Archive

Archive for the ‘Cybersecurity’ Category

Workload Micro-segmentation – Much ado about nothing?

December 13, 2019 Leave a comment

Segments

Once upon a time when pony-tailed grey beards ruled enterprise IT departments, network security meant deploying firewalls, Virtual Private Networks (VPN), Intrusion Detection Systems (IDS), vulnerability scanners.  The advent of phishing emails using social media and other new forms of attacks meant that once a corporate workload was compromised the contagion could spread if unchecked.  It became critical to detect abnormal behavior in an application workload.

Just as the rich build themselves panic rooms or safe rooms within their mansions to seclude themselves in the event of a home invasion, in the same manner, network security teams decided to segment their sprawling networks to isolate intrusions and prevent contagion throughout the corporate network.

Millenial and avocado toast

The millennials from VC-funded startups came to these grey beards, avocado toast in one hand and $4 coffee in another, and preached the value of “fine grained” segmentation in their product offerings vs the previous “coarse grained” segmentation.  Their approach they claimed delivered segmentation without the need to manually “touch” every VLAN, firewall and Access Control List (ACL) along the way.

The grey beards listened to this and asked – Won’t your approach require agents on the hosts?  Installing agents will result in an internal tug-of-war between our server teams, network teams and security teams.  Along came another set of VC-funded startups to your door and they touted “agent-less” application-aware segmentation as the new nirvana.

Not to be outdone, VMware representative came to your door and touted their ability to do NSX based workload micro-segmentation based on VM names, VM attributes, user identities, vCenter objects like data centers, hosts, port groups.  They insisted that this approach is agnostic to the physical location of a VM or the underlying network.

They dazzled you with their deep pockets and mentioned acquisitions that only VMware big money can buy – Nicira (the $1.26B acquisition which resulted in NSX), Airwatch (the $1.5B acquisition which gave VMware the ability to secure mobile devices), Velocloud (the $449M acquisition which gave VMware the ability to offer SD-WAN to branch offices), CloudHealth ($500M acquisition) and Wavefront (streaming analytics platform to help optimize developer clouds), Heptio ($550M for Kubernetes know-how) and Carbon Black ($2.1B acquisition for end-point security).

You thought to yourself: Having deep pockets and the ability to acquire pricey art by Picasso, Monet, Van Gogh does not an artist make… How much of this acquired stuff actually works well with each other?

Deep pockets to buy art doesn't make an artist

In the VMware approach to micro-segmentation, to create security groups and firewall rules for existing applications you need Application Rule Manager (ARM), to identify what %age of your traffic is east-west versus north-south you need vRealize Network Insight (vRNI) which is a stand-alone product.  Navigating VMware NSX licensing is a fun process in itself.

The point I’m making is that there is no one vendor or product that fits all.  I suggest you gloss through the vendor marketing decks, short list vendors, ask for a Proof-of-Concept (POC) for your specific use-case.  Ask about interoperability, licensing, reference customers in your industry.   Workload micro-segmentation is a must-have but how you end up deploying it is up to you.

Cyber-security for IoT in Healthcare

June 26, 2015 Leave a comment

Cisco Systems predicts that 50 billion devices will be connected to the internet by the year 2020.  While the actual number is debatable it is a fact that today billions of devices are generating a cacophony of sensor data.  In the field of consumer healthcare, consider the Fitbit which monitors heart rates and sleep patterns. heart monitor It collects PIA information – names, email addresses, phone numbers, payment account info, height, weight and other biometric information and sends out location data 24×7 using Bluetooth technology.  Since most of the user data is sent over HTTP protocols, it is susceptible to hacking as explained here.  Fitbit relies on 3rd parties to protect this consumer data and since the data it collects is not officially termed as Personal Health Information (PHI), it is not bound by government regulations like HIPAA.  The same is true for products like NikeFuel.

Assume you are looking at the other end of the spectrum, an invalid patient confined to his/her home and using a programmable thermostat like NEST.  NestIt has been proven that NEST can be hacked.  In principle a cyber-attacker could subject the patient to extremes of heat and cold using their own home’s heating/cooling system!   Granted you need physical access to the NEST device – but this can be easily obtained by contractors, painters, cleaning crew!

Consider devices like insulin pumps and continuous glucose monitors.  These can be hacked by cyber-attackers who could potentially release an excess dose of insulin causing a severe drop in blood sugar levels resulting in the patient being rendered unconscious.

Security concerns are not limited to wearable devices and devices implanted in the patient’s body as a cardiac defibrillator at a place of work could be hacked to deliver excessively high levels of shock resulting in death.

defibrillator

Why is healthcare more susceptible to cyber-attack?  One reason is that unlike credit card hacks which can be spotted almost instantaneously by sophisticated fraud detection algorithms used by the major credit card vendors like Visa, Amex and Mastercard, health care related hacks could go undetected for a long time.  This gives the cyber criminals the luxury of doing harm or selling patient information on the black market without having to watch their backs.

What are healthcare companies doing to address this?  GE acquired Wurldtech to enhance cybersecurity for its devices deploying sensors.  While Wurldtech has focused on protecting Supervisory Control & Data Acquisition (SCADA) systems – which are IT systems used to manage power plants and refineries, the same technology could be re-purposed to protect GE wearable devices from cyber-attacks.   GE’s competitor Siemens has invested in cyber-security startups like CyActive and CounterTack.  Outside healthcare GE has a range of businesses whose products rely on sensors for their reliable operation:  air craft engines, gas turbines, locomotives. Hence GE purchased a 10% stake in Platform-as-a-Service (PaaS) vendor Pivotal and developed its own Predix software (essentially an operating system for industrial equipment) and plans to run Predix over Pivotal’ data lake. The goal is to derive insights which can predict and prevent problems before they occur.  While the big vendors like GE and Siemens are taking the right measures, the plethora of emerging wearable device makers must follow their lead or risk putting them and us at considerable risk in the years to come.