Thursday, October 4, 2012

Using network usage patterns to draw security & forensics intelligence

Cyber security, forensics and intelligence is a complex issue and most tools are as effective (or limited) as the policies of the tools. Worse Cyber-attacks are getting complex by the minute and today no single tool can prevent attacks. The complexity of attacks is becoming so complex that the tool you deploy today is outdated.

If complexity is one angle, then there is the BYOD angle and it is getting tougher to see where the attack is now coming from – is it outside or from inside via BYOD security hole? Where do you fence now? Outside or inside out? MDM agents on BYOD is not practical in today’s world (a report suggested 84% rejection rate including uprising in a US based firm for installing MDM agents on their devices).

Yes we need to put these standard tools but assuming that they are enough is very naive  (Even BoA was not spared last week). This is where “intelligence” comes into picture with the underlying philosophy of “prevention is better than cure” and be it home land security or cyber security, intelligence prevents most of the attacks and it gets nullified even before it gets to an attack level and gathering this “intelligence” requires lot of data and more so, graphing that data in an intelligent insightful way so that it shows patterns and brings that intelligence into fore.

Security needs to be re-looked and “intelligence” needs to be given prime importance. This is where we differ on how we collect intelligence and this is where we suggest – “listen to your network “ and do that 24X7 - it says and reveals much more than just some URL traffic – it throws the patterns. Recognize those patterns; you will see intelligence especially when the data is displayed in comparison to other relevant data and parameters. When you see historical data in a way it is charted and when you compare this with the live real-time traffic, things start to emerge and provides very crucial information be it agent-less discovery of all your BYOD devices running in the network, the apps on them with the security threat level diagnosed, the pattern of traffic on them, the geo distribution of traffic, the traffic volume and pattern from/to blacklisted IPs, clear and complete URL categorization along with the integration of Snort to chart and detect IDS including trigger setting alerts on any of the interested parameters, and doing all these while sitting passive in the network but charting / retrieving / storing at an amazing speed due to map-reduce database which helps to give all results in real time. Provide the deep-drill cross-drill analysis of data to help create complex reports that can be viewed online and in real-time again to draw powerful insights.

Now coming to forensics – the same rule applies. It is tough to make your network 100% fool proof. Every day hundreds if not thousand organizations network gets compromised. It is just that everyone will not come public and all does not get the PR. Such compromises happening is one thing but having powerful robust forensics tool is another thing. This is where again what we say and I repeat – listen to your network 24X7 – you will see patterns, understand the patterns and you will discover why the compromise happened and how and from where and you learn and apply policies and tools in such a way a similar attack will not happen and such similar attacks can all be eliminated.

Yes it requires a complete holistic approach of solving the security issues and to provide a robust power forensics capability and that comes from what we believe in “listen to your network” now, yesterday and tomorrow – 24X7.

Manjunath M Gowda
CEO, i7 Networks – “listen to your network”
Author is the CEO of i7 Networks which works on next generation analytics and intelligence related to bandwidth, security and BYOD.

Tuesday, October 2, 2012


Yup BYOD is big in the western countries where iPad is almost a household thing – may not be true in India by a long shot but we are not left out either. The tablets have in fact infiltrated into the corporate India. Due to all the commute issues you see in a typical urban India more & more employees are taking work to home or what I say to the road (I see today lot more people using their tablets to work sitting in the chauffeur driven car try to make the most of the horrible long commute time).

According to a survey conducted by one of the cloud infrastructure companies (VMWare) which was conducted across 10 countries in the Asia-Pacific region including India found that employees find them more productive at workplace getting their own smartphones & tablets  (72%) and  in India it was 77%.

With the consumerization of IT, corporate IT is really struggling with the growing demands from users to access apps and data from their preferred devices. Today’s young talent wants to access social media and the internet via their devices at workplace. The companies which do offer this freedom is seen as more progressive and employee friendly. The survey suggests that 82% in India are provided with a portable device by the employer but still 77% get their own device to work to complete their tasks.

In India of all the people surveyed, 72% claimed to be more productive working the devices of their choice, 70% claimed to be happier in their role when they are allowed to work using their own device and 66% said that life and work was less stressful when they had a choice of what device they use.

BYOD apart making employees productive, happy etc has also become a lifestyle symbol and choice best left to the individual employee, feels many in the HR community. In India there is a constant tussle between the CIO and the HR. CIO wants more control and says no to BYOD, but HR wants more freedom for the organization and the employees, and say that BYOD and freedom of the device are a must – a tussle I am sure will tilt towards the freedom part.

Ofcourse CIO is not a control freak either but he has his own worries. BYOD comes with its own security and data leak issues and on top of it using corporate bandwidth and time for personal work which is a loss of productivity. Some call BYOD even “bring your own disaster” (or compared to bring your own device). Lot of organizations put restrictions on how the BYOD can be used and what all it can access. The survey suggested that 47% of Indian workers felt their organizations had put restrictions for BYOD which lowered their potential work efficiency. Feels industry experts that restrictions are here as a passing phase and IT should invest in technology, management & analytics tools to help solve BYOD issues be it related to security or access or data leak.

Even Gartner report of June 2102 which surveyed organizations with 500 or more employees in the United States, the United Kingdom, Germany, Australia, the BRICs (Brazil, Russia, India and China) and Japan sort of matches with this report.

"Mature countries consider BYOD programs as bringing with them both legal and technical issues, whereas emerging countries only see technical issues. For instance, mature regions are more concerned with security and data privacy regulations for immature MDM than emerging regions,” "In BRIC countries, employee turnover can be high in some sectors, leading to more theft of devices and data. BYOD and virtualization can reduce those enterprise losses” says a research director at Gartner.

From all these looks like BYOD is a trend that will continue to stay and thrive in the corporate India.

Manjunath M Gowda
CEO, i7 Networks – “listen to your network”
Author is the CEO of i7 Networks which works on next generation analytics and intelligence related to bandwidth, security and BYOD.