40GE Networks: Are We There Yet?

Talking with customers is the best part of my job. I am constantly talking with our customers and prospects about their needs and future requirements. Such discussions often start with some ‘speeds and feeds’ questions. It’s always interesting to see how similar customers (sharing the same geo location or industry) have similar needs.

When it comes to a 10/40/100G Ethernet discussion it is clear that the customers in North America are consuming more bandwidth, require higher port density and have aggressive deployment plans for 40G and 100G. If you follow our company you must be aware of the recently announced 40G fiber Tap for high-performance networks that was developed to address customer needs.

“Many of our largest customers are already looking ahead to 40 Gigabit network deployments, and Net Optics is providing long-term investment protection in our current line of products.”

So, are we there yet? Not really, but it’s coming:

40G networks are still not very common but they are not as rare. The recovery of the economy provides good tailwind and customers are deploying solutions. I hope that I will be able to share some statistics of our deployments in the future.

-- Sharon

Deep Packet Inspection

Talking with many analysts and reviewing reports in the past weeks regarding our latest announcement of Director Pro and its unique capabilities, I found myself in a strange situation: Explaining what DPI (Deep Packet Inspection) is and what a makes a DPI-able solution like Director Pro different from other platforms that might have the ability to search for some data within portions of the packet.

Let's make it clear. The Net Optics Director product has the ability to filter content (or do pattern matching) within portions of the packet that can go all the way to Layer 7 in some cases. It can even go "deep" there, but it doesn't include DPI. Director Pro, on the other hand, has the DPI capabilities.

So what's the difference and why is it that almost a decade since DPI was introduced to the market, people still do not use the term correctly?

Trying to answer my own question I found that there aren't too many good resources explaining what DPI is and how it works. Many sites would reference security solutions, Proxy vs. Stateful Inspection (the memories….).

So read and copy:

Deep Packet Inspection is the ability to apply filters to a packet or multiple packets at any location, regardless of packet length (or how "deep" the packet is) or the location of the data to be matched within this packet. A DPI system does not care about header, payload and its size. A DPI system does not care about the offset of the filter. A DPI system is totally independent of the packet.

DPI is a function. Security solutions like IPSs, Application Firewalls and DLP devices use DPI. Content delivery platforms use DPI. Director Pro offers DPI.

In short, DPI can be used for different purposes. Director Pro is using DPI to provide better pre-filtering. The Dynamic Load Balancing engine can perform a better balancing job based on content.

-- Sharon

(Image source)

Combat Advanced Persistent Threats with Network Access for Monitoring

Advanced Persistent Threat (APT) is a term that has become widespread in response to cyberattacks like the one on Google. And although it has become popular lately, it was not developed recently and has been used for quite a while primarily in military and government circles to describe cyberattacks perpetrated by highly organized and skilled groups. These furtive attacks are complex, technical, and persistent.

One might wonder how this is anything new, as any kind of cyberattack could be considered complicated. It is important to note that is it the process of implementation which makes these kinds of attacks different than traditional cyberattacks. The significant distinction is in the methodical exploitation of vulnerabilities in stages, from selecting individual targets, to baiting and phishing, and on to the continuous extraction of sensitive information.

An article in InformationWeek, “Anatomy of A Modern Hack”, summarizes the steps and phases of Advanced Persistent Threats.

Recently, these kinds of attacks have been carrying over from government into the corporate world for the purpose of obtaining trade secrets and stealing intellectual property. In order to combat these attacks, there is a need for network monitoring, which is discussed in a Computerworld article. Specifically, the second of three suggestions mentions monitoring. Ed Skoudis, co-founder of InGuardians, a Washington-based security consultancy, said:

Advanced persistent threats by definition are designed to get around firewalls, antivirus software, intrusion detection systems and other controls a company might have in place for blocking illegal access to data. So companies need to have tools for monitoring anomalous behavior on their network, and for detecting unusual long-term persistent network connections and other ‘outlier behavior’… Also vital is the need for companies to monitor their logs closely, Skoudis said. Looking at firewall logs, network based IDS alerts and Web proxy server logs can help companies identify suspicious activity on their networks, he said.

In order to thwart these kinds of attacks complete network visibility is needed. Net Optics provides network access solutions designed for security and monitoring tools that counter these kinds of attacks on government and enterprise networks. We offer complete network visibility allowing comprehensive monitoring to combat successful infiltration of your organization’s network. For more information or to schedule a demonstration of our network access solutions for security, as well as forensic and performance monitoring, contact a Customer Service Representative at (408) 737-7777 or cs-support@netoptics.com.

Social Media Campaign for #RSAC and #HIMSS

1. ATTN: RSA & HIMSS attendees! Find out how 2 win a social media tshirt & enter 2 win an iPod Touch during the shows. #RSAC#HIMSS10 #RSAC2010
   
2. STEP 1: Follow us on Twitter & check our Tweets regularly during the #RSAC & #HIMSS10 shows. Look for the BubbleTweet Video link. #HIMSS
   
3. STEP 3: Bring the CODEWORD to the Net Optics booth staff for a FREE social media t-shirt and the chance to win an iPod Touch! #RSAC #HIMSS10
   
4. STEP 2: Watch our BubbleTweet Video & get the CODEWORD.#HIMSS #RSAC2010
   

Ready, Set, GO

Some games are over, others are about to begin.

RSA Conference 2010 will begin tomorrow.

Like our friends, colleagues and peers in other companies, we are ready and exited to join the security community at large during the show.

Net Optics will provide live demo, including some very exciting 10G-based scenarios with real traffic (using traffic generators). We will be making a lot of splash with new announcements.

Come see us at booth #2339