I don’t’ think there is any question that bots and botnets are a dangerous threat. The combination of a worm delivery vehicle and a malware payload of varying capabilities is a potent one that attackers have morphed to suit their own purposes. Bot defense is proving to be a difficult task even as traditional AV vendors and others have purported to include bot defense in and among the various protections they offer.
There are also a couple of specialty vendors that focus on the threat and claim to be able to identify not just the threat, but the best way to defeat it in the future. If this all sounds strangely like the rhetoric surrounding Intrusion Detection Systems in the early days -- it’s because it does. As you may recall, IDS vendors all touted their ability to identify attacks. The market bifurcated itself into network and host and vendors pretty much camped out on one side or the other.
Then one day, at a Gartner security conference of all places, an analyst (Richard Stienon now with Fortinet) coined the phrase “IDS is dead!” The market went into a tizzy with much scurrying around by vendors to re-position themselves as Intrusion Prevention rather than Intrusion Detection. In retrospect Stienon merely stated the obvious that end user organizations didn’t want a complete description of their problem, they wanted technology to make sure the problem didn’t occur in the first place.
So should it be with bots and botnets. The community wants and needs prevention more than it needs detection and identification. I offer this blog as a call for vendors to develop measures that do more than diagnose the threat but can provide detailed guidance to non-security professionals such as those that work in the Network Operations Center (NOC) to help them thwart these efforts in an exceptionally timely manner. Ideally perhaps the products would also offer the capability to invoke the recommended solution with a key stroke or two in accordance with previously approved security and operations protocols and permissions.
We know that the edge belongs to the attacker. Security professionals have to win all the time to keep their IT world safe, attackers only have to win a few times to accomplish their goals. Let’s hope that the botnet world becomes a proving ground for being one step a head of the enemy, rather than behind them.
Once again I find myself the resident of seat 30C (power equipped) in a nearly full pressured tin can aka a Boeing 767-200 being flown courtesy of American Airlines. It is no surprise anymore that I spend more of my life at 37,000 feet, with 10% humidity, and insufficient oxygen to support normal cognitive thought than most people would consider tolerable. So, while taking a break from doing “real work”, I plug in my trusty iPod and Bose Noise cancelling headphones and escape in the vast never lands of my electronic palace (it is much larger than the 17.2 inch wide, 32 inch pitch seat AA has provided). Although I ponder the chord changes and melodic composition of a lot of Hard Bop and other Jazz while doing time on aircraft, this time I was pulled into something different.
I was thinking, it was too bad I don’t have the ill fated Boeing Connexion on board, as half way through a flight, I always discover the document, file, or website I need to access but don’t have at my disposal. Worse, when I do have what I need, I have managed to fill up my paltry disk drive with enough stuff that I am inviting the wrath of the fragmented paging file and inevitable system meltdown. It seems that I can no longer operate for very long without being connected, even in a faux fashion (with offline files, briefcases, and what not). This started my exhausted mind wondering through all the meanings/contexts that networking has come to define.
Today there is much discussion about social networking, as epitomized by FaceBook (hipsters) and LinkedIn (us stuffy professional types). This notion of networking is of course, the modern equivalent of the Good Ol’ Boy network of those "in the know" and "should be known". Then there is networking as epitomized by Cisco, well OK, all of us, aka the Internet. The Internet is one of my fondest technological pursuits, and I remind myseld that several of the services on it could prove real handy mid-air. If I was online, I could get to those missing files, grab them out of my backup Gmail box, or better yet get them from a Mozy backup (one of the neat tricks now up EMC's burgeoning sleeve) and I would be back on track. Of course, my dream (or worst nightmare) come true is not having to lug all of my context around with me (sorry not a thin client pitch this time) but having access to my files from anywhere anytime. Then again, maybe I am pitching a thin client thought, perhaps thin enough to fit into seat 30C.
Just having this mental exercise about connectivity shows how far along networking and the expectations of it has come. In my early commercial internet days, 28.8k dial up was fast, a 56k-leased line was expensive, and being able to attach a file to an email was a snazzy affair. But this is modern history compared with my initial experiences of the ARPANet at 110 baud, or 300 on a good day. That network was a bit more stoic than the current one, however, there was an even more fascinating network underlying it that few thought of, namely the PSTN, or telephone network.
Being a closet Phone Phreak myself, I have to admit to spending many an idle hour pondering just how far can one could make a connection, either through PSTN or in conjunction with the ARPANet. The great revelation that I could type a character and within only 1 or 2 seconds have it echo back in full duplex from the UK and thus carry on a conversation in the stone age equivalent of IM for the price of a local phone call was fascinating. I knew at that time (it was 1977) that a world whereby communications interconnecting computers (OK I was thinking terminals and teletypes) was going to happen and become the norm, if for no other reason than the avoid Ma Bell’s long distance tariffs. Yes, some of us had cracked the Sprint and Ralston Purina private long distance networks, but that kind of five finger calling did not hold the same commercial appeal as the alternative computing message network accessed for the price of a local call.
With network speeds slow enough you could almost watch the electrons move, these networks would obviously have to change to support what we now take for granted, but the mystery, and mechanical actions of connectivity were fascinating. The assumptions that we today make about connectivity, at work, home, or mobile seem so normal, and yet were beyond science fiction not all that long ago. Egad, I was beginning to be humbled by my lack of connectivity in good ol' 30C.
At this point, I took umbrage in my disconnected state and turned back to the iPod. Amongst the many CDs and podcasts was a directory of special recordings, known as Phone Trips. I dialed in (pun intended) and started to listen to Evan Doorbell narrate some of his trips through 1XB, 5XB, and 1ESS central offices, stacking tandems, and reliving the general exploration of the greatest network in the 1970s, AT&T’s long lines. Odd as it may seem, (yes, I admitted I was a phreak) my frustration about not having perpetual connectivity began to wane, and I found myself reconnecting with the sense of adventure that networks once held for me. This was perhaps the best-connected network feeling I have had in some time -- and I was completely offline.
With arguably good reason, pondering my past is an affair best left to the experts. Nevertheless, it was good to remember some of the special almost bizarre excitement that networks once held, and to reconnect with the potential that networks have for all of us, even if that excitement has “matured” into expectation and sense of taking it all for granted. With this in mind, the Internet, Web 2.0. VoIP, zillion bits per second LANs and WANs, all are part of one of the most significant behavioral modification of recent times. Whenever, we are quick to minimize the value prop of the latest and greatest Internet service, we need to remember the quaint beginning of networks, and look just how far they came and how fast.
Nevertheless, for the remainder of this flight, I will delve into one of my favorite, organic, purely analog networks, the dynamic interconnected nodes of the Horace Silver Quintet. The workload varies, has high customer facing value, and makes immense use of discrete neurological networks, both local and remote, and you never quite know what to expect. Grid processing at its best. It's time for this camper to nod off...
I am in Austin Texas attending the Power Architecutre Developer Conference. While at first blush, we all might wonder why such an ex-technical guy like me is at a developer’s conference; the reasons are in fact of a marketing nature. Although the audience at the conference is obviously a technical one, there is much here to illustrate just what an interesting beast power.org has become. From a sheer marketing perspective, it is compelling to see the likes of IBM, Freescale, AMCC, Cadence, Synopsys, Wind River, and many others all gleefully talking about all different kinds of solutions in many seemingly unrelated markets. Well, unrelated except that the Power architecture is the underpinning for it all.
Not that everyone is talking about one processor, as there seem to be more processors being showcased than the number of fingers on both hands, but there is a singularity in discussion about the broad architecture, whether the solutions are small low power embedded devices, personal computer chips, large server technology, or HPC focused devices. It is interesting to be standing in hallway with signs touting the location of the Cell Hack-a-thon, the POWER6 partition mobility session, the AMCC SATA RAID controller processor, and a networking Sony PS3s tutorial. These along with many other diverse offerings for the automotive, control system, computing, networking, and switching industries, to mention but a few illustrate just how pervasive and important the Power architecture has become.
In a time where there is so much discussion on open standards, and the value of ecosystems and multi-vendor cooperation, it is amazing at times, how relatively few recognize the role that Power plays to this end. Mention Power to most server folks and they will talk about it from the perspective of POWER5 or POWER6 and then tell you that it is only an IBM, or worse, proprietary solution. Funny that the same processor lives inside EMC storage systems, which are definitely not from IBM. Mention PowerPC and many will tell you that was the Mac processor, but Mac is now industry standard with Intel. Yet the many PowerPC based processors from AMCC for networking and storage solutions were never part of any Apple solution, and these products remain very much in the market demand. These are just a couple of examples.
The Power architecture holds a unique, if not ubiquitous position in the marketplace. While the number of attendees (a few hundred) at this developer’s conference would pale in comparison with a big industry trade show, the numbers are impressive when one considers that they are all here from many divergent industries and all are seeking to learn how to gain greater leverage from their investment in the Power architecture. It is hard to think of another platform that garners the interest and support from such a diverse audience. In this era of multi core multi threaded computing, the Power architecture in many cases is the epitome of an industry standard with a thriving ecosystem in which no single vendor dominates all industries.
Given the consolidation in the IT industry of the past few years, it is reassuring that some sectors remain vibrant and competitive, and that a single architectural platform is underpinning so much of the market growth. Despite the continued efforts of some to equate all things Intel as Industry Standard, outside of x86 (which of course, is huge), this assertion seems hard to accept. On the contrary, when considering the wide and far-flung impact of the Power architecture, would not this more closely align with the notion of industry standard, or better yet industries standard?
The Power Architecture Developer Conference is a testimony to the importance of this architecture even thought it will probably only garner secondary news status in the grand scheme of the moment. The fact that its ecosystem is sufficiently rich to support a developer’s conference that spans from the smallest of embedded devices to high performance computing is the front-page news item, but perhaps one that will remain one of the best-kept secrets in the industry.
