Our first SecureDC twitter chat created some great industry dialog around security for Software Defined Networks (SDN) as well as using SDN to improve security. SDN is going through a similar hype cycle as seen with cloud and we feel that it’s important to focus more on education now and broader collaboration, so that users can benefit from the tremendous potential SDN holds.
More Education, Less Buzz
We kicked off our conversation by asking what are the most pressing issues around SDN were. @Joltsik, Principal analyst at Enterprise Strategy Group, felt that users are confused with so much buzz, yet there’s little in the way of education.
@Raj_Samani, Chief Innovation Office at the Cloud Security Alliance and CTO at McAfee, went one step further indicating that greater transparency is also needed. However, @Jgreene3rd, Technical Lead for Data Center Security Technologies at Intel, noted that the upside of buzz is that it drives greater demand for availability, which in turn fuels education.
SDN and Improving Security
@KenSBeck, Principal Engineer at the Cisco Security Technology Group Office of the CTO, led an interesting discussion on how APIs for programming the network at network speed will allow security intelligence to be much more dynamic and eventually part of the network itself. @shl_eax_1, Technical Lead Engineer at Cisco Security Technology Group Office of the CTO, further noted how global visibility of the network hastens the speed with which security issues get resolved.
@fsmontenegro elaborated on how SDN security can enable more intelligent, granular and efficient response, and that SDN improves security by adding policy exceptions at the network layer with redirect flow. @vernonxt, SVP for ICT Research at IDC, honed in on SDN enabling better policy management. @AndiMann, Vice President at CA Technologies, speculated with automation enabling embedded policy and preventing random changes, shouldn’t SDN be able to do the same.
SDN Impact on Regulatory Compliance
@alokmittal65, Chief of Staff for the Cisco Security Technology Group Office of the CTO, stressed the need for auditing, logging and monitoring of policy change events.
@Raj_Samani also noted that with greater proliferation of devices, the ability to achieve greater attestation on the endpoint becomes more challenging. @KenSBeck drew attention to leveraging network awareness of user, geo location, and device as contextual elements that can make attestations much more meaningful.
@KenSBeck, our host from the Office of the CTO at Cisco, closed with words of advice and a hint of what is in store.
Keep the dialog going! Follow us on @Secdatacenter #SecureDC and join the conversation on LinkedIn Secure Datacenter Trends. For additional SDN resources, be sure to register today for our SDN Learning Seminars.
Tags: Cisco, data center, SDN, security
Detours is a library offered by Microsoft Research for interception of functions on x86 and x64 platforms. It is sold for commercial use to various vendors that build products ranging from security to gaming applications.
Detours is often injected into most or all of the processes, either system-wide or in the context of the logged in user. The most common way this is done is through the AppInit_Dlls registry value. Because the injection is typically applied to a large number of processes running under various permissions, extra care must be taken to ensure the library and its usage are very carefully reviewed by engineers with a strong understanding of the implications of such wide hooking.
We have used this library in our own security products at Cisco (both CSA and AnyConnect) to provide certain security functions on the system. During one of our research projects earlier this year, we noticed a peculiar pattern on Windows systems where processes we were hooking had a change in the in-memory permissions, which marked the headers of the modules from the normal READ/EXECUTE to now include WRITE as well.
This was quite alarming to us, because a dll should not be writeable when loaded into memory. What was interesting, and led to clues of what might be the cause, was that it was only the dlls that had functions we were actively trying to hook. They were the common Win32 dlls that one would typically intercept methods for, such as Kernel32.dll.
Read More »
Tags: DLLs, Dynamic Link Libraries, Microsoft, security, third party software
Like most industries, security has gone through many different evolutions. Over the past 20 years, the industry has been largely product focused, with customers deploying point products across the network in an effort to “cover” all security gaps. Over time and with the arrival of mobile, social and cloud, customers now recognize that having all the security products in the world is not going to close all the gaps. Today’s customers are looking for fully integrated solutions – a combination of services, products and people.
This is where Cisco delivers. We are elevating our security solutions efforts with the creation of a Services Security Practice, led by security industry veteran Bryan Palma, who comes to Cisco with an extensive background in both services and security. Reporting to Edzard Overbeek, Senior Vice President of Cisco Services, Bryan’s team will build three new service categories for our customers: Consultation; Product Implementation and Support; and Managed Services for enterprises and governments.
Cisco’s integrated security strategy is to defend, discover and remediate the most critical threats. With world-class products, research teams, global intelligence, advanced threat protection – and now services – our customers will benefit from continuous security in more places across the infrastructure.
Read More »
Tags: Cisco Services, security
The software defined network has become all the rage lately for reasons that seem to vary and are caught up in interesting perceptions. One view was that it allowed a single network to be controlled centrally and divided up logically to prevent different groups from interfering with one another, well that’s true. Another view is that it provides a central place of management that configures and monitors the network for performance and faults, well that is true.
The basis is really the separation of the control plane (configuration and management) onto a server that centrally controls many network nodes. From the data plane which are the switches and routers that pass the data for the application from one end device to another, or many. The SDN controller communicates over a secure communications path using an API supported by the network device.
Yet what may be the most significant possibility of SDN is the ability to use programmatic control from the very applications that use the network for transport to stipulate any number of services that application needs from the network. We are seeing this in data centers that will allow end user departments to define a complete network for say ERP from within the ERP application and no help from IT. Why not for controls? And since SDN is based on open source initiatives the ability for anyone to create and market applications for say a controls system is very real. Read More »
Tags: intelligent automation, Internet of Everything, IoE, Manufacturing, SDN, security
In order for government and enterprise organizations to keep their data secure from increasingly advanced cyber threats, security solutions and protocols are critical. However, these organizations must ensure that their chosen security solutions meet key security criteria, are standards based, perform as expected and interoperate reliably with existing technology.
The challenges above are why Common Criteria was created. Common Criteria is an international standard for IT product security and reliability. In fact, many governments will not use security products that don’t meet Common Criteria standards.
This year, the International Common Criteria Conference is being held in Orlando, Florida from September 10-12. The conference is a place for Certification Bodies, Evaluation Laboratories, Researchers, Evaluators, Product Makers and Buyers and Sellers to come together and exchange ideas in order to improve Common Criteria.
Cisco will lead multiple sessions covering topics like Cryptography, Network Device Protection Profiles, Improving Common Criteria and Marketing Common Criteria.
Details on the speaking sessions presented by and in collaboration with Cisco are below:
- Keynote Speaker: CCUF Perspective
September 11 from 9-9:30AM ET
Alicia Squires, Cisco, CCUF Chair
September 11 from 9:30-11AM ET
Moderator: Mark Loepker, NIAP, CCES Chair
Panelists: Joshua Brickman, Oracle; Jen Gilbert, Cisco; Matt Keller, Corsec; Eric Winterton, Booz Allen Hamilton.
- Entropy Sources – Industry Realities and Evaluation Challenges
September 11 from 10-10:30AM ET
Alicia Squires: CISSP, Product Certification Engineer, Cisco Chair, CCUF Management Group
- Cryptography and Common Criteria
September 11 from 11:30-12PM ET
Ashit Vora, Manager, Common Criteria Certification, Cisco and Chris Brych, Manager, Security Certifications, SafeNet, Inc.
- Lessons and Recommendations from Evaluating Against NDPP in Three Different Schemes
September 11 from 5-5:30PM ET
Terrie Diaz, Product Certification Engineer, Cisco and Ashit Vora, Manager, Common Criteria Certification, Cisco
- Widening the Use of CC for End Users Worldwide
September 12 from 9:30-11AM ET
Moderator: Michele Mullen, Director, ATA, CSEC
Adam Golodner, Director, Global Security & Technology Policy, Cisco; Steve Lipner, Microsoft; Blackberry (INVITED); Ericsson (INVITED)
Tags: Common Criteria, common criteria conference, cryptography, data, government, network device protection, security