Posts Tagged ‘Network’

Exabeam Raises $10 Million For Network-Tracking Security Software

June 11th, 2014

Security software developer Exabeam has raised $10 million in a Series A round of financing to protect businesses from the latest kinds of hack attacks.

These days, businesses are being targeted by a more savvy kind of attacker, according to Exabeam chief executive Nir Polak. Rather than simply try to penetrate a network using brute force, today’s secret data espionage warriors mimic real users — sometimes corporate partners, sometimes colleagues — to infiltrate a network using hijacked identities. Once inside, these hackers (under the guise of a real employee or partner) are free to wander around networks at will.

Exabeam’s software services track employees’ activities on a network using existing log data to create profiles of how a typical user interacts with different aspects of the network. When an employee does something that appears anomalous, the same security-tracking program can flag the behavior for a company’s crack team of white hat network defenders.

It’s fundamentally different from the way most people approach security, says Polak. “Typically, somebody builds a bigger fence and somebody will build a better way to go around it,” he says. Exabeam is trying to stop the attackers without the fence.

The software, engineered by the team behind the security company Imperva, was interesting enough to attract investment from Norwest Venture Partners, Aspect Ventures and angel investor Shlomo Kramer who has a track record of founding, funding and growing successful security companies, such as Check Point, Imperva, Palo Alto Networks and Trusteer.

For investors like Theresia Gouw, who previously worked as a partner at Accel before launching her own investment shop Aspect Ventures, the Exabeam deal reunited her with Polak and Kramer after their work together at Imperva, and it gave her the opportunity to work with Norwest’s Matt Howard. “Matt is someone whose security portfolio I have always admired, but was we both tend to like to do the early rounds we hadn’t been able to work together before now, since Aspect Ventures’ model is to partner in Series A rounds,” Gouw wrote in an email.

Howard, an investor in security companies like FireEye, MobileIron, 41st Parameter, and Shape Security also leapt at the chance to work with the Imperva team. “Exabeam brings a different approach to a very noisy industry full of alarms, loggers, SIEMs, and firewalls,” he wrote in an email. “It leverages existing logs and a machine-learning technology to home in on attacker behavior. The team has proven high tech and security experience, with veterans of Imperva and Sumo Logic, and I believe their approach has the potential to both simplify and improve security.”

As a result of their investments, both Howard and Gouw will join the Exabeam board of directors, which includes founders Polak and Gil, as well as Kramer.

“Organizations are losing the battle against cyberattacks, and the industry is in need of an effective approach to reverse the asymmetric advantage favoring hackers,” Polak said. “Our investors have an impressive history of building transformative companies, and their confidence in Exabeam’s big data security analytics will help us solve the most persistent and important challenge in the security industry – stopping data breaches in their tracks.”


Google launches Andromeda, a software defined network underlying its cloud

April 3rd, 2014

The Andromeda virtualized network that underlies some of Google’s services is now available to certain customers of Google’s Compute Engine with more zones coming on in the coming months.

Updated throughout with new information from Google.

For everyone saying that software-defined networking is a pipe dream, Google is about to prove you wrong. The search engine giant and cloud provider said it has made its Andromeda software-defined network platform available in two of its Compute Engine zones, with the rest of its zones transitioning to Andromeda in the coming weeks.

So for companies using Google’s us-central1-b and europe-west1-a zones today, they can take advantage of what is truly a virtualized environment.

The basic promise behind this is that it virtualizes the network and, thus, it can scale. In the cloud, being able to scale a network means that you add agility while lowering operational costs. There are plenty of debates on how one implements software-defined networks but the implementation is something Amazon, Facebook and other large cloud and webscale companies are working on.

Google has been at the forefront of the software-defined networking revolution, first implementing an Open Flow-based software-defined network to support communications back in 2012. Now it is going live with Andromeda, the underlying software-defined networking architecture that will enable Google’s services to scale better, more cheaply and quickly. It has the added benefit of making the network faster, as well.
What is Andromeda?

Google describes Andromeda as its newly integrated networking stack with the diagram below and via a blog post:

Andromeda’s goal is to expose the raw performance of the underlying network while simultaneously exposing network function virtualization (NFV). We expose the same in-network processing that enables our internal services to scale while remaining extensible and isolated to end users. This functionality includes distributed denial of service (DDoS) protection, transparent service load balancing, access control lists, and firewalls.

Andromeda is the enabler behind Google’s SDN efforts, so a better question isn’t what is it, but what does it allow Google or the end customer of Compute Engine to do. It’s like the hypervisor for a server, destined to become a commodity. Google has built load-balancing, security and firewall services on top of Andromeda that it can now offer to customers in an on-demand fashion. And as that customer uses more compute, the networking required to support the services on that additional compute expand with it.

No one has to plug new cables into ports or manually add firewalls to new VMs via a dashboard. Andromeda also has improved the networking performance, according to Amit Vahdat, a distinguished engineer at Google who presented on Andromeda last month at the Open Networking Summit and wrote today’s blog post.

Another interesting new service SDN and Andromeda enables is oxymoronic, isolated, multi-tenancy. Basically, by controlling the network flows Google can make sure traffic from one customer’s VMs stay within a defined cloud, isolating the customer’s data and compute jobs without restricting them to physical machines. One can also use such a network to migrate virtual machines in the case of maintenance or downtime. Those services are not available yet to Compute Engine customers yet, but they are possible.

Vahdat is working to make them not only available to Compute engine customers, but in the case of VM migration, automatic. The customer should have to do anything. He explained that Google is already isolating certain jobs on its hardware using Andromeda and will make that available to customers in time. When asked if Google planned to open source any of the software that makes up Andromeda, he said the best way to get the functionality is through Google’s cloud offerings.

As for the architecture of Andromeda, Vahdat explained that portions of it use Open Flow, but he was clear that SDN doesn’t require Open Flow. He also said that the underlying gear wasn’t all replaced to build this functionality, and that everything was done in software. But this wasn’t a trivial undertaking and he said companies aren’t likely to be able to build this type of infrastructure alone. For Google that’s sort of the point — if customers want this flexibility they should try Compute Engine.

Overall, this a pretty significant announcement for Google’s customers, although the current Andromeda network only supports IPv4 today, and its also a technical and economic advantage for Google over providers who don’t have the same underlying technology. Google can now allocate network resources easily and cheaply to deliver faster compute and data transfer rates between virtual machines. That makes its cloud faster, allocates its resources more efficiently and eliminates the networking bottlenecks that have slowed down the promise of virtualization.

We’ll discuss Andromeda and more, onstage with Urs Hölzle, SVP of Technical Infrastructure & a Google Fellow at our Structure Conference in June.


CSA pushes software-defined perimeter network protection

January 14th, 2014

For many years defense, intelligence and other government agencies have deployed secure networks that are invisible and inaccessible to outsiders. As a result, agencies are no strangers to “need-to-know” networks in which the posture and identity of devices are verified before access to the application is granted.

However, these invisible networks are often built on proprietary architectures that do not communicate with other networks, making them too expensive for many agencies to deploy.

An initiative by the Cloud Security Alliance in December 2013 aims to make these “invisible networks” accessible to a wider range of government agencies and corporations. The Software Defined Perimeter (SDP) initiative will foster development of an architecture for securing the Internet of Things by using the cloud to create highly secure end-to-end networks between any IP-addressable entities, according to officials with CSA, a nonprofit organization that promotes security best practices in cloud computing.

The framework’s goal is to mitigate attacks on Internet-accessible applications by eliminating connectivity to them until devices and users are authenticated. The plan incorporates security concepts and standards from both the National Institute of Standards and Technology and the Defense Department.

The CSA launched the initiative with its Software Defined Perimeter Report, which explains the SDP security framework and how it can be deployed to protect application infrastructures. CSA intends to create a public standard that is available for use without license fees or restrictions.

SDP uses a classified network model to protect applications because the traditional network perimeter has rapidly become obsolete with of the growth of devices moving inside networks and with the migration of applications beyond the network perimeter to the cloud. Typically in classified or highly secure networks, every server is hidden behind a remote access gateway to which a user must authenticate before seeing and accessing authorized services.


Get Adobe Flash player