Dave Marcus, security research and communications manager at McAfee's Avert Labs, recently joined eWeek Senior Security Editor Lisa Vaas for an OnSecurity podcast. A transcript of that interview follows.
Could you give us just a really brief overview of what were talking about when were talking about enterprises moving to these new, faster 10g networks?
Well, that really kind of encapsulates it. Its mainly the same kinds of services, the same kinds of applications, just moving exponentially faster. Most enterprises were at a gig or Ethernet speed in the past, but now theres definitely been a move toward faster and faster backbones, and faster and faster application speeds and with that definitely comes some increased concerns.
Do we have any idea roughly how many enterprises have migrated at this point?
I dont think you would find 5 or 10 percent whove actually completely migrated yet. Theyve been talking about it for a while. Certainly, a lot of customers in the military space, the federal space and things like that are already there, but I think enterprises are just kind of at the burgeoning stages of design because its a big architectural change.
Yeah, I would think so. OK, well Im definitely going to have to ask you if weve learned anything from their move, if we know anything about what theyve learned. But first, do tell us. Were looking at malware continuing to evolve. What is that going to have to do with enterprises going to these new speeds? Are we looking at overall security and safety concerns?
Ive actually been really considering this for a while, and I think the biggest impact theres going to be is from a performance side on the network. So whatever kinds of things theyre deploying defense-wise on the network is definitely going to be a cause for concern. So when they transition from a firewall, theyre going to have to transition from a firewall that was used to decoding protocols and applications going through at 10/100 speed or a gig speed. Now its going to have to end up doing decodes for something thats going across at a 10-gig speed. So I think, for a while, thats going to be their largest concerns - keeping up with things from a performance point of view so as not to degrade the new networks performance. You dont want your security technologies to be the bottleneck for the application speed.
So weve really got to get out security solutions ramped up for this. How are vendors doing with that?
It depends on the vendor. The biggest trend over the last couple of years, strangely enough, has been more toward application malware and malware thats really geared toward user data. So in truth, thats not necessarily going to be affected a lot by a transition to a 10-gig network. A malware writer writes a password in Trojan to target the information thats on the users box. Thats really not going to be ultimately affected at the beginning by a 10-gig network.
Weve talked about this quite a bit that the techs were moving down the stack. Is there any reason why a 10g network would be more attractive to a tech, or are the same reasons why a techs move to application going to hold true?
I think the same reasons that theyre moving toward applications and data are going to hold true. We really havent seen a lot of backbone attack-wise for the last couple of years. There was only one or two vulnerabilities and pieces of malware that actually utilized a network in the last couple of years. There was a DNS flaw not too long ago, but that is definitely not the norm. The norm has been very application-based.
Yeah, and this is because networks are too closely guarded nowadays, and applications are just a lot easier, not as good protection on the applications. Is that what Im getting?
Thats definitely part of it. But the biggest shift over the last four or five years, from a malware writers point of view anyway, is to be more financially motivated. So more and more, they simply write their malware to make money. And to make money, they really go after the data thats on the users computer. There is not a whole lot of reasons for them to do a denial service attack, or go after a core router or go after a switch. If theyre really looking for identity information to sell in the underground, password stealing Trojans and BOTS really are the du jour right now.
Lessons Learned from Government.