This year’s Black Hat keynote speaker, Jennifer Granick, gave her talk to applause yesterday rather than the boos and/or skepticism that have greeted other recent speakers. In a nutshell, she delivered a powerful call to action to preserve the hacker ethic, keep the Internet open, and make way for innovation and the hands-on exploration she called tinkering.
At the same time, she was clear that security is critical to this openness and to building safe places that respect and protect our privacy. It was a great message and interesting to hear with this audience, especially from a lawyer who built her reputation defending some of the country’s best-known hackers.
It was also an interesting backdrop for the role of the Network Operating Center here at Black Hat. Fortinet provided the security infrastructure while other partners like Splunk integrated network analytics to monitor and protect the network at the conference.
Black Hat, at its core, is an educational event where security experts come together to share new technologies, discuss innovative approaches, and get hands-on experience with the latest malware, pen testing techniques, and network security. Of course, it also attracts its share of hackers whose hats aren’t exactly bright white whose antics can create real headaches for the network engineers trying to keep the lights on.
In the spirit of Ms. Granick’s keynote, James Cabe, a Fortinet security evangelist explained:
“We run this a lot like an educational environment - we let a lot of stuff through the systems we have in place, monitoring what’s going on and then taking action when we see behavior that’s going to pose a problem for the network or for others”.
The goal is to create a highly functional environment that is safe and secure but doesn’t impede exploration and learning. For example, during the training sessions that took place earlier this week, Amazon Web Services actually contacted Black Hat’s ISP noting that it appeared that one of their clients was being attacked from within the conference network. CenturyLink contacted the NOC and NOC operators isolated the malicious traffic to a single classroom within seconds. When engineers went to investigate, they found that the class participants were testing penetration techniques on an AWS instance set up specifically for the conference.
A spike in Zeus malware was traced back to another classroom activity. It’s a little different role for network monitoring, but one that relies on very high visibility, powerful analytics, and technology that can inspect network traffic deeply and rapidly to help isolate the malicious from the innocent or beneficial.
It also points to ways that we can maintain an open and innovative Internet while still protecting critical assets. Network security vendors need to provide tools that are flexible enough for organizations to make their own decisions about what to protect, how to protect it, and what to open up. A “blacklist everything” approach can stifle innovation while approaches that are too laissez faire endanger users and businesses on many levels.
Security hardware and software are getting more powerful every day, giving organizations unprecedented control and visibility on their networks. This is a good thing – higher performance, more security, more granular visibility in real time – these are all things that network engineers need. For the end user, though, the opportunity to work in safe, secure environments where security is transparent and non-invasive is the real prize.
For a great interview about the NOC with James Cabe, check out this post in eWeek.