Thursday, March 27, 2014

So You’re Compliant, But Are You Secure?

Do you really know the difference between compliance and security?  Enterprises often make the mistake of thinking that being compliant is synonymous with being secure. The reality is that security is often inadequate when people rely solely on compliance requirements to get the job done, rather than simply using them as guidelines for creating a secure network infrastructure. Passing a compliance test or audit does not guarantee that your network, infrastructure, or information is secure. With the growing number of hackers, theft, and fraud over the internet, no one is safe. Understanding your IT risks and the best ways to prevent attacks will help achieve both compliance AND security.

Juniper Network’s WebApp Secure addresses both compliance and security by delivering the smartest way to secure websites and web applications against hackers, fraud, and theft. WebApp Secure is the first Web Intrusion Deception System that provides zero false positives, blocks attacks, and prevents and deceives potential attackers in real time. To proactively identify attackers before they do damage, WebApp Secure uses deceptive techniques and inserts detection points, or tar traps into the code of outbound Web application traffic. Traditional signature-based Web application firewalls, while providing the necessary security mechanisms to maintain compliance, fall short because they rely on a library of signatures and are always susceptible to unknown or “zero-day” exploits and Web attacks.  WebApp Secure inserts detection points into web code which creates a random and variable minefield within the web application.  By using tar traps to entice and detect attackers, WebApp Secure is able to provide compliance as well as security with zero false positives.

WebApp Secure does not rely solely on an attacker’s IP Address since it is possible that legitimate users could be accessing your site from the same location or IP address.  Instead, WebApp Secure uses a complete device fingerprinting method based on over 200 unique system identifiers to create a comprehensive profile of each attacker it sees.  Attackers using a browser-based method to hack your website will be tracked by injecting a persistent token into their client called a “super cookie”. Even if that user clears their cookies and cache, the token will still persist in all browsers. Attackers that use automated tools, software, and scripts are tracked using a fingerprinting technique to identify the machine delivering the script.

In addition to device fingerprinting, smart profiling technology is used to determine the best response to attacks. Responses can be as simple as a warning or as deceptive as simulating a broken site.  The attacker thinks that they are having a negative effect on the site, while normal users see the site as they should - fully functional. Every detected attacker profile receives a threat level based on the overall maliciousness and level of sophistication of attack.  Configuring automatic actions for given threat levels allows security administrators to prevent attacks in real time. Juniper Networks WebApp Secure works continuously to detect, track, and protect against any attacks allowing your enterprise to be both compliant and secure.

If you're interested in learning more, we are co-hosting Juniper Tech Days in Toledo, Indianapolis, and Louisville in April. Find out more here.

Friday, March 21, 2014

The Truth Behind the iSCSI vs Fibre Channel Debate

For a number of years now, the debate over iSCSI vs Fibre Channel has raged on. Fibre Channel was once considered king with certain vendors touting its superior reliability and speed; those vendors were also the ones with large Fibre Channel install bases. Also, iSCSI has been perceived as a low-end solution because of the cost effective solution of Ethernet switches; however, advancements in switch technology and enhancements in iSCSI storage controllers has brought iSCSI into the mainstream.

For those installations where Fibre Channel protocol is the standard, Fibre Channel over Ethernet (FCoE) is available as a viable alternative to Fibre Channel itself, as well as iSCSI, offering both protocols over an Ethernet connection. The Ethernet technology is evolving very rapidly, with Forty Gigabit Ethernet already in widespread use for core switching. Additionally, iSCSI is 40GbE capable, and we are led to believe that 100GbE is just around the corner.

When we compare the state of the art for Ethernet storage networks with traditional Fibre Channel, the future looks a lot brighter for Ethernet. Most Fibre Channel shops are currently running 8 Gigabit FC, with many still on 4 Gigabit. 16 Gigabit has started to be available from storage vendors, and we may see 32 Gigabit within a couple of years. While Fibre Channel has moved from 4Gb to 8Gb to 16Gb and maybe 32Gb in the near future, Ethernet has moved from 1Gb to 10Gb to 40Gb, and 100Gb is not too far off.

The good news for storage customers is that there are now lots of choices and lots of price points to meet every need and every budget. Nobody has to move to 10 Gigabit Ethernet, and nobody has to move to 16 Gigabit Fibre Channel. Now more than ever before, it is possible to match the speed and throughput requirements to the most appropriate and cost effective network medium and protocol.

Friday, March 14, 2014

VMware Announces General Availability of Virtual SAN

On March 12, 2014, VMware announced the general availability of VMware Virtual SAN software, VMware’s first Software-Defined Storage product that changes the way that storage has been operated to date. Designed to deliver efficiency and resiliency, VMware Virtual SAN (vSAN) is simple, hypervisor-converged storage that introduces a new high performance storage tier optimized for virtual environments.

Delivering high-performance storage for virtual machines, VMware vSAN is ideal for use in virtual environments such as Virtual Desktop Infrastructure (VDI), disaster recovery, and test/development. Features of VMware Virtual SAN include:

  • Hypervisor-converged architecture - Embedded within the VMware vSphere kernel, vSAN delivers the most efficient data path while reducing resource use, resulting in a consumption of less than 10 percent of CPU resources. 
  • High performance with elastic and linear scalability – By using flash to deliver performance acceleration through read/write caching, Virtual SAN delivers a flexible approach to provisioning, performance, and capacity. This allows users to linearly scale clusters on demand by adding nodes to a cluster or disks to individual nodes. 
  • Storage Policy Based Management – While shifting the management model for storage from the device to the application, a single VMware Virtual SAN datastore can provide differentiated service levels that are based on individual VM policies. Here, there are no difficult configuration procedures, over provisioning is avoided, and policies can easily be changed. Automated provisioning and management improves the ability to meet Service Level Agreements (SLAs). 
  • Integration with the VMware stack – Enabled by two clicks in VMware vSphere Web Client, VMware Virtual SAN is simple to configure and deploy. This allows users to access data services such as cloning, replication, snapshots, and backup. 

Through less Capital Expenditures (CapEx) and Operating Expenditures (OpEx), Virtual SAN provides users with a reduced Total Cost of Ownership (TCO). The software uses server side hardware economics by pooling internal magnetic disks and flash devices from industry standard x86 servers. This allows users to skip upfront costs, adding disks or nodes to their cluster on an as-needed basis. Automation eliminates many manual processes while easing management, capacity planning and storage configuration.

VMware Virtual SAN can be deployed on a wide range of servers and is interoperable with VMware vCloud Automation Center, VMware Horizon View 5.3.1, VMware vCenter Operations Management Suite, and VMware vCenter Site Recovery Manager.

Thursday, March 6, 2014

Nimble Storage Achieves 99.999 Percent Annual Uptime

Nimble Storage has recently released data accumulated from July 2012 through November 2013 proving that their current installed base of thousands of storage systems has achieved 99.999 percent annual uptime. This important industry benchmark has been achieved after just over three years of shipping systems, and incorporates several factors including uptime, planned downtime, environmental downtime, and unplanned downtime.

A significant achievement for Nimble Storage, this benchmark is based on real world data versus statistical projections. As a result, Nimble Storage arrays consistently run at peak condition, protecting businesses from the negative effects of unplanned downtime, which can include monetary losses, damage to mission-critical data, and at times, legal repercussions. This achievement is primarily due to a combination of Nimble’s CASL architecture and their InfoSight engine.

Featuring a flash-optimized architecture, Nimble Storage built its software architecture from the ground up to leverage the performance of flash technology and the cost-effective capacity and reliability of hard disk drives. Their patented CASL, or Cache Accelerated Sequential Lay-Out, architecture addresses availability concerns through features such as an active/standby controller architecture, fast multi-parity RAID, and built-in fault tolerance.

In addition to design features, Nimble Storage also addresses availability challenges through its approach to support and storage lifecycle management. Built on powerful data analytics technologies, Nimble’s InfoSight is a centralized engine that monitors all Nimble Storage assets collectively from the cloud and proactively analyzes millions of data points across the Nimble installed base for complete insight into overall storage system health.

Furthermore, Nimble Storage’s InfoSight Engine continues to get “smarter” over time, becoming increasingly proactive in identifying potential issues and sending alerts to customers. This approach ensures that over the course of a Nimble Storage array’s life cycle overall system availability is proven to increase, while the likelihood of experiencing downtime significantly decreases.