Join us at Black Hat 2013 in Las Vegas this July, for our two-day hands-on Network Threat Defense, Countermeasures, and Controls course. Courses will be offered on July 27-28 and July 29-30, and attendees will learn and perform two network security roles. First, as a Security Practitioner, you’ll learn to secure and harden network infrastructure devices, and second, as a Security Incident Response Investigator, you must correctly detect, classify, and mitigate threats attacking a network by configuring and deploying advanced network threat defenses and countermeasures. Learning these roles will help you prepare for and respond to real world threats such as the recent Financial Services, SpamHaus, and OpUSA Denial of Service Attacks. Read More »
Last week at the RSA Conference in San Francisco, I had the pleasure of speaking to thousands of security professionals about the opportunities and risks associated with using Software Defined Networking (SDN) for security, which will be the underlying fabric of our next generation data centers and networks. SDN-enabled security will provide a better way to secure our most valuable applications, users and data, now and in the future.
Each vendor has a different definition of how the network is changing, and there are many different terms being used, such as software defined data center and software defined storage. Cisco calls this Application Centric Networking, for example, because we are introducing programmable APIs with a focus on distributed control plane intelligence so that applications can get value directly from the network.
It’s obvious why the networking industry is embracing SDN: lower operational costs and the ability to deploy applications and network services in a quicker, more scalable manner. Cloud bursting, which is about flexible compute in the cloud, is another SDN benefit that gives us the ability for applications to interact directly with the network in ways that do not happen today. For example, applications will be able to query the network for location of users to manage Quality of Service and deliver highly targeted content.
So why should the security industry care about SDN? As the threat landscape evolves, the opportunity is to make Security a key application for SDN. We can use SDN to build a Network-based Threat Defense System. I see three key elements to this system:
At Cisco Live London, one of my data center theater presentations will focus on the benefits of a context-aware and adaptive security strategy. This approach helps accelerate the adoption of virtualization and cloud, which traditional static security models often inhibit. Context-based approaches factor in identity, application, location, device, and time along additional security intelligence such as real-time global threat feeds for more accurate security access decisions.
Neil MacDonald, vice president, distinguished analyst, and Gartner Fellow in Gartner Research has been advocating the benefits of a context-based approach now for some years as outlined in his Gartner blog. Not only does he say that by 2015, 90 percent of enterprise security solutions will be context-aware but in cloud computing environments where IT increasingly doesn’t own key IT stack elements, having additional context at the point of security decision leads to better decisions with risk prioritization and business factors accounted for. Neil MacDonald also co-authored a report, “Emerging Technology Analysis: Cloud-based Reputation Services,” which highlights the value of cloud-based threat intelligence in enabling secure cloud adoption.
While in Oslo last month for the Nobel Peace Prize activities, I heard two words that I haven’t been able to get out of my mind: “open government”.
They were the focus of discussion among the 15 international delegates—representing 14 countries and 3 continents—that Cisco had invited to its “Visioning Open Government” conference The delegates and speakers delved into the value of an open society and its imperatives for social and digital network connections—including information access, integration, and network security.
BayThreat 2012, the third annual information security conference in the South Bay of San Francisco, will be held December 7–8 at The Firehouse Brewery in downtown Sunnyvale, Calif. This technical conference is well attended by security professionals from the top technology companies in the South Bay. Randy Ivener and Joe Karpenko, security specialists from Cisco Systems, will present “Network Threat Defense”at 10 a.m. Saturday at the conference.
Botnets, worms, and denial of service (DoS) attacks increasingly threaten the availability of every network, yet few network engineers realize the security benefits of leveraging network infrastructure to handle these attacks. “Network Threat Defense” will address how to build a more secure infrastructure and how to leverage inherent network features, such as NetFlow, to provide a full range of attack handling mechanisms. During the presentation, Ivener and Karpenko will briefly cover the following fundamental network security topics:
- State of network security
- Threat models for IP networks
- Incident response
- Secure network design
- Device hardening
- Introduction to NetFlow