Network Critical - The Window to your Network

IoT Momentum and Internet Security


Have you ever been running so fast that your momentum propels your torso faster than your legs can keep up? As a kid we used to go to a hill at the park and run down as fast as we could. After a few quick strides, our bodies would soon overtake our legs. It was soft grass so our tumbles caused no real damage. It was kid fun. Playing this game on gravel or cement, however, causes a very different result. I have some elbow and knee scars from my childhood to prove it.

The IoT movement is running downhill. Its body is the unchecked market acceptance of everything being connected to the internet. Its legs are device security built in by manufacturers. Connected devices and networks include TVs, refrigerators, ovens, medical devices, automobiles, security cameras and nearly everything else you can imagine. However, the security built into these devices is nearly non-existent.

In late October, a DDoS attack on domain name provider Dyn took down many popular websites. Rather than build an expensive device to blast enough data at the site, the attackers used many small devices to blast garbage data at a single site. It is believed that the devices that were hacked to create the attack were connected video cameras. The Dyn attack set a record blasting data from various innocent sites at a combined rate of 1.2Tbps.

Considering that only a few years ago connected devices other than computers and cell phones numbered in the hundreds of thousands. Today there are millions of devices and rapidly heading to the billions. According to Thomson Reuters Zawya, worldwide installed base of connected devices will exceed 28 billion devices by 2020 with a market revenue of over US$7 trillion (yes, with a T). Yet, there is no coordinated effort to establish security standards for these devices. Security can be expensive and companies generally want to take cost out of consumer devices rather than add cost. This is particularly true where the consumer likely will not see a particular advantage. From the consumer's perspective, there is no motivation to pay extra for perceived esoteric features such as access security.

I suggest, however, that the consumer will soon become more aware of the security (or lack of security) built into their connected devices. The more we all become connected to the internet, the more dependent we will all be on the internet. Amazon Echo and Google Home are two excellent examples of our growing dependence on the internet.

Home and Echo are extensions of your iPhone or Android. However, they can coordinate with other connected devices such as streaming TV, lights, thermostats, calendar, oven timers and more. Are people going to feel comfortable connecting everything they own to a single device that is open to off-the-shelf hacking software? Can you imagine the consequences? As connected devices proliferate and consumers consolidate control of the devices for convenience, the controller becomes a critical single point of failure. A hack into a Home or Echo device can turn off the heat in the dead of winter, turn on a stove when the owners are away or turn off lights in preparation for a home invasion. These are real issues with life or death consequences. I am not sure that consumers have thought this through, but certainly the consumer products industry should.

The automotive industry did not impose airbags on themselves and the bankers did not create reserve ratios. These are critical social imperatives that were forced upon these industries for the safety and stability of society. The internet is quickly becoming such a social imperative that the government should be well on its way to developing security standards for all connected devices.

Companies continue to invest heavily to protect their networks with Intrusion Protection Systems, TAP’s and Packet Brokers, Data Loss Prevention, malware scanning software and other technologies. Even with all that, there are still vulnerabilities.

As consumers move deeper and deeper into internet dependence, security becomes more of a critical imperative and less of an add-on feature enhancement. Hopefully, the industry will see that its continued growth and success are dependent on device security and internet protection. If the internet fails, all connected devices become worthless.

The current and anticipated future momentum is great for the industry. However, if the security legs do not develop at the same pace, the whole system will come tumbling down in a heap.

Posted: 30/01/2017 12:59:14 by Network Critical with 0 comments

Cyber Skills Gap


Are the bad guys better than the good guys? The Financial Times Cyber Security Summit Europe was held in September. The presentations focused on cyber crime against financial institutions and their vulnerabilities to such attacks. Obviously, this is a lucrative target for criminals because billions of dollars pass through inter-bank transactions and clearing systems. At risk is catastrophic failure of our digital financial system.

First, lets look at our modern global financial system.

Money is an imaginary system of mutual trust. In fact, money is the most universal and most efficient system of mutual trust ever devised. Throughout human progress in history, we went from bartering a sheep for seed, to trading gold coins for various products and services. Eventually paper currency was developed and backed by empires and governments. Now most of our currency is electronic bits backed by governments and financial institutions. Just as cash money has no intrinsic value, neither does an electronic debit. They are just bits of information stored on a server. However, our trust in the institutions that manage these bits is the foundation of the entire global economic system.

The sum total of money in the world today is about $60 Trillion. The sum total of actual currency in circulation in the world is about $6 Trillion. More than 90% of the money in the world today exists only as bits on computer servers. So, now, how important is managing and securing the servers that maintain this currency? The very survival of our economic system depends on our trust that the underlying currency information is safe and available.

The Society for Worldwide Interbank Financial Telecommunication (SWIFT) provides a network that enables financial institutions worldwide to send and receive information about financial transactions in a secure, standardized and reliable environment. A significant breach of inter-bank transactions sent alarms through the industry.

SWIFT transactions were manipulated in February and August of 2016 by a group called Ordinaff. In the February breach, the Bank of Bangladesh lost $81 Million. The SWIFT system is constantly under attack and the skills of the attackers seem to be very sophisticated. Alain Desausoi, CISO at SWIFT commented at the summit, “We were surprised by the gap between the skills of the attackers and the cyber security practices in the banking industry.” One of the problems discussed is that while the threat is the same worldwide, the necessary skills to manage them are not the same in all countries. The February attack was caught by an alert manager who noticed a typo in a transaction message. If not for that catch, this breach could have been in the billions of dollars.

Back to the skills gap. The financial industry is under attack and will continue to be under persistent attack by cyber criminals who want to steal money, data, identities and more. In order to maintain trust in the system, the industry must close the skills gap between it’s employees and those of the enormous and well financed hacking industry. The Financial Times summit is a cooperative effort to work through these issues and develop practices to protect our financial systems.

Some of the resolutions that came out of the summit include improved information sharing, more resilient software, improved security practices, traffic pattern detection to identify anomalies, and ensuring banks have the right security partners. The banks understand the enormity of this problem and are working towards solutions to thwart cyber aggression against our most trusted global institution.

Intelligent network monitoring devices coupled with Data Loss Protection, Intrusion Prevention and abnormal activity search and block appliances are being deployed by financial networks around the world. Multiple security appliances are being connected by TAPs and Packet Brokers to provide robust protection without impacting network reliability or availability.

These network protection technologies coupled with consistent employee training, cooperation with local law enforcement and strict access policies will help manage the cyber aggressors for now. Ultimately, upgrading international law enforcement cyber skills, inter-agency cooperation, stiff penalties and ruthless tracking of cyber criminals will be required to maintain our global digital monetary system. We must close the skills gap between the good guys and the bad guys before faith and trust in the system erodes.

Posted: 19/01/2017 16:56:23 by Network Critical with 0 comments

Right Tool for the Job


Have you ever tried to tighten a screw with a butter knife? How about tapping a nail into a wall using the butt end of a screw driver? How often do you use a chair to reach the top shelf instead of getting a ladder or step stool? How often do you put your body (life?) at risk by opting for the expedience of substituting the appliance at hand for the proper appliance for the job?

Time is scarce. Money is scarce. We all take certain risks to save money and or time. Sometimes the risk pays off by getting the job done with the tool at hand. Sometimes, we end up in the hospital.

The question of the day is, “Do I try to knock this job out with whatever is at hand or do I spend time researching and acquiring the proper tools for the job?” This question is relevant in the office as well as in the home. For the Network Engineer or IT Manager, the question comes up often. Networks grow, traffic patterns change, and new security challenges are presented every day. Budgets are limited and often not as flexible as required to effectively manage the ebb and flow of network administration. Network Engineers are famous for making do with what is available and often demonstrating great creativity resolving emergency situations.

There are many multi-function appliances that are helpful with network management tasks ranging from analysis to security. Often the multi-function appliances offer up front cost savings and adequate performance. Some of the trade-offs are speed of processing and depth of utility to the job at hand. There products are not necessarily bad. It is simply that their utility is limited to a particular environment where breadth of performance is adequate and depth is not required. However, for other networks where maximum security is critical and deep analysis is necessary, multiple specialized appliances need to be deployed.

Deploying best in class appliances for each of many specialized network tasks is the preferred method for high performance, high availability network administration. The challenge is how to efficiently deploy and manage the many tools that are available to maximum efficiency.

There are a three problems inherent with the multiple appliance deployment method. First is cost. To purchase four, five or more appliances for each link on a large network can be very expensive. The performance and security provided may well be worth the cost but, nevertheless, it is still a budget stretcher. Second is network impact. Many appliances, particularly those providing malware protection and threat detection, need to be deployed in-line. Deploying multiple appliances in-line may impact network reliability and availability. As any single appliance goes off-line, the entire link is impacted. Third is management. Each of these appliances needs to be managed individually. They will have unique performance objectives as well as individual input requirements. Managing inputs and outputs can become a complex and time consuming task. Further, as the network environment changes, so must the multitude of connected appliances.

There is a single solution to all three of the issues mentioned above. Connecting appliances to links via Packet Brokers like the SmartNA-X HD can reduce tool costs, mitigate reliability issues and simplify deployment and management.

Cost - Aggregation and filtering features can save CapEx by reducing the number of appliances needed on the network by allowing a single appliance to support data flows from multiple links.

Network Impact - By-Pass and Fail-Over Relay features can protect network traffic in the event that an appliance fails or otherwise goes off-line. Link-lock and multi-level administrative password protection provide security and control of network data.

Simplified Management - Connecting multiple appliances through a single Packet Broker provides deployment and management benefits that save OpEx and improve appliance efficiency.

Best in class security, best in class malware protection, best in class application acceleration, best in class application performance management, best in class network analysis, best in class visibility, and more can all be efficiently deployed and managed through intelligent Packet Brokers. For more detail on these tools see www.networkcritical.com.

While making do with whatever tool is at hand may get the job done, it is fraught with potential disaster. Emergency room doctors stay very busy patching up patients who fall off chairs because they did not take the time to bring a proper ladder in from storage. Choosing short term convenience often leads to long term disaster. Making the time and effort to develop a proper plan and procure the right tools for the job will protect you from future disaster at home and at work.

Posted: 16/01/2017 15:10:24 by Network Critical with 0 comments

Five Top Tech Trends for 2017


Welcome to 2017! This is the time of the year when we gaze into our crystal ball and prognosticate about what is in store for our industry and our e-life in the coming year. Here are some thoughts for what will be trending in the next 12 months and beyond:

IoT Device Security - Here are some numbers from CloudTweaks…328 million things connect to the Internet every month. By 2022 a typical home will contain 500 smart devices. By 2025 every vehicle on the road will be connected to the Internet. According to a McKinsey Global Report, only 0.06% of things that could be connected to the Internet currently are, which means 10 billion things out of the 1.5 trillion that exist globally are currently connected. The report estimates that this could add $11 trillion per year to the global economy by 2025. These IoT trends are worth following. They will impact our business and personal lives in a big way. However, in addition to the huge market potential and potential for societal shifts, this trend will also dramatically increase the cyber threat landscape. Along with the increase in IoT devices, consumers and governments must push for parallel growth in connected device security. The recent attack on internet providers Yahoo, Twitter and others is a prime example. The attackers hacked connected video surveillance devices to flood the internet with traffic forcing the shutdown of some the largest service providers. As connected consumer devices flood the market, their weak security opens the door for hackers to damage individuals, enterprises and service providers. The resulting chaos could be catastrophic. Hopefully, device manufacturers will recognize their weakness and build better security into their products. 

State Sponsored Cyber Meddling - The Russian hacking and misinformation campaign to influence the U.S. election is well documented. German elections are coming up in 2017 and Hans-Georg Maassan, the head of the Federal Office of Protection of the Constitution released a statement saying, "Propaganda and disinformation, cyber-attacks, cyber-spying and Cyber-sabotage (are) part of the hybrid threat to Western democracies.” The Russians are not the only ones to watch. The Chinese have an entire Army division devoted to Cyber espionage activities. It is called Unit 61398 of the Peoples Liberation Army (PLA) and its existence has actually been confirmed by the Chinese government in a report called “The Science of Military Strategy” published by the PLA. The United States has cyber security and espionage units reporting to the National Security Agency (NSA) with a proposed $14 Billion dollar budget for the coming fiscal year. This is notice to government and corporate networks that anything connected to the internet is vulnerable. Cyber security budgets in government and the private sector will increase in the coming year. Military focus on cyber offense as well as on cyber defense will permeate world affairs. 

OT Monitoring and Security - Operational Technology (OT) is hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes, and events in the enterprise. OT is largely used in manufacturing and services such as pipeline and utility control process. This technology has been available and widely used on site for decades. However, its integration with Information Technology and internet connectivity creates new security vulnerabilities. OT has largely been used in closed operational systems. Older operating systems are being patched to allow functional benefits from Internet access. The security capabilities of the older systems are not keeping up with current IT practices. This OT/IT gap may open the door for massive utility and transit system outages and other functional disruptions as new connected OT services become available without IT security advances being integrated. As the line between OT and IT blurs, so must the focus and investment in training and security. 

Artificial Intelligence - So, what’s the big deal here? Artificial Intelligence (AI) has been discussed and researched for decades. The big deal is that AI is now becoming a real market with real applications. Some of the largest tech companies like Google, Apple, Amazon and Facebook are making large investments in this technology and are also releasing their core AI programs as open-source software for others to use. Here are some of the markets that will benefit from advancements in AI technology. Network Security products will be able to learn network usage patterns and more quickly detect anomalies that indicate attacks. Gaming will be greatly enhanced with virtual reality and more realistic landscape and character behavior. Automotive navigation, medical diagnostics, banks, retail and pharmaceutical companies will all benefit from this technology where machines actually learn to solve problems rather than just compute numbers. IBM and BMW have signed a deal to integrate Watson conversational and learning technology into their vehicles. MIT has developed an AI system that surfs the web to improve its performance. The MIT information extraction system helps turn plain text into data for statistical analysis. If IoT is the nervous system of the Internet, AI is the soul. You will be hearing a lot about AI in the coming months and years. 

Hybrid Cloud - John Maddison from computer security company Fortinet says that more businesses need to focus on inside-out security. Reports and industry surveys show that the internal threat to cyber security is in fact greater than external threats. Employees generally have direct access to corporate networks. While many employees are diligent hard working, intelligent beings, others can be negligent, careless, fraudulent or sometimes, just stupid. Now that we have determined that a company’s own employees can be a big security risk, let's talk about the employees of your local cloud provider. What do you know about the employees of the cloud services provider where you store sensitive corporate information? I am sure that many are smart, honest hard working employees. However, what do you know about the cloud providers HR policies and procedures for vetting and hiring employees and contractors who have direct access to your corporate information? One potential solution is deploying a Hybrid Cloud architecture. For example, cloud services can be used for high demand peaks, less sensitive file storage, day to day operational computing and big data analysis. For confidential corporate information and proprietary processes, a local network under direct control can be deployed. A hybrid design lets the company secure highly confidential data on local servers with its own security technology, policies and direct consequences for employees who breach policy. This is a best of both worlds security and a computing option that will grow fast in 2017 and beyond.

Final thoughts - These are a few of the big tech trends that will be advancing and changing our world in 2017 and beyond. As you may have noticed, internet security is a common thread among all the tech trends. Sadly, 2017 will not be the year that computer hacking is solved. However, with increased security budgets, more training and improved architectures, I am hoping that the first bullet of my 2018 trends blog will be - “Monitoring Technology Beating Hackers.” Happy New Year!

Posted: 04/01/2017 16:55:57 by Network Critical with 0 comments