28 Oct 2012

News and Updates

3 comments Permalink Sunday, October 28, 2012

Its been very busy couple of weeks at Packetloop leading up to our presentation last weekend at Ruxcon. A lot of work has happened to finalise the commercial release of Packetloop, as we continue to work with our Early Access users, understanding and incorporating their feedback into the platform. The feedback has been great, and its exciting to watch new users explore and understand the user interface for the first time, and even more gratifying to see them understand and exploit the power of Packetloop.

We were lucky enough to be able to take the entire team to Ruxcon to support Michael Baker (our CTO) with his presentation Finding Needles in Haystacks the Size of Countries, and I would estimate there was some 300 people in the room to watch his presentation. I was interested to see the expressions on the faces of some of the countries best security professionals when Michael showed how we can easily process vast amounts of network packet captures (Big Data!), and use our tools to identify previously undetected Zero Day attacks.


Best of all was the stunned silence that came over the room when he showed a couple of visualisations that captured the power of the Packetloop/PacketPig tools, showing security data in a way that people had previously not considered. The entire presentation can be found here on Slideshare, but if you just want to see the visualisations in action, check them out here. Many thanks to those who took the time to come to the presentation, and to also come and seek us out later for further conversations.

Michael is also currently collaborating on a series of blog posts with the team at HortonWorks (whose founders authored Apache Pig). The topic of this series is the use of Pig to perform Big Data Security Analytics. Much of our work in this space has been using our open source platform PacketPig. The first of this series, co written with Russell Jurney (@rjurney), titled Big Data Security Part One: Introducing PacketPig is a great read.

Given our participation in Ruxcon, we took the opportunity to sponsor the Risky.Biz Podcast, who covered both the BreakPoint and Ruxcon conferences last week. Risky.Biz host Patrick Gray did an interview with Michael about Packetloop for the show. The entire interview can be heard here. During the interview and some subsequent conversations, Patrick posed a number of questions around the prospect of businesses uploading their internal data into the cloud for security processing. This is an interesting question, and is worthy of further discussion.

In essence we are advocating a new data source, one that may be seen as higher risk due to its external, 3rd party nature. Obviously we have to offer a value proposition that outweighs this perceived risk. We believe that value proposition is the power of Big Data Security Analytics and the knowledge and intelligence it provides. We should however put some perspective around this risk by keeping in mind that companies already have data in the cloud, such as email, CRM, device logs, or they use online applications for everything from project/document management to financial applications. These all store the resultant data in the cloud. 

There are several ways you can mitigate these risks when using a cloud based solution such as Packetloop, including:
  • Storing your full packet captures in your own S3 bucket and providing us the keys to process
  • Sending us an encrypted drive with the source data
  • Implement the Packetloop onsite appliance (see below).
Of course you can also delete the data you have uploaded once we have processed it, but then you miss out on the full benefits of the Packetloop platform, the ability to search older stored full packet captures for previously undetected Zero Day attacks. An analogy for this sort of retrospective review of older data for previously undetected attacks can be found in sport. Athlete's drug test 'B' samples are kept for up to seven years, and are retrospectively tested to see if they athlete was in fact using a drug that was went previously undetected. This has had a lot of press lately with the downfall of a certain multiple Tour De France winner. Bruce Schneier wrote a great article for Wired this week about this very topic, and the power of being able to look into the past for answers. The parallels to Information Security are very real. It's our belief that over the next 5 years full packet captures will become the standard for logging and analysis of all data, including sensitive data, as this is the only way you can currently use existing IPS to produce indicators and warnings about potential threats, and its the only way you can Play, Pause and Rewind your network data.

We do however acknowledge that for some organisations, their data classification or regulatory position will simply prevent them from using our cloud based security analytics service. We understand this, and that is why we intend to create an on premise appliance version of Packetloop straight after we release commercially in the cloud. Ultimately, we are trying to provide the best Big Data Security Analytics tools in the market, and we will let you choose your level of involvement.

3 comments:

Post a Comment