Monday, July 27, 2015

CSO 2.0

Recently I was invited to participant in brainstorming dealing with the definition of “CSO 2.0”, where the main point that were selected to be discussed and examined are as follows:
·         What is Public cloud for Information Security Managers?
·         Traditional Security in the Cloud
·         Innovation & security, Better together?
However I couldn’t attend this meeting, never the less I’m sharing my thoughts

When using public clued services, web Security should be set in layered formation, in 3 layers to be exact. First layer, at the campus and branch office protecting the internal connected users. Second layer on the network for mobile users and those that are at home. Third layer at the public cloud itself protecting the access to cloud data centers.

Any solution that is used should be comprehensive and include deep visibility into the content and control (like done in QoS platforms), anti-malware / infection detection and URL filtering as well as protecting the public cloud and the network infrastructure from DDOS attacks.

Although the threat landscape rapidly changes, threat protection need to retain the current solutions and practices and to add new and innovative solutions that proof their effectiveness rather than jumping into protections against future threat that might or might not come true. 


Should it be single vendor solutions or each segment beast of bread… more to follow…

Saturday, June 27, 2015

Business Continuity Plan versus Disaster Recovery Plan, or should they co-exist?

Disaster recovery and business continuity planning are processes aim for organizations to be prepare for that one disruptive event that can take them out of business, even temporarily. In the context of this assay, it is related to event that can affect the IT systems, be it passive infrastructure (i.e caballing) or systems.

Often, when an organization deals with this subject they often discuss "DRP vs BCP", Disaster recovery or business continuity planning, what’s important, and what can be more cost effective. Most organizations that I'm familiar with takes the approach of " business continuity first, we will deal with the disaster when it will happen". That is why IT organization replicate their servers to a location name "DRP". You have live copy of the content, but will you be able to access it?
Should it was decided to replicate the content of the IT servers to secondary and tertiary sits (someone said cloud?) to allow smooth contingency. It is nice to have them available, but think of the ability to use them.

True story. Some day at 1999, arrived to the office early in the morning, just to find out that the northern wing of the management building was on fire. The first floor was burnt out to the ground (literally the floor fell down on to the ground floor). Unfortunately the Backbone switch was in that floor. Using the infrastructure on the south wing to connect the building back to the working campus network, people were able to return to their desks the following morning.


Having "hot and active" multiple datacenters, that is contingency plan. Having redundant "cold and passive" infrastructure, that is disaster recovery plan.

(Written as part of the Coursera based seminar "Cybersecurity and Its Ten Domains")

Monday, June 1, 2015

So I was invited to lecture at InfoSec2015

So I was invited to lecture at InfoSec2015 in Israel, the 16th annual event of the security industry in Israel. I was talking about the expectations from the service provider to adopt security tools and technics to protect it assets (international links for example) and at the same time to gain some profits, using the security aspects as the new growing engine.
The presentation was already shared (here) then I referred to an article on "People and Commuters" the magazine that organized the event. Apparently someone actually listen to what I have said before, during & after the event and took notes (here, in Hebrew). Therefore for my non Hebrew readers here is a translation of some highlights:

Is security a luxury or a basic consumer product? What about the security of the communications infrastructure provider? These questions were raised by Mr. Roee Besser, Technical Manager for EMEA and APAC at Allot Communications, at InfoSec 2015, held recently.According to Besser, "network monitoring, information security, content filtering and preventing attacks - all these are necessary and have become part of the DNA for Service providers, to allow customers faster and smoother access to the internet" (with DDOS Mitigation platforms).Another area that is gaining momentum, he said, is data security as a service. "Many of those who provide cloud services also provide data security in the cloud. In this way they give a security added value to subscribers."