infoTECH Feature

March 27, 2014

Rethinking the Approach to Real-time Network Security - Part One

In December of 2013, McAfee Labs reported that, in addition to cloud-based and social media threats, the rapidly growing mobile platform will “draw the lion’s share of threat innovation.” Arbor Networks reported that there had been a 350 percent growth in the number of distributed denial-of-service (DDoS) attacks monitored at over 20Gb/sec in the first three quarters of 2013.

To confirm this very real threat, CloudFlare reported on February 13, 2014 that its network had been hit by a 400Gbps NTP amplification DDoS attack, reportedly the largest attack to date using NTP amplification. The company stated that it has seen this style of attack grow dramatically over the past six months, posing a significant new threat to the web.

As these examples illustrate, network security continues to be a growing problem in the IT industry. The very trends that have revolutionized users’ access to data are the same ones that are leaving networks vulnerable to attacks by cybercriminals. No single security product can fully defend against all network intrusions, but a smart combination of existing products can provide a more flexible solution. IT administrators must examine all avenues to ensure that network monitoring and security appliances are working at full capacity to monitor, detect and halt potential attacks.

Cloud computing, big data analysis, and mobility are three recent trends in the IT industry that, while improving the efficiency and effectiveness of digital services, have also generated significant threats to network security.

The challenge is to provide security without handicapping the adoption of these trends and undermining the potential benefits they provide. What is required is a holistic view of network security based on the correlation of both network and security information in real-time. In short, access to real-time decision data anytime, anywhere and on any device.

Unfortunately, these benefits come at a cost. To provide this kind of access opens vulnerabilities that cybercriminals are more than motivated to exploit. How can we secure valuable and critical data without compromising efficiency?

The reality is that no single product can address this challenge however; only by combining the strengths of existing products can we build an effective security solution. The combination of network and security information reveals a more holistic solution that can be adopted to address vulnerabilities with certainty and precision. By understanding the behavior of the network, using this information to detect anomalies and then comparing this information with security events, it is possible to act immediately in addressing potential attacks.

In this two-part article, we will take a closer look at the major trends and the expected growth in data that these will partly drive. We will also look at the security challenge as highly organized cyber criminals target the vulnerabilities that these trends expose.

Cloud Computing, Big Data Analysis And Mobility

The Benefits

The combined benefit of cloud computing, big data analysis and mobility is the availability of real-time data for decision-making at anytime, anywhere, accessible from any device.

  • Cloud computing provides the ability to centralize data in a way that makes it accessible at anytime from anywhere. The centralization of data, the essence of cloud computing, enables real-time analysis in relation to historical data to identify trends and opportunities.
  • Mobility increases accessibility adding a level of convenience and efficiency for cloud service users.
  • Big data analysis provides an efficient overview of key data to support decision making, which can form the basis for highly effective reactions in real-time to unfolding events and opportunities.

These three trends combined promise to revolutionize digital services, making them more user-friendly and responsive.

The Vulnerabilities

The underlying enabling foundation of all three trends is the ubiquity and accessibility of the Internet. Once access to the Internet is provided, users are able to take advantage of these three trends.

But, this is also the basis for the vulnerability of these trends, as this accessibility is also available to cyber criminals.

  • The centralization of data in cloud data centers provides fewer, but more attractive locations to target.
  • Mobility is the potential weakness in security defense strategies as access to cloud computing services is made available on a wider range of mobile devices that are sometimes beyond the control of the cloud service provider or the client enterprise.
  • The Bring Your Own Device (BYOD) trend is a case in point where it is efficient to allow access to data for employee owned devices, but opens potential vulnerabilities.
  • Big data, in this regard, merely ups the stakes. It is the treasure that the cyber criminals want to get their hands on or, at the very least, prevent access to.

As we rely on the Internet for all manner of services, including financial transactions and customer database access, the value of this big data is only set to increase.

The Challenges of the Convergence (News - Alert) of the Cloud, Mobility and Big Data

Cloud computing centralizes large amounts of data in fewer locations. This increases the amount of data being handled and thereby the speeds at which this data is being transported. In short, this means more data at higher speeds. On the positive side, the centralization of data also leads to the centralization of IT competence.

Cloud service providers should be in a position to invest and attract the expertise to implement world-class security solutions. From this perspective, outsourcing IT processes to cloud service providers should make your data more secure if you are a small-to-medium enterprise.

Big data analysis adds the extra dimension that traffic flows within the network are prone to change. Traditionally, traffic has flowed in a “north-south” direction from the interface to the external Internet connection in the “north” to the user on their PC client in the “south”.

With big data analysis, large amounts of critical data is now being exchanged between storage databases in the “west” and servers in the “east” of the network. There are therefore traffic flows in all directions, which complicates the situation and demands a re-think with regard to which points in the network need to be monitored and secured.

Mobility adds the extra complexity that the “south” interfaces are also moving. One can no longer assume that a particular user will use a stationary PC client to access services. The user could turn up anywhere in the network using a mobile device to access services.

From a network security point of view, the challenges can thus be summarized as understanding the new network profile and identifying where network security solutions are required, monitoring these critical points and ensuring that the products used can keep up with increasing speeds and data loads.

Increasing Loads, Speeds and Attacks

It comes as no surprise that data loads are on the increase, but few consider the implications. We rarely feel the impact in our daily lives beyond waiting for a web page to download. Most enterprise networks are over-dimensioned to ensure that there is bandwidth overhead to handle high-load situations.

In other words, we plan for worst-case scenarios and throw bandwidth at the problem. On average, this works, as communication services can be prioritized so the most sensitive services are guaranteed bandwidth and other services can accept data re-transmissions in the event that packets are dropped due to congestion.

However, if you need to monitor and analyze data on a particular connection in real-time, you cannot afford to drop packets. Increasing loads is therefore an issue that cannot be ignored and network appliances, be they for performance monitoring or network security, need to ensure that they can see the entire picture in real-time, otherwise the analysis of the real-time situation is incomplete.

For example, Distributed Denial of Service Attacks (DDoS) can seek to exploit throughput limitations by bombarding in-line security appliances with data to such an extent that the security appliance must surrender and lower the drawbridge or deny services to users. Best practices suggest that appliances used in the network should have the capacity to handle the theoretical maximum expected amount of data and flows that could be generated so that this type of attack will not succeed.

As data loads increase, data speeds will also increase as we enhance the capacity of connections and aggregate these into even higher speed connections. So, not only do you need to handle more data, but you also have to do it at higher speeds. Higher loads and speeds are challenging enough, but then we also need to consider that the number and types of attacks are also growing exponentially. Cyber criminals are continuously innovating new ways to succeed in penetrating defenses, often using a combination of attacks. For example, using a DDoS attack as a diversion for introducing a Trojan horse or other malware into the network.

To successfully defend against these multi-layered attacks, it is important to think holistically and use all means available to identify and address breaches in security. The key is establishing the network-wide view of what is happening on a real-time basis so the right defensive measures can be brought to bear where they are needed most.

In part two of this article we will look at new ways to secure the network by rethinking network security appliance design and best practices for utilizing commercial off-the-shelf servers to lower costs and enhance workflows.

Read part two of this article. 

About the Author

Daniel Joseph Barry is VP of Marketing at Napatech (News - Alert) and has over 20 years experience in the IT and Telecom industry. Prior to joining Napatech in 2009, Dan Joe was Marketing Director at TPACK, a leading supplier of transport chip solutions to the Telecom sector. He has an MBA and a BSc degree in Electronic Engineering from Trinity College Dublin.

Daniel Joseph Barry (News - Alert) is VP of Marketing at Napatech and has over 20 years experience in the IT and Telecom industry. Prior to joining Napatech in 2009, Dan Joe was Marketing Director at TPACK (News - Alert), a leading supplier of transport chip solutions to the Telecom sector.

Edited by Cassandra Tucker

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers