (NSP), providing Intelligent.

The idea is to extend the services inside the data center that Intel Security provides for north-south traffic at the perimeter of the data center.

The new integrated solution includes the McAfee NSP IPS-VM100-VSS (a new IPS-VM Series model designed for interoperability with VMware NSX), McAfee Network Security Manager, Intel Security Controller and VMware NSX network virtualization platform. The Intel Security Controller transparently runs as a broker between the VMware NSX infrastructure and the Intel Security’s McAfee NSP.  IPS protection can be dynamically and automatically provisioned to help protect intra-VM traffic based on the defined policies and requirements

“The McAfee NSP takes advantage of the VMware NSX platform’s distributed micro-segmentation enforcement and simplified automated provisioning, creating a zero-trust environment to automatically help protect organizations’ assets against advanced threats,” said Raja Patel, General Manager for the Network Security Business Unit, Intel Security.

"The tight integration between VMware NSX and Intel Security’s McAfee NSP means security controls follow application workloads, allowing customers to dynamically scale security services,” said Tom Corn, Senior Vice President, Security Products, VMware.

http://www.intelsecurity.com
http://www.vmware.com

Friday, June 5, 2015

Massive Data Breach Raises Questions about Perimeter Defense

The U.S. Office of Personnel Management (OPM) confirmed details of a massive data breach potentially impacting the personal records of 4 million current and past employees of the U.S. government.

OPM said it became aware of a cybersecurity intrusion affecting its information technology (IT) systems and data in April 2015 while it was in the process of updating its cybersecurity posture, adding tools and capabilities to its various networks.

Media reports attributed the attack to a Chinese state-backed hacker group known as “Deep Panda”, although both the OPM and FBI declined to comment on the specifics. Media reports also suggest that the stolen data was not encrypted.

The OPM network is believed to have been protected by the second generation intrusion detection and prevention system, known as EINSTEIN 2. A planned upgrade to EINSTEIN 3, which will be integrated as a Managed Security Service with leading Internet Service Providers (ISP), is being accelerated so as to cover all government network by the end of 2016.

Outside commentators noted that relying on a perimeter IDS, even one benefiting from signatures captured by national security agencies, may be an insufficient strategy for 2015 and beyond, compared to other solutions emphasizing network visibility for advanced persistent threats. A Bloomberg story posted Michael A Riley quotes a senior fellow in cybersecurity at the Center for Strategic and International Studies in Washington as saying Einstein 3 is already obsolete and that the commercial security industry moving away from this type of perimeter defense.

http://www.opm.gov/
http://www.fbi.gov
http://www.whitehouse.gov
http://en.wikipedia.org/wiki/Einstein_%28US-CERT_program%29
http://www.bloomberg.com/news/articles/2015-06-06/china-hackers-got-past-costly-u-s-computer-security-with-ease

Thursday, June 4, 2015

NTT Com Develops Multi-homed anti-DDoS

NTT Communications is testing an enhanced DDoS orchestrator system to detect, analyze and defend against distributed denial of service (DDoS) attacks. The pilot system was constructed by multiple security companies, including Arbor Networks, A10 Networks, and Radware Ltd. The user organizations include EHIME CATV Inc., INTERNET MULTIFEED Co., Interop Tokyo 2015 ShowNet, mixi Inc. and OKIT CORPORATION, among others.

NTT Com said its trial will test the operability of unique channel-control technology developed by NTT Com to minimize the negative effects, such as delays in normal communications, of implementing a DDoS defense. The testing environment incorporates NTT Com's unique channel-control technology (patent pending), which reports the Internet routes used by specific traffic and enabling traffic from a DDoS attack to be routed to optimized points in NTT Com's Global IP (GIP) and domestic OCN networks for Internet connection. The attacker's specific traffic is drawn to the system's DDoS defense devices, whereas normal communications experience only minimal delays.

NTT Com is Japan's first communications provider to conduct a multihomed anti-DDoS service that would be available to all companies using or providing Internet services.

http://www.ntt.com/aboutus_e/news/data/20150604.html

Tuesday, June 2, 2015

AccelOps Builds Threat Intelligence into its Actionable Security Platform

AccelOps, a start-up based in Santa Clara, California, introduced threat intelligence capabilities for its integrated IT and operational visibility platform.


The existing AccelOps virtual appliance software monitors security, performance and compliance in cloud and virtualized infrastructures on a single screen. It automatically discovers, analyzes and automates IT issues in machine and big data across organizations’ data centers and cloud resources, spanning servers, storage, networks, security, applications and users.


A new Threat Intelligence Center for the platform offers a "Content as a Service” (CaaS) capability to aggregate, validate and share anonymous threat data gathered from the AccelOps customer base, providing benchmark and threat detection intelligence to customers in real time. Also included are additional device support, rules updates, reports and other knowledge bases. AccelOps features an open API that allows users to integrate any public or private threat feed into the AccelOps database and cross-correlate it with their own network and security data. It also supports a Workflow Integration API that creates bi-directional workflow integration into leading IT service management and ticketing solutions, including ServiceNow and Connectwise.

“As a leading provider of threat and operational intelligence, our main objective is to deliver the tools our clients need to stay ahead of the encroaching end point data infiltrating today’s modern data center. These enhancements extend the capabilities of our threat intelligence, providing our customers with even greater insight into the health, security and management of their networks,” stated Dan Maloney, vice president of marketing and business development, AccelOps.

http://www.accelops.com


Wednesday, May 27, 2015

Palo Alto Networks Posts Sales of $234.2 million, up 55% YoY

Palo Alto Networks reported record revenue for its fiscal third quarter 2015 of $234.2 million, up 55% compared with $150.7 million for the fiscal third quarter 2014. GAAP net loss for the fiscal third quarter 2015 was $45.9 million, or $0.56 per diluted share, compared with GAAP net loss of $146.6 million, or $1.96 per diluted share, for the fiscal third quarter 2014.

"We reported record revenue in the fiscal third quarter 2015 as we continue to expand market share with growth rates that significantly outpace the market. Our ongoing success is due to our natively integrated and highly automated enterprise security platform that delivers prevention capabilities at every step in the cyber-attack lifecycle," said Mark McLaughlin, president and chief executive officer of Palo Alto Networks.

Steffan Tomlinson, chief financial officer of Palo Alto Networks, commented, "Year-over-year revenue growth of 55 percent was driven by new customer acquisition and expansion in existing accounts, resulting in substantial growth across all three components of our business: product, recurring subscription and support. At the same time we continued to realize the leverage inherent in our ramping hybrid-SaaS model, delivering sequential and year-over-year expansion of non-GAAP operating margin, non-GAAP earnings per share, and cash flow from operations."

http//www.paloaltonetworks.com

Tuesday, May 19, 2015

Skyport Unveils its Hyper-Secured Servers

Skyport Systems, a start-up based in Mountain View, California unveiled its "hyper-secured" server architecture for delivering trusted computing and policy enforcement at the application edge.

The SkySecure System enforces policy on hosted workloads without software agents or network changes. The architecture tightly integrates the components of multiple security appliances that were not designed to work together, reduces the threat surface by removing physical attack vectors and implements Intel's Trusted Execution Technology. SkySecure is designed for deployment at the most critical points of infrastructure, including exposed DMZs, branch and remote environments, high-value business applications and foundational IT control systems such as Microsoft Active Directory, DNS servers and virtualization/cloud/big data/SDN controllers. No changes are required to networks, applications, or operating systems. The company says its server is designed to catch and contain malware and rootkits.

Hardware, firmware and software components are validated at the point of manufacture and continuously monitored once deployed. After properly attesting, the system boots a fully
whitelisted Security Enhanced Linux (SELinux) implementation. SkySecure Compartments enable a dynamic whitelist and application-layer protections around each workload deployed on a SkySecure Server, houses them in a synthetic operating environment and assumes a zero-trust posture regarding all network access.

The SkySecure platform consists of three main components: on-premise trusted computing systems, software-based/hardware-enforced compartments that enforce policy around each hosted virtual machine and centralized management and monitoring that centrally orchestrates security policy and enables total application visibility.


“Every CIO we’ve talked to has deployed virtualization, single-sign on, cloud and big data systems to automate processes and make IT more agile, but this has resulted in critical control points in the infrastructure,” said Douglas Gourlay, corporate vice president of Skyport Systems. “Skyport Systems is delivering a system that is secure by default: from the point of inception, not belated integration. We are building a hyper-secured infrastructure foundation for mission-critical systems.”

https://www.skyportsystems.net


  • In April 2015, Skyport Systems announced $30 million in Series B funding for its Hyper-Secured Infrastructure solutions.  The new funding was led by Index Ventures, with participation from Intel Capital and existing investor Sutter Hill Ventures. The Series B round brings total Skyport funding to $37M.
  • Skyport is headed by Stefan Dyckerhoff, who previously was GM of routing and switching at Juniper Networks, which he originally joined as employee #33 working in chip design. 




Skyport - Evolution of Converged Infrastructure



Skyport Systems, a start-up based in Mountain View, California, sees a next-gen infrastructure opportunity at the intersection of networking, security, storage, and compute.

In this video, Doug Gourlay discusses the evolution of converged infrastructure from Cisco UCS, Nutanix and this next step.

See video: https://youtu.be/gx6mG-sey-A


Friday, May 15, 2015

IBM Cites Fast Progress with X-Force Exchange Threat Intelligent Network

One month after launching its X-Force Exchange, IBM has gained participation from more than 1,000 organizations across 16 industries.

The X-Force Exchange provides open access to historical and real-time data feeds of threat intelligence, including reports of live attacks from IBM’s global threat monitoring network.  The Exchange, which is powered by IBM Cloud, already holds 700 terabytes of threat intelligence.

 "Cybercrime has become the equivalent of a pandemic -- no company or country can battle it alone," said Brendan Hannigan, General Manager, IBM Security. ““We have to take a collective and collaborative approach across the public and private sectors to defend against cybercrime. Sharing and innovating around threat data is central to battling highly organized cybercriminals; the industry can no longer afford to keep this critical resource locked up in proprietary databases. With X-Force Exchange, IBM has opened access to our extensive threat data to advance collaboration and help public and private enterprises safeguard themselves.”

"Cybercrime continues to grow in sophistication and organization, we understand that there is power in numbers to fight back," said Rob Bening, Chief Information Security Officer, ING Bank. "Sharing threat information via IBM's X-Force Exchange initiative is a big step toward better understanding potential attacks and anticipating measures to mitigate them.

https://exchange.xforce.ibmcloud.com/

Monday, May 11, 2015

IoT is Contributing to Rise in Simple Service Discovery Protocol Amplification Attacks

There has been a significant growth in Simple Service Discovery Protocol (SSDP)-based amplification attacks, according to a recently published DDoS Threat Report from NSFocus, which specializes in enterprise-level, carrier-grade solutions for DDoS mitigation, Web security and enterprise-level network security.

The NSFOCUS report cites the rise of IoT-connected devices, such as webcams, as primary agents responsible for an increase in SSDP reflection attacks.

The report is based on statistical analysis and key observations from actual DDoS attacks that occurred during the second half of 2014. This data was collected from a mix of global enterprises, Internet service providers, regional telecom operators and Internet hosting companies.

Some key findings:

  • Any network-connected device with a public IP address and vulnerable operating system will increase the number of devices that could be used to launch SSDP–based reflection attacks. This particular type of DDoS attack was seen as the second most dominant threat, after NTP-based attacks, in 2H2014.
  • More than 30 percent of compromised SSDP attack devices were network-connected devices such as home routers and webcams. Findings also revealed that globally, more than 7 million SSDP-controlled devices could potentially be exploited.
  • While 90 percent of DDoS attacks lasted less than 30 minutes, one attack lasted 70 hours. This shorter attack strategy is being employed to improve efficiency as well as distract the attention of IT personnel away from the actual intent of an attack: deploy malware and steal data. These techniques indicate that today’s attacker continues to become smarter and more sophisticated.
  • Online retailers, media and gaming remain top targets: As retailers, entertainment and gaming companies increasingly employ online environments, consumers demand the highest level of quality of service. By slowing down or flooding these servers, attackers look to take advantage of online businesses through a variety of means, including blackmail, unfair business competition or asset theft.

"We are watching the evolution of attack technologies that amount to nothing less than 'bullying' (flood attacks) and 'leveraging' (resource exhaustion) tactics that enhance the impact by exploiting network bandwidth. To counteract these assaults, organizations must look to traffic- cleaning devices in conjunction with other security protocols," stated Yonggang Han, COO of NSFOCUS.

http://www.nsfocus.com

Sunday, May 10, 2015

Nokia Expands Partnership with Check Point

Nokia Networks is expanding its partnership with Check Point Software Technologies to offer certification and integration with the Nokia Networks telco cloud security solution.

Nokia Networks offers a 3-part solution:

  • Nokia Cloud Security Director, launched at Mobile World Congress 2015, enables operators to automatically deploy security policies and functions in cloud and hybrid networks. This greatly reduces effort and cost compared to manual methods, and mitigates the risk of losing revenue from security breaches. Compliant with forthcoming ETSI NFV security standards, Cloud Security Director allows operators to meet local regulations cost-effectively.
  • Cloud perimeter firewalls and management systems from leading vendors can be integrated with the Nokia Networks telco cloud security solution, with the Check Point firewall being the first to be certified. This approach is part of the Nokia Networks partnering strategy for business growth.
  • Nokia cloud wise services support operators from analysis of cloud strategy, to architectural design and implementation of full telco cloud security. The implementation phase provides secure migration alongside a hardening procedure for the hypervisor and overall telco cloud infrastructure.

"As operators migrate to the telco cloud, a new approach is needed to address the corresponding security threats. Our strategy is to provide operators with the industry’s most secure solutions. To achieve that, we combine our mobile network and security portfolio and know-how with the expertise of the leading security vendors.”

http://www.nokia.com

Monday, May 4, 2015

Verizon's 2015 Data Breach Investigations Report

Now in its 8th year, the Verizon Data Breach Investigations Report has expanded to include input from over 70 organizations, including top law enforcement agencies, says Bryan Sartin, Director of RISK Team at Verizon Enterprise.

Here is a quick summary of findings: 96% of incidents follow only 9 patterns. The top 3 threats are POS attacks, cyber-espionage and crimeware. Upwards of 4 out of 5 intrusions involve the use of stolen or easily-guessable credentials. Simple two-factor authentication significantly mitigates this risk.  This year's report also looks at mobility and the BYOD phenomenon.


See video: https://youtu.be/e8W8YJNhPSk

The full report can be accessed here: http://www.verizonenterprise.com/DBIR/2015/

Thursday, April 30, 2015

Cisco Integrates ACI with FirePOWER Intrusion Prevention

Cisco is integrating its FirePOWER Next Generation Intrusion Prevention System (NGIPS) into its Application Centric Infrastructure (ACI) architecture.

The integrated ACI + firePOWER security solution, which will be available in June 2015, offers automated threat protection to combat emerging data center security threats. The idea is fine-grained control (including application level security), visibility and centralized automation all the way from infrastructure to the application level.

Cisco ACI also third-party ecosystem solutions from Check Point Software Technologies, Fortinet, Infoblox, Intel Security, Radware, and Symantec.

Cisco said ACI integration with FirePOWER NGIPS (including Advanced Malware Protection) provides security before, during and after an attack, enabling organizations to dynamically detect and block advanced threats with continuous visibility and control across the full attack continuum. These new security capabilities deliver unprecedented control, visibility and centralized security automation in the data center.

Cisco also announced that independent qualified security assessors have validated ACI for deployment in payment card industry (PCI) compliant networks. Managing and simplifying the scope of compliance can help reduce costs for these organizations.

http://newsroom.cisco.com/press-release-content?type=webcontent&articleId=1628097

Monday, April 20, 2015

Gigamon Automates Network Traffic Visibility for Rapid Response to Security Threats

Gigamon outlined its framework for leveraging software-defined intelligent traffic visibility to automatically detect threats and then programmatically adapt security policies.

“Software Defined Visibility is a first of its kind breakthrough. It enables security tools, such as IPSs, WAFs, Secure Web Gateways, Sandboxes and other in-line or out-of-band security appliances to program the Gigamon Visibility Fabric to automatically update traffic Flow Maps and GigaSMART operations based on real-time conditions,” said Shehzad Merchant, chief technology officer at Gigamon.  “By enabling the programmability of our Visibility Fabric, customers gain the ability to dynamically adjust and enhance their visibility posture thereby improving security, while reducing costs and network complexities.”

Software Defined Visibility is a framework that allows customers, security and network equipment vendors, as well as managed service providers, to control and program Gigamon’s Visibility Fabric via REST-based Application Program Interfaces (APIs).  By writing programs that utilize Gigamon’s APIs, critical functions previously requiring manual intervention can be automated to improve responsiveness, enhance analysis and increase protection of key resources and information assets. Potential use case examples include:

  • Improve Security Efficiencies – Security administrators can develop applications to improve network detection, reaction and response by automating NetFlow generation and SSL decryption so that current security appliances are not overtaxed when performing deep packet inspection. For example, administrators can use the APIs that program the Visibility Fabric to dynamically change the traffic forwarding policies in response to threats or anomalous network traffic changes. 
  • Automate Policy Management – As new virtual machines are spun up, administrators can write policy management programs that utilize Gigamon’s APIs to automatically follow new changes within virtual and physical networks.
  • Simplify Provisioning and Ticketing – For many organizations, IT Operations Management (ITOM) groups are burdened to manually perform common tasks, such as provisioning and ticketing of network port configurations, monitoring of new IP subnets and VLANs, and upgrading software images. With Software Defined Visibility, ITOM groups can develop programs to automate these processes.

The new capabilities are enabled in GigaVUE-FM 3.0 Fabric Manager, which delivers a single pane-of-glass view of physical and virtual nodes across the Visibility Fabric.  A single instance of GigaVUE-FM can manage hundreds of visibility nodes across multiple locations, containing more than a quarter of a million physical ports in addition to managing virtual infrastructures.

Flow Mapping technology helps reduce traffic and improve analyzer performance. Flow Mapping is a patented technology at the heart of Gigamon’s GigaVUE Visibility Fabric nodes that takes line-rate traffic at 1Gb, 10Gb, 40Gb or 100Gb from a network TAP or a SPAN/mirror port (physical or virtual) and then optimizes flows based on individual traffic profiles of the tools and applications that secure, monitor, and analyze the network infrastructure.

http://www.gigamon.com

Ericsson and Intel Security Target Managed Security for Telcos

Ericsson and Intel Security (formerly McAfee) are working together to make managed security solutions available for telecom operators to bundle with the existing services they provide to enterprises.

The alliance combines Ericsson's managed services expertise, global delivery capability and network security expertise with Intel Security's broad portfolio of consumer and enterprise security solutions will enable enterprises to strengthen their security posture.

Chris Young, Senior Vice President and GM of Intel Security, says: "Telecommunications networks are a critical component of the economic and social infrastructures that we rely upon. Together, Intel Security and Ericsson are working to keep the well over three billion people across the globe that use these systems safe and secure."

Jean-Claude Geha, Vice President and Head of Managed Services at Ericsson, says: "Intel Security has an exceptional, end-to-end consumer and enterprise security product portfolio. Ericsson is the leader in telecom managed services with the scale, skills and people required to make Intel's security solutions available to telecom operators around the world. Together, we will be able to provide exceptional managed security solutions to telecom operators."

http://www.ericsson.com
http://www.intelsecurity.com/

Catbird Intros Discovery Tool for Virtual Fabrics

Catbird, a start-up based in Scotts Valley, California, introduced a software tool to help organizations discover, organize and analyze their virtual fabric to reduce security risks.

Catbird Insight works by first automatically discovering all assets within an organization’s virtual fabric.  It then allows grouping of these virtual assets into logical Catbird TrustZones (micro-segments) that can be monitored and analyzed for appropriate interactions, relationships and/or compliance based on network flow data. For example, all e-commerce applications might be grouped into one Catbird TrustZone so that security and compliance teams can validate whether the security policies associated within that Catbird TrustZone work effectively based on visualizing actual traffic flows.  From there, the solution provides visibility into all flows in and out of Catbird TrustZones with customized detailed reporting of traffic.

“Companies today want to adopt micro-segmentation to improve their security posture, yet find themselves lacking a good understanding of all the assets within their virtual fabric and missing insight into the baseline connectivity of those assets,” said David Keasey, CEO of Catbird. “With Catbird Insight, we easily and quickly eliminate these issues by providing a perfect inventory of assets and real-time network traffic and visualization, so organizations can easily define micro-segments and the fine-grained application-centric security policies protecting them.”

http://www.catbird.com/

Sunday, April 19, 2015

Cloud Raxak Intros Security Compliance Service based on HP CSA

Cloud Raxak, a start-up based in Los Gatos, California, introduced its Cloud Raxak Protect, a cloud-based security compliance service for helping IT organizations and application development teams to secure and ensure compliance of their compute infrastructures, starting with their environment provisioning process and through the lifecycle, for both public and private clouds.

Cloud Raxak Protect leverages HP’s Cloud Service Automation (CSA) solution, which provides open, extensible enterprise-grade hybrid cloud service management for businesses.

Prasanna Mulgaonkar, Cloud Raxak CEO and founder, said, “Cloud Raxak Protect™ enables application teams and enterprise IT to apply security profiles such as DISA and NIST approved technical security controls across private and public cloud infrastructures. Cloud Raxak Protect™ makes it as simple to apply security compliance profiles to a set of virtual machines, as it is to provision them. We are very pleased to have partnered closely with HP and their industry leading CSA solution to bring this service to market.”

http://www.cloudraxak.com

Thursday, April 16, 2015

Juniper's New SRX5800 Firewall Hits 2 Tbps Throughput

Juniper Networks unveiled new hardware for its new SRX5800 Services Gateway firewall boasting throughput up to 2 Terabits per second (2 Tbps), empowering service providers and large enterprises will more capacity to minimize the potential for security bottlenecks as they manage increased and unpredictable demands for bandwidth placed on their networks.

The new hardware for the SRX5800 includes third-generation input/output cards (IOC3), an enhanced midplane chassis and third-generation system control boards (SCB3). Each IOC3 line card supports two packet forwarding engines (PFE), a high density configuration of 2x100GbE and 4x10GbE high speed interfaces. Additionally, it delivers 240Gbps bandwidth and 2X bandwidth increase over the prior hardware card.

The new product enhancements will be available during the first half of 2015.

http://newsroom.juniper.net/press-release/juniper-networks-introduces-the-industrys-fastest-firewall