On the Way to SDN and the Cloud: Building Resilient Networks
Willis H. Ware, a research scientist at the Rand Corporation working for the United States Air Force in 1967, predicted that ARPAnet would be a disaster if security wasn’t built into the project.
He was overruled.
In January 2013, the Final Report of the Defense Science Board Task Force on Resilient Military Systems and the Advanced Cyber Threat was issued and confirmed what Willis knew back in 1967.
The report’s findings made for sober reading:
- The United States cannot be confident that our critical information technology systems will work under attack. This is also true for our allies, rivals, public and private networks.
- The DoD and its contractor base are high priority targets that have already sustained staggering losses of system design information.
- The DoD should expect cyber attacks to be part of all conflicts in the future, and should not expect enemies to play by our version of the rules.
- There is evidence of attacks that exploit known vulnerabilities in the domestic power grid and critical infrastructure systems.
- The impact of a destructive cyber attack on the civilian population would be even greater:
- In a short time, food and medicine distribution systems would be ineffective.
- Law enforcement and emergency personnel capabilities could be barely functional in the short term and dysfunctional over sustained periods.
- Expect physical damage to control systems.
- Months to years could be required to rebuild and reestablish basic infrastructure operation.
So… the current situation is really bad.
Does cloud computing and the rise of software defined networks (SDNs) make things better? Government and enterprises are receiving huge benefits by moving into the cloud. You can quickly and efficiently create an SDN, but cloud computing and software defined anything is still software. And software will have errors. How do you test or QA it? Is your central control node secure? How much do you know, really?
If this word “software” doesn’t scare you, then you’re not thinking about it hard enough.
In the Defense Science Board Task Force’s report, the seventh recommendation is to build a cyber resilient force and a set of standards and requirements that incorporate cyber resiliency into the cyber critical survivable mission systems.
What is their definition of resilience?
“Resilience: Because the Defense Department’s capabilities cannot necessarily guarantee that every cyber attack will be denied successfully, the Defense Department must invest in resilient and redundant systems so that it may continue its operations in the face of disruptive or destructive cyber attacks on DoD networks.”– Ash Carter, Secretary of Defense, April 2015
The report highlights a need to continuously model and test DoD’s systems to determine how resilient they are. This requires a measurement or a metric for resilience.
Managing and measuring cyber resilience Up until now measuring cyber resilience has been an impossible challenge. Now, RedSeal’s cybersecurity analytics platform has been deployed successfully by federal agencies and departments. With RedSeal you can:
Understand your cyber terrain
You have to understand your cyber terrain in order to secure it, defend it, and respond to incidents appropriately and swiftly. Operating without understanding your network is like stumbling around your unlit house at night looking for the burglar that just broke in.
Model and measure
With a network sand table, defenders can now see where their high value assets (HVAs) are and answer important questions:
- How can they be accessed?
- How exposed are they?
- Are defenses deployed in the appropriate places?
- Exactly where are the sensor-reported incidents?
Verify compliance, establish and manage standard policies
RedSeal lets you know if your network is constructed as you think it is –to allow only authorized access to your data. RedSeal reads in information from devices on your network, including those parts hosted in the cloud. Then, it calculates the access actually allowed from any point on your network to any other and updates as changes are made, so you can verify and maintain compliance with regulations and policies.
Understand the security impact of network changes
RedSeal enables you to simulate attacks before they happen. You can understand your defensive posture by finding the weak points and measuring ease of compromise.
Understand access in hybrid networks
Cloud providers have cloud solutions to manage your cloud-based network. But most organizations don’t have a pure cloud network; their networks are hybrid. You have some infrastructure that you manage, some in the cloud, and some virtualized. We show organizations how all parts of their networks connect to everything else.
Cloud providers don’t know what your legacy environment looks like. You need to be able to draw together your physical and cloud infrastructure in more than just a picture. At RedSeal, we believe you have to understand end to end behaviors of your networks. To do this, we do very deep access calculations based on the configuration files of all your network devices – virtual or not. RedSeal determines how your infrastructure actually works, so you can continually validate that you built what you thought you were building.
You can ask all kinds of questions of your RedSeal network model. You can determine if the back end of your cloud infrastructure is accessible from the internet – and how. You can see paths that reach from the real world to the virtual world. We’ve invested a lot of time and effort at RedSeal, so you can see your cloud infrastructure and how it connects to your physical or virtual infrastructure.
RedSeal provides security metrics
RedSeal gives you an overview of your network, measuring:
- The completeness of your inventory of assets and systems. It identifies devices you may not know about.
- All the connections between devices.
- How well your network devices are configured for security.
- The actual risk to your data, based on how accessible known vulnerabilities are.
RedSeal’s smartphone app provides a measurement and trend summary for executives or “on the go” security management.
Why is the RedSeal Digital Resilience Score important?
- Gives you a measure of security effectiveness so you know where to allocate resources and funding.
- Helps you understand your security posture: are you better today than you were yesterday?
- Allows seniors staff to empirically understand network risk.
- Grades different networks across various departments or agencies
- Verifies networks are designed and operating for security as intended
For more on this subject, listen to the free webinar, On the Way to SDN and the Cloud: Building Resilient Networks.