We’ve just announced the results of our 2011 Network Visibility Monitor and, in reality, the results really weren’t all that surprising. We’ve known for a while that corporations are struggling to get the levels of visibility that they need into their 10Gb/s network segments and are concerned that the tools that they’ve invested in may not be up to the job. What was surprising to us was just how bad things are and how vocal respondents were prepared to be.
Archive for the ‘General’ Category
Are you a victim of endemic packet loss?
If you’re reading this blog then there’s a good chance that you already recognise the importance of highly accurate packet capture within your monitoring and security infrastructure(s) which is music to our ears. But as most professionals know, actually achieving zero packet loss is far from straightforward.
The bit that most people miss is that it doesn’t matter how good your software application is, if it’s missing packets then the results will be nonsense. To achieve 100% packet analysis – which is actually a more precise definition that 100% packet capture – you need to take a step back and look at the whole end to end journey that a packet takes between the wire and the application. If you are passively monitoring stageful traffic, one packet lost can void analysis for the entire session, and if that session is days long, then you loose the lot, or if you are going to stand up in court to validate some analysis, then you need to know you have it all.
Why it feels great to be ‘Application Intelligent’
This week we inked a strategic partnership agreement with our friends at Vineyard Networks from Kelowna up in British Columbia, Canada. Vinyard’s expertise lies in helping organisations, like Endace, become Application Intelligent. Their software, which partners license and integrate, is a combined deep packet inspection / deep flow inspection engine that recognises thousands of different application layer (Layer 7) protocols and classifies packets accordingly. Basically it adds metadata that says “this is Facebook” or “this is Skype” to every packet or stream that it looks into.
And why is this capability relevant to us? Well, put it this way, for anyone working in network operations, or network security for that matter, it’s the difference between watching football on a black and white CRT and full HD 1080p.
To capture or not to capture? Why that’s no longer a valid question
In the last week both Symantec and IBM have released their annual security surveys which provide rich insight into the volume and range of security attacks circling the Internet.
As expected, Symantec Corp in their ‘Internet Security Threat Report’ highlighted a massive increase in threat volume (286 million new threats last year), accompanied by several new ‘megatrends’ in the threat landscape. The report highlights increases in both the frequency and sophistication of targeted attacks on enterprises; the continued growth of social networking sites as an attack distribution platform; and a change in attackers’ infection tactics. In addition, the report explores how attackers are exhibiting a notable shift in focus toward mobile devices.
Specifically, Symantec identified attacks such as Hydraq and Stuxnet as posing a growing threat to enterprises in 2010. To increase the likelihood of successful, undetected infiltration into the enterprise, an increasing number of these targeted attacks are leveraging zero-day vulnerabilities to break into computer systems. As one example, Stuxnet alone exploited four different zero-day vulnerabilities to attack its targets. While the high-profile targeted attacks of 2010 attempted to steal intellectual property or cause physical damage, many targeted attacks preyed on individuals for their personal information. For example, the report found that data breaches caused by hacking resulted in an average of more than 260,000 identities exposed per breach in 2010, nearly quadruple that of any other cause. At Endace, we see the prevention of data loss as being a key driver of technology investment over the next 12 months as organisations start to really understand the reputational damage caused when private customer data goes public.
NSS IPS tests show average block rate only 57%
NSS Labs conducted a test of multiple IPS solutions from 7 well-known vendors in Q4, 2009. Their full report is available for purchase here (if you are interested in a copy of the full report, let us know as we’ve still got a limited number to give away and we’ve also negotiated a special deal for “friends of Endace”).
The NSS testing revealed issues with IPS performance that tally with our experience in the field, and which we felt are important for people to know about. So, with agreement from NSS, we’ve just released a graph (anonymised) from the NSS IPS testing. This showed that, even with tuned rule-sets, the average block-rate performance of the IPS solutions tested was just 57%.
Endace Probe 3.7.1 Release
We’re happy to announce that the Endace Probe 3.7.1 Release is now available for existing customers from the Endace support site and will be available on newly factory shipped systems from May 17.
This release is primarily a bug fix release with further improvements to Endace Analytics via the latest 2.2 version of CACE Pilot. This release also provides support for the legacy 200/2000 and 500/5000 Probe platforms, as well as full support for the new 3000 and 7000 Probe platforms. It also includes Endace Security Manager update 5.2.0.0, and support for 1GbE/10GbE mixed SKU’s on the 7000 series.
10,000 DAG cards and 1000 Probes. An important milestone for Endace
We’re delighted to announce that we’ve just sold our 10,000th DAG card and our 1000th Probe. We’ve been selling our Cards and Probes to Government Agencies, Telecos and Large Enterprises all over the world since 2001 and, just like the networks we monitor, the business just keeps going faster.
Mike Riley, our Chief Executive, puts the rapid rate of adoption down to “the market’s growing realisation that 100% guaranteed packet capture is the foundation layer on which the best monitoring, surveillance, security and latency measurement systems are built, and that without a completely accurate baseline organisations are realising that they are just guessing”
Anatomy of a Conficker Infection
Rob O’Neil published a great article last week in Computerworld entitled ‘Anatomy of a Conficker Outbreak: Waikato District Health Board”
The Conficker outbreak actually happened right at the end of last year and we tweeted it at the time, but its only now that full facts behind the outbreak are public.
The story is a another classic case of an organisation only being as secure as the least secure point in the network. The report cited faulty software, aging systems, complexity and a lack of full network control as contributing factors. The outbreak caused some areas of the DHB to be shut down for two days. And the system responsible for the outbreak (the parking system) is still quarantined from the main network.
Leaky Ministry.
An article in the New York Times Science section published earlier this week (5th April) caught our attention as it powerfully illustrates the need for capture, analysis and intrusion detection on government networks
The article exposes the activities of a China-based computer espionage gang that has been stealing highly sensitive information from the Indian Defence Ministry. The report was issued by researchers at the Munk School of Global Affairs at the University of Canada and makes fascinating reading for a whole variety of reasons.
Coda Research predicts huge growth in mobile data
As smartphones like the iPhone and Android take over the mobile Web, the amount of data traffic going over cellular networks is expected to grow 40-fold over the next five years. UK firm Coda Research Consultancy forecasts that in the U.S. alone mobile handset data traffic will grow from 8 terabytes/month this year to 327 terabytes/month in 2015. That amounts to a 117 percent compound annual growth rate.
A lot of that data will come in the form of mobile Web browsing, with the biggest contributor expected to be mobile video. By 2015, mobile video will account for 68.5 percent of all mobile data usage in the U.S. (or 224 terabytes/month). Coda estimates that 95 million mobile handset subscribers in the U.S. will be watching video on their phones in five years out of a total of 158 million mobile internet users.
-
You are currently browsing the archives for the General category.
Archives
- January 2012
- December 2011
- November 2011
- August 2011
- July 2011
- June 2011
- April 2011
- September 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
Categories
- Cyber Security Monitoring (17)
- Financial Services (3)
- General (11)
- Low Latency Monitoring (3)
- Network visibility (3)
- Uncategorized (7)