I've just come back from a seminar organized by an IT security integrator. It was held right next door to a lingerie exhibition. Ours was quite full, but theirs had people queuing out the door to get in. I was amazed at the number of men that had registered for the sessions, and I have to admit that the folks giving the demos were certainly more pleasing to the eye than the bunch of IT chaps that I had to sit and listen to!
And then I was thinking that IT security used to be "sexy." What's happened?
So we went into a presentation and demo of automatic policy generation for firewalls and I was thinking "I wish I was next door," but then I'm slowly being seduced by what I'm seeing. Maybe it's an age thing, but I found myself thinking less about the demos next door. I started to be drawn into a description about how the firewall administrator was able in a few minutes to carry out forensics on their firewalls. I was getting excited about this, rather than dreaming about the lingerie exhibition next door. What has happened to me in my middle years?
Suddenly, he was talking about how instead of spending weeks or months pouring over firewall logs to find out what was going on, they could spot unknown mail servers in the organization, outbound access through non-standard ports, who was accessing which HTTPS and HTTP servers on the Internet, and even access to non-corporate mail servers.
Firewall policy management is normally an organizational nightmare. An organization with 10 to 15 firewalls could spend up to six months trying to get to the bottom of what is going on. In fact, I am reliably informed by one organization that it tried for six months and hired expensive firewall specialists to do it, only to end up with very poor results.
Now imagine achieving the same results in a matter of minutes. How do they do it? Well, apparently it is something called "Permissive Rule Analysis" technology. This breaks down very general rules until they accurately and exclusively represent the actual traffic. Now I can't see it being plastered on billboards to keep bored male commuters smiling on the way home, and you're not going to buy it for your favorite lady as a Christmas present, but it definitely got my pulse rushing.
Automatic firewall policy generation doesn't look like a "sexy" part of IT. It's not like you have this amazing GUI, or some brightly colored box that you can stick in your IT rack, and then invite your management to come and gaze fondly at their latest expensive gadget. This, like so many other great developments in IT security, is amazing because of what it does in the background. At the seminar, the question was asked, "Why would you consider not changing your firewall vendor?" and the universal response was, "We can't convert our rule bases."
As every security professional knows, installing a firewall is easier said than done. Creating an accurate firewall policy requires administrators to painstakingly go through a tedious, labor-intensive and inefficient log inspection process to try to identify legitimate business traffic and then create a rule set that will meet both security and business objectives. Given the complexity of network traffic today, this approach is never complete, and the only other alternative is deployment of an overly permissive, and ultimately ineffective, firewall policy that doesn't actually do anything useful.
Well, folks, "Permissive Rule Analysis" technology has just broken down one of the biggest barriers for users who want to change, and provides auditors and security officers with the ability to quickly and accurately analyze who is doing what. Suddenly the employee who spends all day browsing Web sites is exposed; the contractor who is sending e-mails to an unknown e-mail server is identified. Every breach of policy relating to inbound/outbound traffic is identified. Administrators can remove Any/All parameters from rules and ensure that only essential services and destinations are accessible.
You know what? IT security is still "sexy," although it has some way to go to compete with next door's "GUI."