Page 29 - CDM-Cyber-Warnings-March-2014
P. 29
Technology Collapse and Secure Web Gateways Shawn Sweeney, Director Product Management and Marketing, Procera Networks In today’s competitive networking equipment and software market, one certainty is that more technology will fit in a composed platform and be sold for less money. I am oft-reminded of the devices from days gone by that dwarfed the pallets they came on and required three muscular men to rack—that did absolutely nothing by today’s lofty standards. Ah yes, the good old days when if someone asked what I did for a living they were usually comatose before the second sentence of my explanation. I had them at “modem” or “router” or “firewall”. But that was then and this is now; and I was struck the other day while at a small gathering, that my brother, the gym teacher, was lecturing the crowd with how to properly configure a residential gateway for URL filtering. More disturbing still was the stream of intelligent questions from those in rapt attention. No Toto, we are not in Kansas anymore. The one sure thing is that “technology collapse,” or the inclusion of more capabilities in an increasingly simplified and smaller footprint, marches on. For product people, this presents some significant challenges; yesterday’s “special sauce” is today’s table stakes requirement. Exerting rare resources on that which is more readily—and inexpensively--subscribed to can bust a budget. Worse, it lengthens time-to-market and leads to missed opportunities. The Secure Web Gateway (SWG) category has certainly been subject to this dynamic. Long gone are the days when Network Managers deployed best-in-class, purpose-built, multi- appliance architectures. Indeed, the growth in cloud-based SWGs and away from premise- based solutions all together, while nascent, illustrates this shift further. Inclusion of a broad array of functions and features within any offer is a must. The pressure to expand and maintain feature sets beyond things like sandbox testing, reputation review, data-loss protection, browser emulation, social media controls and policy application for BYOD is intense. There is no near-term prospect for this to abate either. While hybrid premise-cloud, as well as cloud-based solutions, alleviate deployment issues and provide some relief for currency, they are hardly a cure-all for all the requirements. The to-do list continues to grow longer and matching resources to that can be challenging at best—and a Product Manager’s worst nightmare in the harshest light. One key area for relief is in Deep Packet Inspection (DPI), a foundational technology that many SWG functions make use of. The ability to hire expertise in this area can pay tremendous dividends and relieve overworked staff from maintaining knowledge in an increasingly arcane discipline. Protocol deconstruction—a black art by any measure—can be best left to experts in the field. The more complex aspects of detecting applications can take years to learn and apply. Indeed, with each new releases of an application, detection schemes that may have worked previously are rendered completely ineffective. Encyclopedic knowledge of the many different evasion and " # % " $ " # ! !
