If you dig the whole music scene, you know that when you see the symbol “coda” that means it’s time to wrap ’er up, dudes. (Led Zep fans also know that Coda is the name for their last studio album—and man did it suck.)
The coda is also a good time to look back on what happened before.
I’ve been thinking of the coda as it relates to network security. Is it working? Looking back at 2014, hacks seemed to be front-page news every day. Now, as a security geek, I put myself in these folks’ position. I mean, what if you did EVERYTHING you could and you still got hit?
Testing security is a whole lot easier than living security.
Been there, done that, man. And it sucks. Fingers are pointing everywhere, every little process is examined as a possible contributing factor. “The Bobs” come in as consultants to help find out the root cause.
Then to find out it was an “inside job.” Betrayal. Sleepless nights. What ifs. Self doubt. Man, I wouldn’t wish walking in those shoes on anyone. Testing security is a whole lot easier than living security.
Coda: Nothing New Under the Sun
Looking back at history, there is nothing new under the sun. The tallest castle walls, most armored steel ships, most powerful armies have all taken down by one thing: An insider. Names like Fawkes, Arnold, Iscariot, Jafar, and Calrissian are now nouns for betrayal. It’s the inside attacks that cause folks to keep their resumes and LinkedIn profiles up to date. You never see them coming.
Coda: There Has to Be a Better Way
There’s gotta be a better way. The tools for securing the perimeter are actually doing a good job keeping the outside out. But… Data has changed. IT has changed. I need more. My data needs more than the hierarchy monarchy.
The tallest castle walls, most armored steel ships, most powerful armies have all taken down by one thing: An insider.
The answer is not going to come from a hardware vendor. Why? Put yourself in their shoes. A publicly traded company has to show shareholder value. If your business is pushing cars or pushing boxes you have to develop a business model that ensures this. Are you really going to push a product that lets folks know they do not need to upgrade their hardware as often? Add yet another box. Another choke point in the network. Another piece of gear to troubleshoot. And, of course, another vector to secure, patch, and maintain. Come on, folks, really? I know you’re as tired of this stuff as I am. Like in politics, follow the money.
Coda: Is It Working?
Has this worked? Are hacks increasing or decreasing? How about all the complexity? Do the parts and pieces work with each other seamlessly? Heck man, just take a look at your ACLs. I believe folks are looking at complex solutions like SDN because they got tired of messing around with the Lego block hardware solutions. Jenga, baby!
I had a mountain-top experience when I looked at a firewall that had ports labeled “trusted” and “untrusted.” I realized I don’t trust any of them and laughed to myself.
I give up on trusting internal traffic.
I thought, “Hang on… what am I doing? I do not trust any of this traffic. Why does the inside traffic get a free pass when history has shown it causes more trouble than a drunk uncle at a wedding?”
An answer to solve this problem will come from a company that does not have a stake in hardware or hypervisors or applications.
Coda: Let’s Go on This Journey Together
These are my first weeks as Illumio’s resident tech expert. Stay tuned. I’m going to use these blog posts to detail my journey in understanding, and helping customers deploy, our solution—and more.
I encourage each reader to Coda their network and join me on the quest.
I give up on trusting internal traffic. I want my end users to know their traffic is safe and secure. I’m treating this like a key-signing party. We throw these to not only drink beer and discuss Episode VII, but also to verify that a given user ID and public key really do belong to the right entity. This is a good model for my inside traffic. I do not care what car folks drove up in or what clothes they are wearing. I must know they are who they say they are with PROOF before I trust them enough to share my opinions on Commander Shepard being indoctrinated.
I encourage each reader to coda their network and join me on the quest. It’s dangerous to go alone. Here, take this: https://www.illumio.com.