The Hybrid Approach to Security

Date:   Tuesday , April 01, 2008

CEO Dr. Parag Pruthi and his team of engineers at NIKSUN are keenly watching the shift in the enterprise world from 1 GB Ethernet to 10 GB Ethernet. Though the transformation to the new paradigm has been relatively slow, they are confident that the pace will catch up in a year or two.

In the 10 GB Ethernet world there will be multitude of services and application available to users. At the same time the rate of information flow will be much higher. Dr. Pruthi firmly believes that software-based network security solutions that are designed for today's networks will not be able to scale up and address the challenges of a 10 GB Ethernet world. "Software-based solutions will not be able to cope up with the high volume and large variety of information flowing on the network," he argues.

Despite the fact that organizations have deployed devices such as firewalls and intrusion detection systems (IDSs) to secure their networks, they continue to experience security violations and network attacks. Chief Security Officers have started to believe that there is no such thing as 100 percent security. Firewalls can be bypassed or tunneled through. Authentication can be foiled, guessed, or attacked. IDS systems can be evaded. Signatures and anti-virus systems can only flag known attacks. IPS systems can be compromised or made to cause denial-of-service (DoS) situations themselves. Due to the complexity of network attacks and the extent of the damage they cause, organizations are spending considerably more time and resources recovering from security incidents than in the past.

Network security is typically performed by detection mechanisms that identify anomalies or potentially harmful data. In particular, the IDS scans for known attack patterns and generates alarms when those patterns are detected in the network traffic or in host logs. Essentially this is based on signatures or trying to match patterns of packets or strings that flow in a network. However, scanning the network traffic in a 10 GB Ethernet world is not that simple using this approach.

"IDSs are not the network security panacea they were originally thought to be, but rather are prone to suffering from a host of shortcomings," says Pruthi. Chief among these shortcomings is the proliferation of false positives, the cases where the IDS raises an alarm when no real breach has occurred thereby greatly reducing the effectiveness, usability, and manageability of such systems. Indeed, industry estimates generally place the average occurrence of false positives above 90 percent. The increasing need to monitor faster and faster networks threatens to make matters worse.

Another trend that one has to be aware of is that the nature of information embedded in data streams is getting quite complicated. The types of things that your data is protected against are deep inside packets and message elements that are encoded. They are not simply detectable based on just pattern recognition.

It's a no brainer that the detection provided by IDSs, although crucial, is only one part of the process. Policies, procedures, personnel, and products must be in place for managing incidents beyond the detection phase. Ideally, a quick decision needs to be made on the legitimacy, severity, and on-going risk posed by an event. From here, an appropriate response can be enacted. How quickly such a decision and response can be made ultimately depends on the skill of the team and the power of their tools.

We have to do online real-time decoding at the application layer, go deep into application semantics and decode deep within to understand what actually is being transferred and determine who is authorized to transfer certain data," explains Pruthi. "And that's not easy." Software-based solutions that must go very deep into the reconstruction of application protocols and across a number of different flows simply fail at very high rates of network traffic.

This is where New Jersey-based NIKSUN comes to play. Its robust security solutions, spearheaded by the flagship NetDetector suite, provide the additional necessary depth to fill these gaps. So whether an attack is an external break-in, an internal theft and disclosure of sensitive data, or the latest worm, the continuous surveillance and powerful analysis of NIKSUN's solutions ensure that the incident can be captured, traced, and remediated.

NIKSUN does this is by way of hybrid approach. Since there are new applications being deployed on the network and the nature of the applications change frequently, we need a hardware-software expertise and a systems-based approach to solve many of the network monitoring, security, surveillance and forensics needs of tomorrow," says Pruthi.

NetDetector is a combination of hardware and software that work together to combat threats. It provides the users a capability to customize the hardware. One can load different patterns, different actions, program the algorithm for a new environment, and write new exceptions and rules. The hardware is flexible enough to run the software at a very high rate. "This is indeed a cost effective solution and can be deployed at different locations within the network," notes Pruthi.

With over 600 customers having signed up since the company's start in 1997, NIKSUN is already seeing success. High level thinking coupled with its fundamental architecture and design is what makes NIKSUN's solution truly a revolutionary one in the industry.