Page 16 - CDM-Cyber-Warnings-January-2014
P. 16
Application Identification: A Buy Decision By Shawn Sweeney, Director Product Management and Marketing, Procera Networks I had the good fortune to spend a few years with one of the big network security vendors. At the time, we were extremely focused on blocking traffic based on port numbers when a new emerging set of protocols came to the fore. These “new age” protocols used a complicated set of misdirection and evasion techniques that kept our security experts hopping. Every day, there was a new protocol or variant that broke all the previous rules and assumptions about how to detect them. Toil as we did, it was tough to get ahead of this dynamic. Engineers focused on this kind of work become easy recruiting targets for competitors and about the time someone had reached a senior level, they were plucked out of the company. Since getting a feel for something like Skype, as an example, was more a journey than destination, turnover was particularly debilitating. So, maintaining the edge in application identification was challenging given all the other things we had to contend with beyond this narrow discipline. Of course, as any good engineer will tell you, with unlimited time and resources, a perfect solution can be found for any problem. Sadly, these conditions are rarely evident in the appropriate measures given the pressures of an installed base clamoring for a fix to some change or wrinkle. Making matters worse was the threat of dreaded false positives that might cause us to block perfectly good traffic in an effort to manage those we were looking for. Many of these demanded some kind of configuration that allowed the user to decide whether to implement “more aggressive” techniques. No longer were we going to take the fall on our own, we would have a partner in any false positives. The user would make the ultimate decision based on their taste (or not) for potentially breaking things they wanted to work. Not every customer and prospect saw this complexity as a good thing as they would have preferred that we figure it out for them. Eventually, the battle became too much for us and we turned to out-sourcing this important activity. Our Intellectual Property, we reasoned was in the holistic view of the network and not necessarily the application traffic itself. So, we dug a deeper moat closer to the problem and declared victory. More network security vendors are making this choice today than ever before. With each aspect of security becoming so specialized, it is the prudent thing to do. This allows vendors to focus on the core problems they are trying to solve and implement application identification as a drop- in from a company that does that for a living. Depending on how you count, this saves minimally 30 man years of effort and maximally double that. Hiring the experts has its advantages beyond just cutting time to market and saving money. Developing detection algorithms is tricky business and not for the faint of heart. The advent of anonymizers has made application identification particularly difficult. Since monitoring these protocols is important to most security platforms, it is important to make sure any contemplated + % %! ! & , ! . !( %+ ' "! "#+% ' - + % !& , ! % '& % & %) *"% *
