Power Grid, Utilities Seen as Most Vulnerable to Cyber Attack

Our trip to the 2012 ISSA International Conference in Anaheim, California has us thinking even more about cyber terrorism. We surveyed more than 100 security professionals while we were there and they told us, among other things, that 79% of them are expecting a major cyber terrorism event within the year.

If so many of the world’s top IT security pros are expecting a major strike to happen so soon, who is at risk? When asked what the most likely targets were for cyber terrorism, 48% of respondents said it is the nation’s power grid and utilities. The security professionals commented on the lack of protection for those targets and their connectivity with the Internet.

More and more, we are realizing that the front lines of the fight against cyber terrorism are not with the CIA or in some military bunker. They’re in the IT departments of countless electricity companies, water providers, natural gas companies and various other utilities. And wow, do we have some work to do.

Bring Your Own Device (BYOD) is Pure Evil


I spent a few days at ConSec ’12 this week and heard a lot about Bring Your Own Device (BYOD). It is a rapidly growing phenomenon that enterprise security experts are grappling with.  BYOD is becoming accepted by many companies of all sizes.  Interestingly, it often begins when a senior executive pops by IT with an iPad or a Mac and insists on using that device instead of a corporate standard.  Then the floodgates open.  People tend to like the freedom of choice and the convenience of BYOD. 

The Security, Audit, Continuity, and DIR full-day workshops

Security risk with BYOD

Did you know that when you access corporate email on the mobile device you own, there are countless security risks?  For example, if your phone is stolen, it is surprisingly easy to gain access to all the data on the device.  If you have the email password stored, well, all of your email is available to the hacker.  They can steal anything and even worse yet, – impersonate you.  In fact, a good hacker in possession of your device, can decrypt your stored passwords in a matter of minutes.

Enterprise IT needs to focus on protecting what really matters – the corporate network,  applications, and most of all, business-critical data.If you think that a remote wipe will take care of this – think again. A remote wipe requires that the device is powered on.  So, if the bad guy powers it off and removes the SIM card –remote wipe won’t be wiping anything.

If you use your device for personal purposes, you might download some fun apps and games.  There is nothing that guarantees these applications are not malware.  And it’s possible they behave well for 6 months and then become malware.

Employee-owned devices are extremely difficult to control or trust.  The key seems to be to develop a strategy where the device is known and expected to be EVIL.  Enterprise IT needs to focus on protecting what really matters – the corporate network,  applications, and most of all, business-critical data.

Monitor for anomalies

Enterprises need to focus on monitoring for anomalies that can strike its key assets:

  • The corporate network
  • Business-critical applications
  • Business-critical data

Ixia's Anue Net Tool Optimizer® (NTO) will revolutionize the way you monitor your network.With BYOD, the risk of network contamination and information leakage significantly increases due to poorly developed or malicious apps, the increased attack surface of all of these devices and fun-loving human nature.  Ixia is in the business of providing network visibility with products such as the Anue NTO, which can really help secure production networks.

In the past, IT managed users with a work-owned device, which was most likely configured and locked down. Today, IT is faced with users with as many as three devices- laptops, iPads and Phones/smartphones- all out of their control.  That is triple the devices, and all present a tasty attack surfaces plus an increase in in network bandwidth requirements.  Oh dear.

So, you might develop a policy that IT must control and monitor all devices that are used for business purposes.  Good luck on that – the privacy and legal issues in the US get sticky.  In EMEA and other regions with stricter privacy policies for their citizens, forget about it.  Scenario: you have a security incident and you need to force wipe out an employee’s iPhone – and you wipe out the last picture of grandpa before he died.   The jury would tear up right there.

And do you really want to deal with the drama around confiscating an employee’s personal device and invading his privacy and finding scantily-clad pictures of his fiancée?  Oh dear.

The answer is to focus on securing what really matters: enterprise data, network and applications.  Lock down and monitor what really counts to your business.  Expect employee-owned devices to be Evil, and you will not be disappointed.

Having said all that, there is a new category of products called Mobile Device Management (MDM) that can enforce device policy, encrypt local data and secure contained partitions.  It is a nascent category, but there are already over 40 companies moving in to solve mobile device security concerns.   In addition, at ConSec ’12 AT&T was talking about a new technology to  provide a “toggle” feature, where there are two settings – one for work purposes and one for personal purposes.  With this, you might be able to effectively carry out information security practices for the device.

More to come soon…

The Importance of Optimism (and Visibility)


I just got back from a Mediterranean cruise, where I went to both Greece (Athens, Corfu, Santorini and Mykonos) and Croatia (Dubrovnik), among other places. The difference between the Greek cities and Dubrovnik was remarkable. The Greek people I met seemed, defeated while the Croatians struck me as the most enterprising and optimistic people that I have encountered, which shows the importance of optimism and visibility.
With the Ixia Anue Net Tool Optimizer (NTO), you can eliminate SPAN port and TAP shortages

It seemed everyone in Dubrovnik “had a shingle out” to make money. If they had a boat, they were looking for tourists to take on a tour. If they had a house, they were looking for a boarder. If they had neither, they were looking to sell handmade crafts for a profit. Remarkable, it was their resilience in a tough economy, and their willingness to just work hard.

Contrast this with people in the Greek cities. They seemed defeated and despondent. There were very few entrepreneurs actively vying for the tourist dollars. The desperation and hopelessness was palpable, which is striking, given the tours we were taking highlighted the grandeur of ancient Greek cultures. Greece’s per capita income is impressive, but it appears that the statistic may be deceptive.   A climate with limited visibility and a perception of deception – a lack of visibility – can’t be a good long-term strategy.

So why am I blogging about this?  From my perspective, the Greek people have lost visibility and corruption has ensued.

A couple of months ago Ixia acquired Anue Systems for the express purpose of adding production network visibility into their portfolio of products. While we can’t solve Greece’s problems, I sure wish we could. Visibility could get rid of that “deceptive image.”

The Croatians are painfully aware of political dispute, and have had their share of suffering. While they have been through significant negativity and political dispute, what is remarkable is their response. It seems they choose to view the glass as half full, and to endeavor to get that glass full.

Unfortunately, for global politics, a network visibility vendor like us can’t offer the technology to give the Greeks the visibility they need. It is admittedly an oversimplification of a very complex political situation, but visibility and clarity into any situation – be it network performance or a national economy – has extreme value. Deception and lack of visibility is a poor long-term strategy.

This shortage of network access ports reduces monitoring effectiveness and limits network visibilityWhen there is a lack of visibility, it appears corruption follows – according to Wikipedia, “Greece has the EU’s second worst Corruption Perceptions Index after Bulgaria, ranking 80th in the world, and lowest Index of Economic Freedom and Global Competitiveness Index, ranking 119th and 90th respectively. Corruption, together with the associated issue of poor standards of tax collection, is widely regarded as both a key cause of the current troubles in the economy and a key hurdle in terms of overcoming the country’s debt problem.”

As a technology vendor, we bring value to our customers by providing improved network visibility. Increased network visibility is beneficial in reducing internal enterprise politics, which can become a sort of internal corruption.

In looking at this situation and the contrast between Croatia and Greece, simply put the way to defeat useless politics and corruption is to see the facts clearly. Ixia’s network visibility solutions help network engineers and security professionals see the true facts and avoid “internal corruption.”   Hopefully the Greeks will find a way to do likewise and regain some of their ancient grandeur.

Monitoring Without Tears


Anue 5200 Net Tool OptimizerTM (NTO) series allows for complete network visibility with the easiest drag-and-drop interface in the industry. Common network monitoring issues can make even the toughest member of your team cry. The continually increasing demands for a more secure network is putting a strain on IT capabilities. How can data centers increase network security without adding expensive infrastructure?  The key to delivering higher quality network security without making large capital investments into IT infrastructure is to get more out of the network monitoring equipment that you already have in place.

That can be easier said than done, however. Improving network security will require a dedicated effort to collect and analyze information about network operation so that areas for improvement can be recognized and implemented. As outlined in this white paper, realizing significant network monitoring performance improvement comes with its own set of challenges.

First, network switches typically only have oneSPANport that can be used to connect network monitoring tools. This severe limitation in the ability to connect monitoring tools means that network traffic cannot be captured or analyzed in a comprehensive way because only one network monitoring tool at a time can be connected to the network switch. One monitoring tool simply cannot provide the thorough and complete network traffic analysis needed to realize significant performance improvement. It takes a full complement of monitoring tools to fully analyze how a network operates.

one network monitoring tool at a time can be connected to the network switchNetwork speeds continue to increase, but sometimes monitoring tools are not upgraded to keep up with the network such as, a 10G monitoring tool connected to a 40G network link. Outdated network monitoring tools can be overwhelmed, leading to lost information that could be critical in analyzing network security.

Duplicate packets generated by SPANports are another common issue leading to overwhelmed monitoring tools. Many SPANports generate duplicate network traffic packets that are then sent to monitoring tools. This excess data causes problems for many monitoring tools like capture devices – significantly reducing their capability and effectiveness. Plus, it is more difficult for network engineers to successfully use monitoring devices since so much of the data consists of duplicate packets that provide no value, not to mention inaccurate reports.

Using a network monitoring switch can solve common networking issues by providing features to:

  • Connect various diverse monitoring tools to a singleSPANport
  • Remove duplicate packets generated by theSPANport
  • Direct the right traffic to the right tool to prevent data overflows and dropped packets using filter and traffic controls


The right investment into improved monitoring can bring big returns and ensure you get the most out of your network monitoring efforts – painless and without tears!

Security Visibility: Do You Know Who’s Been In Your House? (Part II)


Ixia Network Visibility Solutions welcomes a guest blogger today, Tim O’Neill from LoveMyTool.

On Wednesday, we looked at three of the top ways network visibility can help keep your network secure. Below are a few more:


Learn how security teams use the network monitoring switch to resolve SPAN and TAP shortages, monitor virtualized environments and automate adaptive monitoring for incident response.4. Focus on what’s important. As the network manager, you know where your corporate gold – the important and sensitive data that cannot be compromised – is in your network and servers. You must create your views, and check your security policies and procedures, with protecting this gold in mind. If you do not know where the corporate gold is, you really should go find it as it deserves your full protection!


5. Monitor with purpose. As the network engineer and manager it is your duty to monitor to protect this corporate gold, as well as to find any illegal, immoral or misusage that can compromise your company. If someone is using your network for attacks, illegal solicitations, identify theft or worse, not only will your security be compromised, but you and your company could potentially be held liable. The U.S. Secret Service and the FBI estimate that more than 20% of cybercrimes were aided by insiders. This statistic should send chills down a network manager’s spine!

6. Monitor for attacks and losses from attacks or illegal usage. Attacks should be able to be recognized by several features and the data attached to an attack should be stored so that the attack can be stopped in the future. This can also help mitigate and provide the depth of any losses. For example, knowing the number of customers that had their information compromised potentially can save your company millions of dollars.


7. Take advantage of relative time filtering. Now, with the advent of relative time filtering you can use a huge variety of tools for a new, unique level and special view into your network, sessions, server access and applications. Filtering allows you to use many tools, from open-source to commercial, without having to buy high data rate and expensive tools. Filtering allows us to use inexpensive and/or open-source tools – by deleting out the non-essential information or directing it to another tool, this allows these tools to handle the data rate.

In general, it is important to choose a filtering solution that is field-upgradable (you do not have to send it back for upgrade); one that was built from the ground up to be a real filter, not a SPAN port in a new chassis; one that has been tested and certified by real labs; one that is easy to program so everyone on your team can use it; one that is truly proactive within as well as capable of fitting into your external network management system; and one that withstand scrutiny when using records for civil or criminal evidence.

Remember even if you can capture all the data in your network, without filtering on the important information it would take you years to review the unfiltered and focused information! Get REAL, Get FOCUSED, Be SUCCESSFUL through Filtering!

Here’s a little bit about Tim:

Tim O’Neill – The “Oldcommguy™”
Technology Website – www.lovemytool.com
Committee Chairman for Cyber Law Enforcement training and Cyber Terrorism
For Georgia State Senator John Albers
Please honor and support our Troops, Law Enforcement and First Responders!
All Gave Some – Some Gave All – All deserve our Respect and Support!

Security Visibility: Do You Know Who’s Been In Your House? (Part I)


Ixia Network Visibility Solutions welcomes a guest blogger today, Tim O’Neill from LoveMyTool.

Almost anyone could tell you who is in their homes, at almost any time of day. So why do most network managers not know who is in their network and what they’re doing?

In our modern day networks we pass trillions of bits, bytes and frames of data through our networks every minute, 24 hours a day and 365 days a year. Most of the data we pass has some degree of confidentially either for ourselves or for our organizations. Despite the tremendous amount of crucial data at stake, we have far less visibility into this type of security than we do into who’s walking through our homes.

It can be a daunting task to keep up with whether users are sticking to network security policies and procedures, whether they’re leaving connections up when they go to lunch or worse until the next day, and whether they’re getting into applications and data to which they’re not supposed to have access.

But with the correct monitoring strategies – and the correct filtering technology for monitored data – all these questions can be answered and tracked with more ease then one would imagine. In this blog, we will discuss the first three of six key tips to improve the security and visibility of your network. Check out Ixia’s Network Visibility Solutions blog Friday for more.

1.     Get a baseline. Learn what is normal for your network. Things like response times, loads, access list of data servers and overall statistics can be the indicators of the health or sickness/weakness of the network. So if malware-like redirects, compromised DNS addresses, DDOS attacks and other issues start slowing the network, you will be able to notice the declining stats of your health parameters, such as response times, DNS errors, incorrect Internet site access, retransmissions and failed sessions – and take action to mitigate the attack and limit losses.

2. Get access to the good, bad and ugly. Anyone who wants to perform real network monitoring and analysis must have access to all the REAL data that flows – the good, bad and ugly – in relative time. The only real way to achieve this is to have TAP access to your network flows. To read more about TAPs versus SPAN technology and the other under-achieving methods of acquiring network information, click here: http://www.lovemytool.com/blog/2007/08/span-ports-or-t.html.

3. Use technology built with filtering in mind. If your goal is win the Indianapolis 500, you would not build a car using a 1959 Nash Rambler body as the frame foundation. You would get a titanium frame built for Indy racers. It’s important to think of network technology in the same way – look for equipment that is tested, certified and built for real-world network applications. In the data access and filtering world, one should choose a product that was built from the hardware up – not as a SPAN/monitor afterthought as many filters are.

Ixia’s Anue Net Tool Optimizer is a fully proactive network management solution – it can act on network events, make changes in its operations as well as the direction of flows, filter changes and ingress and egress ports, based on internally set parameters; and the NTO automation feature can let you report and respond to any SNMP communications. The NTO also has been tested and certified for reliability by Tolly Labs to the highest level of NEBs certifications, level 3. It was the first filtering solution to handle 40G paths and today is the most flexible and long range filtering solution with a real easy to use GUI interface.

These are a few of the ways you can improve the security of your network by gaining a clearer view of your network activity – check out Part II in our series Friday.

Here’s a little bit about Tim:

Tim O’Neill – The “Oldcommguy™”
Technology Website – www.lovemytool.com
Committee Chairman for Cyber Law Enforcement training and Cyber Terrorism
For Georgia State Senator John Albers
Please honor and support our Troops, Law Enforcement and First Responders!
All Gave Some – Some Gave All – All deserve our Respect and Support!








The Yin and Yang of Security and Performance


Most people in business focus on application performance, results, bottom line stuff. Security people, while they truly want to be business enablers, have to the Yang to the performance Yin to balance the equation. White hat (good guy) security people are a unique breed – smart enough to be the bad guy and make a lot of money, but compelled by morals, ethics, something in their makeup, to instead choose to foil the bad guys. Sadly, in many cases they are perceived as bad guys by users with their efforts to maintain security. Put that one in the life is unfair category.

Ixia's Network Visibility Group attended SANS training: SANS is the most trusted and by far the largest source for information security training and security certification in the world.

I attended SANS cloud security training in Austin a few weeks ago. It was taught by Vern Williams (all- around great security guy), and attended by the likes of Northrop Grumman, Veterans Affairs, and Electronic Arts, plus some consultants, and even a CPA and an attorney. However, knowing security guys, and having presented to NSA in the past, it would not surprise me if some of the attendees were not from where they said, or if they did not use their real names. Read on to understand why this is actually a good thing.

Ixia's Network Visibility Group attended SANS training: SANS is the most trusted and by far the largest source for information security training and security certification in the world.There is not an IT security soul out there who is not frustrated and appalled by the behavior of some IT users. Users do really bad things. They write down passwords, or cleverly put them in a text file named “passwords,” and, worst of all, are susceptible to social engineering, in addition to being gullible and willing to click on “OK” or a link in an email, no matter what the offer is, in order to get their jobs done. Business users are the yin. They need performance and results, stat.

While sometimes unpleasant, somebody has to put a stop to users inflicting damage on themselves and the business. Enter the security guys. Security people have a native Deny All perspective. They are the yang to the “busy bee” user.

Looking for What’s Wrong

So, to illustrate this point I’ll use a class exercise we did to evaluate a prospective cloud provider’s contract. The amazing thing was that one of the teams remarked on the fact that our team had a slide on what was positive about the proposed contract. The thought of a positive aspect of a contract never entered their minds.

The reason is simple: Perspective. Security guys are trained to look for what is wrong or suspicious. The only reason our team had that slide is that I’m a product management type, looking for a balanced view.  Security guys should not have a balanced view. They need to relentlessly hunt for vulnerabilities, flaws, loopholes, badly written code, suspicious behavior, anomalous events, human error, cyber terrorism, exploits, evil intentions – I think you get the picture. Somebody has to do this, as the bad guys are getting more and more evil, and it’s not for kicks anymore – the bad guys are after your money and reputation.

The class reinforced my assumption that the Cloud is a Very Good thing for SMBs from a security perspective. SMBs typically view security as a part time job for the poor guy who is maintaining the network and applications. Security needs to be a fulltime job, and cloud service providers (CSPs) typically have legions of dedicated security professionals. They know what they are doing, and it’s their reputation on the line.

As a side note, Ixia is acquiring BreakingPoint, also right here in Austin, Texas. Welcome to Ixia, security pros!!

Ixia to Sponsor Austin ISSA Chapter Meeting July 19


The Information Systems Security Association (ISSA) Capitol of Texas Chapter provides information security education events and networking opportunities through monthly meetings and social gatherings in Austin, TX Thayne Coffman, CTO  21CT, Inc. will be presenting Perspectives on mixed initiative processing for computer network defense.  The presentation will be 11:30 – 1PM, July 19 at the Microsoft Technology Center.  Lunch will be provided, free of charge, and both ISSA members and nonmembers are welcome to attend.  I’ve been to about a dozen of these events, and the Austin ISSA chapter consistently delivers high-quality, educational presentations to help keep you current on new security practices and innovations.  Here is the link to the event: http://www.austinissa.org/events/


Ixia enabling a converged world with Network Test, Visibility, and Monitoring Solutions and ServicesIxia will make a brief presentation about the Anue NTO network monitoring switch technology, and how important of an innovation it can be for security professionals.  With a network monitoring switch in place, network security monitoring can be more accurate and cost effective.  The technology allows security professionals to change monitoring configuration on-the-fly without change board approval, since connections to the production network are “pre-wired” and changes can be done with a simple software management interface.  Network visibility increases, and the contention for SPANs and TAPs to access network information is eliminated.  No sacrifices on security monitoring need to be made!


Join Ixia at various events to register for your chance at an iPad.  As part of Ixia’s sponsorship of the event, gift cards will be raffled off at the end of Thayne’s presentation.   I strongly encourage you to come to this event – you are sure to get many useful insights to help you with your job.  It’s also a great way to network with other security pros.

In addition, Ixia will be sponsoring a Happy Hour on August 2 at Jasper’s in the Domain.  At that event, we will be giving away an iPad!!  RSVP by contacting Adam at 512-600-7113 or register here.

ISSA North Texas Chapter and Security Tools


ISSA Presentation: Henry Morgan of IxiaHenry Morgan of Ixia presented at the Information Systems Security Association (ISSA) ISSA North Texas Chapter meeting in Plano on June 21.  The session was attended by about 60 – with a mix of C level execs, security engineers and managers.    Top companies in attendance included American Airlines, McAfee and Brinker, as well as many VARs and security consultants.

His presentation, entitled Garbage In, Garbage Out: Getting Your Security Tools the Right Data” was well-received.   Interestingly, many attendees were unaware of network monitoring switch technology and unaware of how this technology can make the job of ensuring network security easier.

North Texas Chapter of Information Systems Security Association (ISSA)Packet de-duplication was of particular interest.  While many security practitioners are aware that SPANs and TAPs can cause duplicate packets, they were unaware there is an alternative to having their security analysis tools do the “heavy lifting” of figuring out which packets are duplicates and eliminating them before the security analysis is performed on the packet stream.  The network monitoring switch provides packet de-duplication as one of the many value-add functions.

vmware blog There was also keen interest in virtualization.  Several attendees were interested in the practical how-to of connecting in to get visibility into their VM infrastructure.  We actually have a blog that details how to do that, with references to a VMware blog on the topic.  It’s called “Monitoring Virtualized Environments: It’s Business as Usual Now”.

Load balancing across security analysis tools was of interest.  It does make sense, security technologies are notoriously expensive, so being able to use the same 1G tools to monitor a 10G network by using a network monitoring switch with load-balancing capabilities makes for a good ROI.

It was a great event for Ixia – good attendance and good interest in what we had to say.  We felt that we educated some security practitioners on how they can be more effective in ensuring network security with our technology.

A Network Monitoring Switch By Any Other Name…


…would still work as effectively as it did with another name attributed to it. Strange that’s not quite as poetic as I expected it would be.

Gartner is the world's leading information technology researchRecently Gartner officially acknowledged a new product category they have called, Network Packet Brokers. Basically, this is a fancy name for networking monitoring switches – those intelligent switches that sit between a data center network and the monitoring and security tools. While we currently call our Anue Net Tool Optimizer (NTO) a Network Monitoring Switch, the name is less important than the “coming of age” of this category. Gartner’s Jonah Kowall and Debra Curtis published the vendor landscape for application aware Network Performance Monitoring and Network Packet Brokers. The Anue NTO is covered as an offering in the Network Packet Broker category. Simply put it provides better visibility into your network. This allows administrators to optimize their security, performance and application behavior. We are extremely pleased that Gartner featured our patented Dynamic Filtering in the report, indicating we have “more sophisticated dynamic filtering” than our competitors.

You will want to read this research – it covers the value proposition of our technology.

This report is important to us at Anue, as we’ve had prospects tell us point-blank – call us when Gartner covers your technology. Well, we’ve been on the phone – a lot. In many cases, our biggest sales challenge is not our competitors, but limited understanding of the value proposition and business relevance of our Anue Net Tool Optimizer offering.  It’s a technology most people don’t even know exists, but when they understand its business and technological benefits they wonder where we’ve been all their lives.