Tales from the Perimeter

I came across this article today in the Dallas Morning News which details allegations by the U.S. Attorney in Texas against a former employee of a local health clinic, whom investigators say was planning a DDoS attack against the clinic.

The article describes allegations that, among other things, the individual was targeting the health clinic’s HVAC system. The (often unknown) vulnerability of non-traditional IP-enabled devices is a real-world issue on today’s networks. In this allegation we see a potentially disastrous case of the consequences for the unmanaged vulnerability of these IP-enabled devices.

It remains true today that even the best-run networks often have difficulty managing those non-traditional IP-enabled devices. Everything from IP phones, surveillance cameras, physical security equipment, HVAC and other building controls, hospital devices, and more.

Lumeta has found that unknown or unmanaged IP devices exist in nearly every large network. These devices typically go undiscovered until they cause an outage or a security issue.  The latest version of Lumeta IPsonar offers some unique abilities to discover these devices, and map all connections to these devices so that organizations can more accurately apply security tools and techniques around the entire IP-enabled infrastructure - including your building controls.

By using Network Discovery to fine tune your security tool deployments, your organization can be ahead of the threat - so that if your organization ever faces this kind of insider threat you can be prepared, and know that you’re protecting the entire IP-enabled infrastructure.

Lumeta Adopts Open Standard to Publish Real-Time Alerts and Proactive Network Discovery Information to a Variety of Security and Network Tools

IPsonar® IF-MAP Client Allows Users to Reduce IT Complexity with Up-To-The-Minute Alerts on Policy Violations in all Networked Devices

Interop Las Vegas and Somerset, NJ – May 19, 2009 - Lumeta Corporation today announced the availability of its IF-MAP client, which provides organizations with real-time scanning event information from IPsonar…

Steve Hanna, Distinguished Engineer, Juniper Networks discusses Integrated Security, including Lumeta IPsonar and it’s place in Integrated Security environments.

This video is courtesy of Juniper Media Center on YouTube.com

Today is the final day of the vendor expo, and so I thought I’d provide a few comments on the products and services the vendors are offering to address the challenges outlined in the conference sessions over the course of the week.

Trusted Computing Group, an industry organization formed to develop, define, and promote open standards for hardware-enabled trusted computing and security technologies, has created specifications to enable more secure computing across the enterprise in PCs, servers, networking gear, applications and other software, hard drives and embedded devices. The TCG booth included a working demonstration of the their open source NAC solution, with multiple vendors publishing to and receiving updates from the IF-MAP server.

Lumeta, my company, empowers large enterprise and government agencies with global network visibility, allowing them to understand how network change affects security, availability, and compliance. Lumeta IPsonar discovers and maps every network asset, enabling IT professionals to analyze the connectivity between assets and networks, uncover risk patterns, and automatically enforce network policies. Earlier this week, we announced a new cybersecurity audit service for control systems at electric generation facilities, water plants, chemical factories and other heavy industrial infrastructure. The Lumeta Control System Cybersecurity Audit (CSCA) will help clients secure the control system network by employing IPsonar®, to close information gaps that have led to unmanaged vulnerabilities and greatly cybersecurity situational awareness in control system networks.

We live in a net-centric world where new information technologies arrive at lightning speed, allowing us to share information across town or around the world faster than ever before. The National Security Agency’s, Information Assurance mission is dedicated to providing information assurance solutions that will keep our information systems secure. At RSA, the NSA was showing a new secure phone/PDA running Windows CE, which allowed identity management-based access to the SIPRNet.

ArcSight provides a compliance and security management solution that enables enterprises and government agencies to comply with policy, safeguard assets and processes, and control risk. Businesses rely on ArcSight to rapidly identify, prioritize, and respond to compliance violations, policy breaches, cyber-security attacks, and insider threats. AT RSA, Arcsight announced its new ArcSight Express family of compliance products targeted at the needs of mid-size organizations with limited resources.

Wave Systems provides software to solve critical enterprise PC security challenges such as strong authentication, data protection, network access control and the management of these enterprise functions. Wave’s EMBASSY® software manages the security functions of TCG’s industry standard hardware security chip, the Trusted Platform Module (TPM).

Microsoft is the worldwide leader in software, services and solutions that help people and businesses realize their full potential. Working with partners and the industry to build trust in computing, Microsoft is committed to delivering technology fundamentals and innovation, prescriptive guidance and industry partnership that together will help better protect our customers. During the past year, Microsoft has advanced End to End Trust in four critical areas: security and privacy fundamentals; creation of a trusted stack with security rooted in hardware; in-person proofing based on identify claims; and social, political, economic and IT industry alignment for change.

Buzzword Bingo

Finally, over the past week I have a few too many buzzwords for my taste. And frankly, there were a few that dominated several conversations. None of these are particularly useful terms in my view and I could certainly do with out hearing them, ever again.

“Data-in-Flight” – I don’t even know what this one means.

“DLP” – We all understand the need for data loss prevention. But it seemed like every product from telephone to toilet paper is claiming DLP support.

“Service in the Cloud” – Sounds really cool and cutting-edge. But from what I have seen so far, this is really nothing more than a traditional managed security service with a new (and un-needed) wrapper.

Yesterday’s presentations started early with Lumeta’s Tom Price hosting a peer2peer session on Network Images: Mapping the Internet and Intranets. The session focused on Lumeta Research Labs’ ten years in mapping the Internet. The group discussed how the mapping works to gather data on the topology of the Internet, how the data is used, why it’s important. Also, the group discussed the value of using the same approach in network mapping and how it can be adopted in corporate and government networks.

President Obama’s-ordered 60-day cyberspace policy review is completed, and the report will show that cooperation is needed to meet the challenging task of securing the nation’s digital infrastructure, the Melissa Hathaway said Wednesday in the opening keynote. While the presentation seemed more like a campaign speech that addressed the top security professionals, there were a few key points. First, Ms. Hathaway made it clear that the future of cyber-security will be run from the White House; not DHS as suggested by Rod Beckstrom or the NSA as rumored in several recent news reports. Secondly, Ms. Hathaway spoke about the review process and the examination of existing policy. Surprisingly, there seemed to be no mention of any focus on analyzing past failures in the development of a government-wide cybersecurity solution. Those that can not learn from the past are doomed to repeat it.

John Chambers from Cisco spoke about the market need for innovation and collaboration during what he referred to as a period of productivity growth. He discussed how Web 2.0 represents a unique opportunity to develop secure platforms that enable next generation services. Chambers went on to say that “innovation and security must co-exist in an open environment if we are move beyond today’s economic challenges.”

McAfee’s Dave Dewalt talked about the state of IT security, including some alarming statistics, and the path toward meeting those challenges in a presentation titled “The Cybersecurity Challenge: Predicting the Unknown” He stated that while all economic indicators are down across the globe, all security trends are up; we are seeing more malware (up 500%), more data breaches (up 47%), and now attacks against our critical infrastructure. He went on to discuss how a few years ago there where zero countries armed for cyber-warfare, today over 20 countries have announced defensive and in some cases offensive cyber-capabilities. Government and industry must work together to break down the barriers that make the current response inadequate.

A final thought, given the government theme in all of the keynotes, 3 or 4 session tracks focused on protecting critical infrastructure, and more Federal attendees than I’ve seen in the past maybe the conference should be moved to the DC area. The security industry has asked for years that the Federal government get involved in addressing the growing cyber-security threat. Well, now that they are here and we need to work with them.