Michele Chubirka


Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

See more from this blogger

Security Snake Oil for Sale

Earlier this summer, Cisco bought Sourcefire, a company that makes network security software and hardware based on the Snort intrusion detection system, for $2.7 billion dollars. That's a lot of money to pay for a technology that has well-known problems (lots of noise and operational demands, not much protection). So why make the purchase? Because Cisco and other vendors know that people will keep buying security gear regardless of its effectiveness. Is that our fault or theirs?

Over the past year or so, a series of articles discussed the flaws in many categories of security products. Articles from Bruce Schneier and SANS proclaimed the utter failure of antivirus and host-based intrusion detection systems. Then there was the study from Imperva attacking the effectiveness of AV, which became a cause celebre among security vendors.

More Insights

Webcasts

More >>

White Papers

More >>

Reports

More >>

Even with intrusion detection systems, the signature model seems to be a losing battle, with armies of analysts toiling away to keep up with the bad guys while we wait for promises of big data to save the day. IDS is a loud, cranky thing, constantly crying for attention, like a newborn infant. It's hard to find demonstrable ROI with the level of effort required for implementation and maintenance.

However, despite all the problems with IDS, anti-virus and other security products, they still help you hit an audit checkbox. It's part of the compliance game, where everyone pretends that meeting a set of pre-defined requirements is an effective way to address risk. It's not, but it provides a mechanism for everyone to say, "We're doing something about security, and here's the checkmark to prove it."

Unfortunately, the ability to identify and address actual risks is getting harder. It's not just trying to find a needle in a haystack. It's like trying to find a needle in a million haystacks. It's the Black Swan event discussed by Nassim Taleb, but thousands of them.

So we throw more computational power at the problem, but all we end up with is more data than we can manage with discussions about how to analyze said data in a way that will actually help us predict attacks in real time. The problem here isn't the signal-to-noise-ratio of false positives, but the false negatives that insidiously degrade the security of our organizations.

Maybe the problem isn't that we don't collect enough data, but that we aren't discerning enough regarding the data we amass. Gerd Gigerenzer, an expert in the field of smart heuristics and bounded rationality, offers a different perspective.

With studies in the fields of medicine and economics, he validates the effectiveness of "fast and frugal" decision trees for making more accurate decisions, demonstrating that by using less information we can make better predictions.

But what if the source of difficulty is bigger than how we use data in the security realm? Maybe the real issue is the challenge of automation in general. In Lisanne Banbridge's seminal work, "Ironies of Automation," she discusses this critical problem. We automate in order to eliminate human error, but in doing so we actually expand those errors. The root cause is that a human created the automation system. I wonder what Captain Kirk would do with this Kobayashi Maru, this spectacular no-win situation?

The truly mystifying aspect of this dilemma is that the industry seems to keep getting away with selling us empty promises. Solutions that simply don't work in solving the Gordian Security Knot facing enterprises every day. And we let them. If a networking vendor sold a device that should forward packets, but didn't, it wouldn't have very many customers.

So why do we continue to buy security snake oil? Probably the same reason people still flock to magicians. We really want to trust that these products will make the bad guys disappear. We want to believe that we can eliminate risk, that we will ultimately locate and stop the source of an attack, like finding the pea in a shell game. Unfortunately, the game is rigged, and in most cases, we'll never find the pea.

[Is it really possible for security and operational efficiency to coexist? Michele Chubirka dives into this thorny topic in her Interop workshop "Beware the Firewall, My Son! The Jaws that Bite, the Claws that Catch!" Register today!]


Related Reading


Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Research and Reports

Network Computing: April 2013



TechWeb Careers