Skip to main content

Allwyn Sequeira, Bluelane's SVP drilled

Nice interview this, I will be meeting Allwyn and Greg Ness (VP) in October here in Holland.


1) Blue Lane has two distinct product lines, VirtualShield and PatchPoint. The former is a software-based solution which provides protection for VMware Infrastructure 3 virtual servers as an ESX VM plug-in whilst the latter offers a network appliance-based solution for physical servers. How are these products different than either virtual switch IPS' like Virtual Iron or in-line network-based IPS's?

IPS technologies have been charged with the incredible mission of trying to protect everything from anything. Overall they've done well, considering how much the perimeter of the network has changed and how sophisticated hackers have become. Much of their core technology, however, was relevant and useful when hackers could be easily identified by their signatures. As many have proclaimed, those days are coming to an end.

A defense department official recently quipped, "If you offer the same protection for your toothbrushes and your diamonds you are bound to lose fewer toothbrushes and more diamonds." We think that data center security similarly demands specialized solutions. The concept of an enterprise network has become so ambiguous when it comes to endpoints and devices and supply chain partners, etc. we think its time to think more realistically in terms of trusted, yet highly available zones within the data center.

It seems clear at this point that different parts of the network need very different security capabilities. Servers, for example need highly accurate solutions that do not block or impede good traffic and can correct bad traffic, especially when it comes to closing network-facing vulnerability windows. They need to maintain availability with minimal latency for starters; and that has been a sort of Achilles heel for signature-based approaches. Of course, signatures also bring considerable management burdens over and beyond their security capabilities.

No one is advocating turning off the IPS, but rather approaching servers with more specialized capabilities. We started focusing on servers years ago and established very sophisticated application and protocol intelligence, which has allowed us to correct traffic inline without the noise, suspense and delay that general purpose network security appliance users have come to expect.

IPS solutions depend on deep packet inspection typically at the perimeter based on regexp pattern matching for exploits. Emerging challenges with this approach have made alert and block modes absolutely necessary as most IPS solutions aren't accurate enough to be trusted in full library block.

Blue Lane uses a vastly different approach. We call it deep flow inspection/correction for known server vulnerabilities based on stateful decoding up to layer 7. We can alert, block and correct, but most of are deployments are in correct mode, with our full capabilities enabled. From an operational standpoint we have substantially different impacts.

A typical IPS may have 10K signatures while experts recommend turning on just a few hundred. That kind of marketing shell game (find out what really works) means that there will be plenty of false alarms, false positives and negatives and plenty of tuning. With polymorphic attacks signature libraries can increase exponentially while not delivering meaningful improvements in protection.

Blue Lane supports about 1000 inline security patches across dozens of very specific server vulnerabilities, applications and operating systems. We generate very few false alarms and minimal latency. We don't require ANY tuning. Our customers run our solution in automated, correct mode.

The traditional static signature IPS category has evolved into an ASIC war between some very capable players for the reasons we just discussed.Exploding variations of exploits and vectors means that exploit-centric approaches will require more processing power.

Virtualization is pulling the data center into an entirely different direction, driven by commodity processors. So of course our VirtualShield solution was a much cleaner setup with a hypervisor; we can plug into the hypervisor layer and run on top of existing hardware, again with minimal latency and footprint.

You don't have to be a Metasploit genius to evade IPS signatures. Our higher layer 7 stateful decoding is much more resilient.

2) With zero-days on the rise, pay-for-play vulnerability research and now Zero-Bay (WabiSabiLabi) vulnerability auctions and the like, do you see an uptake in customer demand for vulnerability shielding solutions?

Exploit-signature technologies are meaningless in the face of evanescent, polymorphic threats, resulting in 0-day exploits. Slight modifications to signatures can bypass IPSes, even against known vulnerabilities. Blue Lane technology provides 0-day protection for any variant of an exploit against known vulnerabilities. No technology can provide ultimate protection against 0-day exploits based on 0-day vulnerabilities. However, this requires a different class of hacker.


Check out the whole interview!

Comments

Popular posts from this blog

Redhot Future Of IT Part I :Marketing yourself as IT professional

I had promised about the "RedHot IT Future Series" and so we discuss here how you should market yourself EFFECTIVELY as an IT professional in this new (and dangerous) web age! Web is the place where you're a hero today and villain tomorrow. While there are lots of professionals who are active on the web, not all are enjoying a good reputation as they got "personal" with others and got into a cockfight. The passive IT professional has nothing to lose but nothing to gain at all!

I know "marketing" might seem as a greasy term but the idea is to have the truth about you out there. You know you're a good person and your family knows that you're really smart person but the rest of the world doesn't!

So the question is how do I market myself on the web as a true "nouveau IT professional". A guy who companies will be tempted to pick up the phone as say "Hey, we wanna talk with you. Can you fly over to Palo Alto (or Guatemala or Johan…

Redhot Future Of IT Part 2 :Virtualized Workplaces

Click on the title to hear what I have to say, alternatively click here to listen to what I have to say here.

So what is a virtualized workplace? Does it mean it does not exist? That it's virtual? Well in a certain way YES. This is where the future of our workplace is going to be. Well it is already a reality in some countries.

OK lets start by asking ourselves these questions:
Do you really bond with your colleagues? (think Team cohesiveness)
Do you spend great amount of hours talking about great things that you will do together? (think collaboration)
Do you really feel that you give 100% at work? (think effectiveness)
What do you really miss at your desk? (think personalization)
Is your desk comfortable enough? (Again think optimizing personalization, OK you have done your best to make it your place)Does it really matter to your employer that you are there for him/her? (think commitment)
Or do you get micromanaged over petty issues? (think mismanagement)
Do you see your employees perfor…

A Collection of Threnodies : Part 1

Whale Fall
-----------------

Dress me up in my new threads
clasp my greasy palms
grease my hair
I'm ready for the fall


Watch at all the decadence
watching the avalanche
I'm slipping down
losing my buoyancy


What's become of us
where have we come
this far, this close
close to the doors


I hear them, sublimal chants
I'm on the run
I race through the human sea
I am the king!


I'm the slave
to my own undoings
I'm the jester in my courtyard
We jest as we run


We're strolling on that thin rope
we grope as we rope
we're true heros
we're the survivors


we're the scavengers
we're the friends
we're the lovers
we're the unbred


Soon awaiting the fall
we're lurking on us
we're osedaxing us
we're soon going to be done
we'll soon be arrested




*osedax(bone devourer, newly discovered marine genus) feeds on a fallen(sunken) whale carcass(which is also called a whale fall). Read more here