Page 17 - CDM-Cyber-Warnings-January-2014
P. 17
solution has demonstrated competence in this area. While some of these are locally popular, it is possible that an application identification vendor may not support all those needed, but they should certainly have cracked some of the more popularly used ones. As for additional application coverage, ensure that commonly used enterprise frameworks are supported and demonstrable. Many of these services and applications use encryption making their identification challenging. A classification engine worthy of selection can provide the level of detail required. While encryption is certainly a challenge in these cases, it is not a show- stopper to good detection techniques. Some data may remain obscured, but the generic identification should be solid. In summary, Application Identification is foundational to many security applications and products in today’s networks. Building this functionality natively pulls much needed focus from core activities. Creating and maintaining sustainable detection techniques is something better left to the experts and there are competent options in the market today. In closing, savings of 30 or more man-years and approximately two million dollars provide additional incentive for this approach should further justification be needed. About The Author Shawn Sweeney Director Product Management and Marketing, Procera Networks Shawn Sweeney is a veteran of the network communications business with nearly 30 years of experience in a variety of capacities in development, sales and marketing. He has worked for some of the premier brands in the industry and has been a key contributor in 5 startup ventures. + % %! ! & , ! . !( %+ ' "! "#+% ' - + % !& , ! % '& % & %) *"% *
