Sine, if you're doing this right, you'll have scripts for automation it would make a lot of sense to have rules, authenticated ones at that, driving the control plane. Oh, silly me, I mentioned sense.
Software-defined networking (SDN) will give IT teams a new reason for internecine conflict, as those looking to build automated, software-defined data centres come up against the hard-headed trust nobody pragmatism of security teams. So says Gartner's Eric Ahlm, a research director at the analyst firm, who today delivered a …
One scenario he floated posited detection of unusual activity that could represent an attack. SDN could allow a change in network configuration that is transparent to the attacker but redirects them away from their target and into a honeypot set up for capture of forensics data.
:-)> One can have a great deal of fun imagining El Reg as a Stealthy IntelAIgent Service tool phishing for Alternatives and/or Disruptives outing themselves in their comments on threads replying to tales shared.
There has been no evidence though of any successful utilisation by incumbent establishment systems of the novelties which be provided. A real virtual metadata case of PERL before swine?! :-)>
I started out in network software and then that became 'commoditized' by the tcp/ip stack being bundled with windows.
I moved into networking and that went the same way, but this time by the process of time and number of people getting CCNA certs with their breakfast cereal.
So I moved into security and I have been noticing the same kind of process happening again.
However, the further down this path we go, the more conceptual some of the actual details and the harder it is to just throw bodies at the equation (well you can, but the quality goes down).
So, the next level appears to be security intelligence - the application of security in complex environments - which requires specialist tools and knowledge - neither of which come cheap.
I'm currently involved in deploying some security products for a large client and they are all starting to talk to one another and to logging/alerting systems and it's all looking pretty good - but we are still at the stage where we are bolting all these things together and bending virtual wires with our brains to make them into the shapes we want - and the software licences aren't exactly cheap either.
For example, a multi-billion profit organisation is penny pinching and trying to cut as many corners as possible to deploy all this kit. All told it will be about $10m up to testing and BAU handover.
The problems really start then, because you need specialists to manage all this equipment and there are no 'experts' yet - so we become experts in the process of building it all and normalising the client network etc., but this means that the high level support that will prevent all this stuff turning into shelf-ware will cost about $1m/year.
Doesn't sound that much considering the assets it will be protecting, but this multi-billion dollar profit organisation is quibbling and considering outsourcing a lot of it just to save a couple of hundred $k.
So, if we have big organisations deploying expensive tools that need specialists to bolt it all together and keep it working (think of a team of racing car mechanics) trying to pinch a penny - what is the likelihood of smaller organisations a)buying the stuff in the first place and b)spending the money to make it run properly?
"SDN could allow a change in network configuration that is transparent to the attacker"
..and also transparent to the owners of the network until it is too late perhaps? Or not at all if they don't have the real-time tools to tell them what is going on and to ensure a gaping hole hasn't just been punched through their network.
Still, the more people do this kind of stuff, the more of a market it creates for people like me, but I shudder to think of how much will get broken before this level of the security tree gets commoditized.
That was a very generous, selfless share, Sir Runcible Spoon. Thanks. It is much appreciated.
With particular and peculiar regard to the next levels and security intelligence - the application of security in complex environments - which requires specialist tools and knowledge - neither of which come cheap, is the likelihood more apt to be that its IT remains a ludicrous and most lucrative speciality which resists all attempts at commoditization ..... with applications benefitting from its effective and efficient specialist skillsets ensuring and assuring all is not betrayed to lower and lesser levels of competence.
And if multi billion dollar companies don't want to pay top dollar for the best that is available, are they fully deserving of the penalties that result from not having the best that is available.
Oh, and who else believes that one cannot effectively and efficiently secure against cyber threats and virtual infiltrations and exfiltrations unless one can successfully quite anonymously carry out such operations with the desired results available for delivery to markets/deep pools/dark webs. Such itself ..... a stroll on the other side of the fence with adventuring into the erotic and exotic and exciting alternative regimes ..... can also be addictively attractive and fabulously rewarding and create something of a dilemma for the weak and foolhardy or tired and neglected.
To be, or not to be with AI, a fading to grey and black hat.
"IT remains a ludicrous and most lucrative speciality which resists all attempts at commoditization"
I used to think that about firewalls in general, and I suppose it has taken a long time for the youngsters to be nipping at my heels (I should have been feeling that 10 years ago!) but I think the tools will become more streamlined and integrated, allowing lower skill levels to at least take part, if not excel.
" are they fully deserving of the penalties that result from not having the best that is available."
If this were just some international company then they could live or die by their decisions and only their stakeholders and employees would be in the firing line. Unfortunately the impact of a serious hack on this particular client could have knock-on effects to us all in more ways that I can contemplate. Think half a dozen boulders thrown into a very deep lake of irregular shape, the ripples would be felt for some time. I can only advise however, not dictate, but I continue to resist all attempts at shoddy solutions in the face of extreme bureaucracy :)
"a stroll on the other side of the fence"
I spend a lot of time thinking of ways to break in to my solutions, including leveraging my privileged access and knowledge. As long as I can stop myself breaking in and nicking all the cookies it should stand a reasonable chance against an outsider, assuming they are not a state player of course - I make no such assumptions on that score ;)
Server teams are only concerned about keeping their admin account and privileges, this is where security ends. Just mention the words "privilege separation" to your server team and they will hunt you down and skin you alive. To all those who might need an explanation, this means an admin must be granted just enough privileges to do his job and have them promptly revoked when job is done.
I spend a lot of time thinking of ways to break in to my solutions, including leveraging my privileged access and knowledge. As long as I can stop myself breaking in and nicking all the cookies it should stand a reasonable chance against an outsider, assuming they are not a state player of course - I make no such assumptions on that score ;) ... Sir Runcible Spoon
Are your solutions/resolutions capable of providing more cookies for myriad parties to feast upon, Sir Runcible? Would that be a benefit rendering any possible deficit null and void?
Or is such a Quite Quietly Sublime and Stealthy Alien Phormation in AI with NEUKlearer HyperRadioProActive IT, and much more likely to be considered as such whenever virtually provided with Relatively Anonymous Remote Command and Semi Autonomous Control for Greater IntelAIgent Gamesplay in Novel and Noble Future Apps with Global Operating Devices?
And Semi Autonomous Control because one wouldn't want to be unnecessarily scaring/exciting the natives prematurely with advanced thoughts of machines taking over thinking with makeovers of reality supplying new beginnings.
Would such be of immediate peculiar interest to your particular client[s], Sir Runcible?