Who Is

watching out for you?

In today's world you need to understand a few more things...

Who Is

knocking on your virtual front door?

It could be someone down the block or from the Bloc

Software-defined networking = application security

image of Kurt Roemer

6-May-2013 - While it’s important to find flaws, there’s a lot more to securing your network than

buying vendor product A and slapping it in place.

You need control over security, not artificially inserted products at different layers.

“You have to provide application security,” said Kurt Roemer,
Chief Security Strategist at Citrix. “When we’re talking to customers, there are trends they’re trying to prepare for. One of course is mobility. While mobility is great for productivity, and it makes people happy, what can we do to get your hands around it?”

The opposite side is cloud.

Senior management wants to avoid expensive investments, and want to know if they can rent the stuff in the cloud and save money.

Meanwhile IT is saying, “Wait a second... we’ve been doing this for years... why is everybody running away from us to save a couple of bucks?”

Roemer calls it software-defined networking. 

“While you’re out there protecting applications in the cloud, why do you need network security? That used to be the job of discrete products. These solutions are evolving out of the data center and taking IT security into different applications.”

Segmented IT departments don’t work any longer. So you have a firewall person who says, “Hey, I’ve got the best firewall rules on the planet. Sorry you got a virus, but it wasn’t my issue.”

“Phishing, Smishing, targeted attacks, blended threats... at the end of the day it comes down to whether or not you’ve been compromised,” Roemer said. “We need to ensure those attackers are not successful in their compromises. You want to make sure as the applications are being set up; there are some natural points of control and natural policy people can use.”

He sees the need for IT to automate security for end users.

“We’ve put people in a bad position because of bad policies that expect users to make security decisions, like accepting an outdated certificate simply so they can continue working. We need to automate that so people can always do the right thing.”

Citrix and Palo Also recently did seminars with Kevin Mitnick, showing that security needs to be a blended approach.

“It’s pretty neat what he’s been thru, where he’s been able to take it, and how he’s helping people advance security,” Roemer said. “He helps people where to focus on versus where they have been focusing over the years.”

Citrix has its NetScaler service delivery platform that does Application Delivery Control (ADC), has a web application firewall, and brings DDOS mitigation. It also has the ability for Palo Alto to plug in, implying the solution exceeds those of only one vendor. 

“Look at it from an application perspective,” Roemer said. “Tune optimization, performance, and security, as well as the customers themselves. Some need all security features turned on. Others my have an application that requires some things off, perhaps sending data into logs so they can see, or send attackers into a honey pot where they can watch. Everything is too critical these days to leave open, so we need to ensure security is fine-tuned as much as possible.”

Palo Alto has firewall in Wildfire AV, a solution designed to look at new code, executable files, and other things that have code. “It’s intended to say, “Seen this before and it’s ok” or “Haven’t seen this before, let’s look at it”. It’s supposed to ensure you don’t need an AV client on every endpoint, and you can still be protected against viruses.

“So we use Palo Also so the intelligence into the back end apps and intelligence into these various endpoints, keeping the Kevins of the world always confused,” said Roemer. “We work with the line of business application owner. Of course IT is important to establishing security, however it’s the business that determines what security needs to be in place, and they’re responsible for it. There have been times when we’ve gone in to meet customers, and they’ve been introducing themselves to each other, because the teams haven’t met. It’s great to see everybody work to pull together a next gen solution.”