Welcome!

Java IoT Authors: Derek Weeks, Larry Alton, Liz McMillan, Elizabeth White, Carmen Gonzalez

Related Topics: SDN Journal, Java IoT, Linux Containers, Containers Expo Blog, @CloudExpo, Cloud Security

SDN Journal: Blog Feed Post

Hardening Security through Programmability in the Network

We are blessed with being able to witness the dawn of the age of network programmability.

Despite claims that there exists (or will, look out!) a mythical "god box" for the enterprise data center, capable of performing every data center function imaginable, it remains, well, mythical. Efforts to effectively secure the data center and the applications it delivers therefore requires a collaborative approach between best-of-breed technologies.

But if collaboration across functional IT groups - development, operations, network and security - remains as elusive as nirvana, then collaboration across products has traditionally been seen as likely as sighting the Loch Ness Monster. The arrival of cloud and more recently SDN has changed that, not only encouraging but requiring changes in collaboration capabilities in order to remain considered best-of-breed.

And thus we are blessed with being able to witness the dawn of the age of network programmability.

Promises abound, but real benefits - and implementations - are often hard to find. And if you go looking for examples in the realm of security, you're going to scrounge even harder to find real examples of just how programmability is going to change the game.

Look no further, my friend, for an excellent example can be found here, today, in this post.

Hardened Security and Performance Can Coexist with F5 and Sourcefire

For those of you not familiar with Sourcefire, the recently-acquired-by-Cisco security provider offers two industry leading products: Sourcefire Next Generation IPS (NGIPS) and the FirePOWER Platform. The former provides advanced threat protection, integrating real-time context, intelligent security policy automation and unprecedented performance. Sourcefire NGIPS takes advantage of the best hardware technology in the industry, providing IPS inspected throughput options ranging from 50Mbps to 40+Gbps, providing market- leading performance with greater energy efficiency.

Together, F5 and Sourcefire have validated a deployment architecture that help customers secure critical networks, applications and end-points while achieving optimal performance. This architecture results in a remediation capability that allows critical security events such as malware (FireAMP) and IPS/IDS events to initiate rule configuration for F5 security services, leveraging both the data and control plane programmability interfaces of F5 Synthesis Software Defined Application Services (SDAS). .

F5 Security Services for NGIPS Design
The integration between Sourcefire NGIPS and F5 Synthesis High Performance Services Fabric (HPSF) is enabled through F5's open API, iControl, and its data path programmatic interface, iRules. Because of its topological location in most application architectures, F5 HPSF maintains a strategic point of control. This means all application requests are fielded by F5 Software Defined Application Services (SDAS) such as availability, security and identity and access control.

sourcefire-big-ip-blog

As requests are received, they are first pre-screened for DDoS attacks by F5 SDAS. Then, depending on the policy, the requests are load balanced to a pool of Sourcefire sensors. If the requests are determined to be clean and safe, they are routed back through F5 SDAS and on to the appropriate application.

Sourcefire leverages a correlation rules engine that allows a variety of actions in response to security events. Rules can be very simple or be more powerful by including multiple conditions and qualifiers. Actions include the ability automatically configure rules for F5 security services, such as blocking a device that is originating an attack, or exhibiting some other form of suspicious or unwanted behavior.

Event types supported by the remediation engine include:

  • IPS Events
  • FireAMP (malware) Events
  • Compliance Events
  • Connection Events

Thus, if the Sourcefire sensors detect a problem, they can initiate action using F5's control plane API, iControl, to inject an iRule into the data path that will block the IP address of the client sending the requests.

This kind of integration enables a best-of-breed architectural approach to protecting both the network and the applications it is tasked with delivering. It enables the intelligence of a next-generation IPS to detect anomalies and attacks to be leveraged strategically to defend against and prevent the impact of the advanced threats that have become more and more pervasive.

By enabling immediate remediation actions by programmatically updating F5 security services upon detection of a problem, the entire data center ecosystem is better protected, without compromising on performance.

Additional Resources:

Read the original blog entry...

More Stories By Lori MacVittie

Lori MacVittie is responsible for education and evangelism of application services available across F5’s entire product suite. Her role includes authorship of technical materials and participation in a number of community-based forums and industry standards organizations, among other efforts. MacVittie has extensive programming experience as an application architect, as well as network and systems development and administration expertise. Prior to joining F5, MacVittie was an award-winning Senior Technology Editor at Network Computing Magazine, where she conducted product research and evaluation focused on integration with application and network architectures, and authored articles on a variety of topics aimed at IT professionals. Her most recent area of focus included SOA-related products and architectures. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University.

@ThingsExpo Stories
IoT is at the core or many Digital Transformation initiatives with the goal of re-inventing a company's business model. We all agree that collecting relevant IoT data will result in massive amounts of data needing to be stored. However, with the rapid development of IoT devices and ongoing business model transformation, we are not able to predict the volume and growth of IoT data. And with the lack of IoT history, traditional methods of IT and infrastructure planning based on the past do not app...
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
"LinearHub provides smart video conferencing, which is the Roundee service, and we archive all the video conferences and we also provide the transcript," stated Sunghyuk Kim, CEO of LinearHub, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Internet of @ThingsExpo, taking place June 6-8, 2017 at the Javits Center in New York City, New York, is co-located with the 20th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. @ThingsExpo New York Call for Papers is now open.
"There's a growing demand from users for things to be faster. When you think about all the transactions or interactions users will have with your product and everything that is between those transactions and interactions - what drives us at Catchpoint Systems is the idea to measure that and to analyze it," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York Ci...
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web communications world. The 6th WebRTC Summit continues our tradition of delivering the latest and greatest presentations within the world of WebRTC. Topics include voice calling, video chat, P2P file sharing, and use cases that have already leveraged the power and convenience of WebRTC.
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
Discover top technologies and tools all under one roof at April 24–28, 2017, at the Westin San Diego in San Diego, CA. Explore the Mobile Dev + Test and IoT Dev + Test Expo and enjoy all of these unique opportunities: The latest solutions, technologies, and tools in mobile or IoT software development and testing. Meet one-on-one with representatives from some of today's most innovative organizations
DevOps is being widely accepted (if not fully adopted) as essential in enterprise IT. But as Enterprise DevOps gains maturity, expands scope, and increases velocity, the need for data-driven decisions across teams becomes more acute. DevOps teams in any modern business must wrangle the ‘digital exhaust’ from the delivery toolchain, "pervasive" and "cognitive" computing, APIs and services, mobile devices and applications, the Internet of Things, and now even blockchain. In this power panel at @...
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, discussed the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
"A lot of times people will come to us and have a very diverse set of requirements or very customized need and we'll help them to implement it in a fashion that you can't just buy off of the shelf," explained Nick Rose, CTO of Enzu, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
The WebRTC Summit New York, to be held June 6-8, 2017, at the Javits Center in New York City, NY, announces that its Call for Papers is now open. Topics include all aspects of improving IT delivery by eliminating waste through automated business models leveraging cloud technologies. WebRTC Summit is co-located with 20th International Cloud Expo and @ThingsExpo. WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web co...
Buzzword alert: Microservices and IoT at a DevOps conference? What could possibly go wrong? In this Power Panel at DevOps Summit, moderated by Jason Bloomberg, the leading expert on architecting agility for the enterprise and president of Intellyx, panelists peeled away the buzz and discuss the important architectural principles behind implementing IoT solutions for the enterprise. As remote IoT devices and sensors become increasingly intelligent, they become part of our distributed cloud enviro...
In 2014, Amazon announced a new form of compute called Lambda. We didn't know it at the time, but this represented a fundamental shift in what we expect from cloud computing. Now, all of the major cloud computing vendors want to take part in this disruptive technology. In his session at 20th Cloud Expo, John Jelinek IV, a web developer at Linux Academy, will discuss why major players like AWS, Microsoft Azure, IBM Bluemix, and Google Cloud Platform are all trying to sidestep VMs and containers...
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex softw...
WebRTC is about the data channel as much as about video and audio conferencing. However, basically all commercial WebRTC applications have been built with a focus on audio and video. The handling of “data” has been limited to text chat and file download – all other data sharing seems to end with screensharing. What is holding back a more intensive use of peer-to-peer data? In her session at @ThingsExpo, Dr Silvia Pfeiffer, WebRTC Applications Team Lead at National ICT Australia, looked at differ...
Fact is, enterprises have significant legacy voice infrastructure that’s costly to replace with pure IP solutions. How can we bring this analog infrastructure into our shiny new cloud applications? There are proven methods to bind both legacy voice applications and traditional PSTN audio into cloud-based applications and services at a carrier scale. Some of the most successful implementations leverage WebRTC, WebSockets, SIP and other open source technologies. In his session at @ThingsExpo, Da...
Growth hacking is common for startups to make unheard-of progress in building their business. Career Hacks can help Geek Girls and those who support them (yes, that's you too, Dad!) to excel in this typically male-dominated world. Get ready to learn the facts: Is there a bias against women in the tech / developer communities? Why are women 50% of the workforce, but hold only 24% of the STEM or IT positions? Some beginnings of what to do about it! In her Day 2 Keynote at 17th Cloud Expo, Sandy Ca...
SYS-CON Media announced today that @WebRTCSummit Blog, the largest WebRTC resource in the world, has been launched. @WebRTCSummit Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. @WebRTCSummit Blog can be bookmarked ▸ Here @WebRTCSummit conference site can be bookmarked ▸ Here