Lancope
NetFlow Ninjas Blog

Executive Q&A: Adam Powers, CTO

POSTED BY Angela Frechette on 05.26.2011
0 comments
Adam Powers

As CTO of Lancope, Adam Powers is a leading innovator in the development of flow-based network and security monitoring solutions. He possesses over a decade of operational and engineering experience in enterprise IP security technologies, including tenure as a Sergeant with the U.S. Marine Corps.

                         

Major IT Trends Facing Today’s Enterprises

1.      What are the major IT trends that will affect enterprise network management and security in the future?

The following three trends have already begun to make quite an impact on enterprise networks, but I believe their impact will continue to grow over the coming years.

  • IT Consumerization: The rapid influx of consumer-based devices into the enterprise has made Swiss cheese out of the traditional network perimeter. Essentially, the perimeter has vanished as employees carry their mobile phones and tablet PCs into the workplace, and connect to the Internet via these devices without having to go through the corporate firewall. In the era of IT consumerization, traditional security tools like AV, firewalls and IDS/IPS are no longer sufficient to adequately protect the network. Internal monitoring has become just as crucial as monitoring the perimeter.
  • Virtualization: Virtualization is also complicating traditional network and security operations. The continued movement of business services to public or private clouds (through technologies such as Amazon Elastic Compute Cloud or VMware) is also forcing administrators to change the way they monitor their infrastructure. Traditional tools like firewalls, IDS/IPS and packet sniffers do not work the same in virtualized environments, making it necessary for IT teams to find alternative ways to regain visibility into their network traffic after it is moved to the cloud.
  • Sophisticated Attackers: As our IT infrastructure and user demands evolve, so do the methods used by attackers to infiltrate our systems. Long gone are the days of hacking for notoriety and launching large-scale attacks like Slammer and Code Red. Today’s attackers are much more stealthy, flying under the radar and employing specialized techniques like social engineering to steal credit card numbers, email addresses and other proprietary information for profit. This threat will only increase in the future as smartphones and other handheld devices become more powerful and a more attractive target for malware and attackers.

2.      How will regulations such as PCI and SCADA affect network management and security moving forward?

Overall, as technology environments change due to trends like the ones discussed above, compliance regulations will follow suit and become more detailed and stringent. For example, the latest version of the PCI DSS standard includes additional requirements for virtualized infrastructure.

Because it provides a continuous, end-to-end view of all network traffic, NetFlow is a very powerful tool for demonstrating compliance with a wide variety of standards across industries. SCADA networks, for example, are especially ideal for flow-based monitoring, as they have a regular pattern of behavior that is very easy to baseline for anomaly detection. Continuous internal monitoring will become more critical for SCADA networks as NERC/FERC requirements evolve.

In many instances, we have seen our customers first deploy StealthWatch to meet regulatory compliance requirements, then expand its capabilities into other areas. Once companies obtain a 24/7 account of everything that happens on their network, they quickly realize that compliance is just one of the many network and security functions that can be significantly improved via flow data.

3.      What is the future of NetFlow?

The use of NetFlow has grown very quickly over recent years. I have been pleasantly surprised by the pace at which many companies have embraced the technology to improve their networking and security functions. Due to the value that customers are placing in NetFlow, the technology is expanding in two distinct ways.

  • More vendors/technologies are adding the ability to export flow data. These include firewalls, WAN optimization technologies, load balancers and additional Cisco routers/switches, to name a few, and we expect this trend to continue at a rapid pace.
  • Additionally, vendors/technologies that already support NetFlow are adding additional capabilities to expand the types of information that can be extracted from flow data. For example, Lancope has recently added Layer 7 visibility into the StealthWatch FlowSensor to achieve application awareness, and Cisco is also offering application-level awareness through its NBAR technology. Additional information being added to flow-based technologies includes user names, latency and performance statistics, DNS information and HTTP details, among others.

NetFlow takes enterprise networks to the next level, helping to demonstrate compliance, address evolving trends such as those discussed above, and vastly improve overall network and security operations. As the technology landscape becomes more complex, and as new features and functionality are added to flow-based technologies, its adoption by both IT vendors and end users will undoubtedly continue to soar. 

CATEGORIES Virtualization
TAGS netflow, security, network visibility, anomaly detection, network monitoring, virtualization, pci, it consumerization, security monitoring, application performance monitoring, scada, network management

Comments (0)

Post a Comment

Join the conversation. Post a comment using the form below.

*Name
 *Email
*Comment
*For security, enter the word you see below

Notify me of follow-up comments?