From the Floor at RSA 2010: Real-World Mobile Network Traffic Validation

On the show floor at RSA Conference there is a lot happening and overall the show seems much more well attended than last year. This show, as most of you know, is also a harbinger of news releases and product announcements. Crossbeam, providers of scalable software and hardware platforms, distributed a few pieces of news leading up to the show and at the conference itself. I went over to visit the Crossbeam booth (#545) while at RSA so check out a live demonstration of their X-Series security platform using four BreakingPoint Elite chassis. With this impressive demonstration in the background I talked with Crossbeam's Peter Doggart.

Q. First off Peter, can you provide us with an overview of what Crossbeam provides?

Crossbeam’s X-Series security platform lets customers virtualize third-party, best-in-class security applications and scale them to meet the needs of large, high-performance network environments. Today, more than 900 leading enterprises and service providers, including 10 of the top 11 telecom carriers worldwide, rely on Crossbeam as the underlying architecture for the delivery of security services.

Q. Crossbeam is demonstrating something very interesting here at RSA, can you tell us about what is going on and why?

In working with service providers over the past year, and in particular mobile network operators (MNOs), it has become evident that they are under enormous pressure to meet growing network demands while simultaneously delivering “clean” data pipes.

What we are showing at RSA is proof that our X-Series security platform delivers the world’s fastest firewall performance to meet the needs of mobile operators. Using BreakingPoint Elite, we are conducting a to stress-test the X-Series chassis. We are running a best-in-class application on the X-Series, Check Point Security Gateway R70 Firewall, to clean, inspect and secure the traffic.

This demonstration shows how service providers and mobile carriers can easily scale their network security infrastructure to cope with the next generation of mobile technology, 4G/LTE, under real-world conditions.

Q. You mention “real world” a few times in your answer and in the news release that went out. What does that mean to mobile network operators?

There is a growing gap between what vendors state on their data sheets and what we typically see out in the real world in terms of performance. There are two key elements at play in the real world. First, we are seeing more attacks, which place a greater burden on our security systems and, second, we are seeing smaller payload sizes, especially with the growing number of mobile devices. The result is that mobile operators need to buy and manage a lot more equipment than they budgeted for as the real-world demands are far greater than they ever anticipated. This is not only more costly to them, but it is also a lot more complex to manage.

Realistic tests like this one at RSA validate that we deliver the fastest-performing firewall on the market under real-world conditions which means that we can stand behind our performance claims and mobile network operators can be assured that their X-Series security infrastructure delivers the flexibility, superior performance and high availability required to handle the unpredictability of growing data traffic demands.

Q. How can this type of validation, throughout the industry, not just at Crossbeam, help the overall performance of MNOs?

Crossbeam’s policy is to be transparent when it comes to performance claims. We are doing the opposite of what many vendors do by actually creating tests that provide worst case metrics, not the best case. Take the RSA live demonstration. We are using BreakingPoint to generate 96 byte HTTP packets, which in the real mobile world would be the worst case payload size. At Crossbeam, we want to create some real-world industry guidelines that everyone follows so mobile operators, government and enterprise customers understand exactly what they are buying, and can capacity plan correctly.

Q. I noticed four BreakingPoint chassis in the Crossbeam booth generating the traffic for the demonstration. Why does Crossbeam use BreakingPoint for product validation?

First, we use the BreakingPoint Elite chassis because they can accurately simulate the type of traffic we see in the real world and, second, because BreakingPoint is the only vendor that can push the Crossbeam chassis to its current performance limits.

Q. How has using BreakingPoint helped the evolution of Crossbeam products?

Because BreakingPoint equipment pushes our chassis to its absolute limits, Crossbeam is better able to fine-tune its performance to address customer needs with the assurance that the X-Series can handle their network demands. In the latest release of the X-Series operating system, for instance, we boosted the number of concurrent IP connections we can support up to 10 million, and increased the new connection rates per second to 320,000. These numbers are critical to mobile operators who need to support the growing number of smartphones and other devices, which create more traffic than traditional mobile phones and are nearly always connected. Without BreakingPoint, we couldn’t have confidence in our real-world performance metrics.

Replace Vendor Assurances With Measurable Answers

This morning on the floor of RSA Conference BreakingPoint unveiled the BreakingPoint Resiliency Score™, a new approach to objectively measure the resiliency of network and security equipment, putting an end to data sheet speculation. We've all been there, of course, reading a product data sheet that provides data on performance and security of a piece of network or data center equipment. But, we have all reached the point where we basically ignore much of this data.

The reason isn't that the information is fictitious, it is simply not based on real-world scenarios. BreakingPoint is all about real-world simulation, as anyone who reads this blog regularly knows. The BreakingPoint Resiliency Score takes this ability to simulate real-world applications, real-time security strikes and maximum load to provide an objective, repeatable and scientifically measured certification of the performance, security and stability of any network or network device.

The press release that went out this morning had a great quote from BreakingPoint CTO Dennis Cox. It summarizes why this is important for all of us:

“Certification for performance and security is nothing new; in fact, we have come to expect it for everything from our phones to our automobiles. Yet network equipment, which supports our businesses and governments, has no standardized certification for performance and security. Instead we rely on statements made in product marketing literature, which are based on best-case scenarios, not real-world truths. Organizations want measurable answers, not assurances, when it comes to cybersecurity. The BreakingPoint Resiliency Score cuts through all the speculation and confusion and uses a scientific methodology that provides a deterministic and repeatable certification of any vendor claim.”

If you are at RSA Conference stop by booth 1356 and we would gladly show you how Resiliency Score works.

A Cybersecurity Education: House Bill 4061

"Now you know, and knowing is half the battle," were words spoken at the end of every G.I. Joe cartoon during the mid-1980s and served as a conclusion to public service announcements. For some reason this statement has always stayed with me and I often use the saying, typically in a sarcastic manner. But late last week and again this morning this 80s era disclaimer resonated once again after the U.S. House of Representatives passed bill 4061, "To advance cybersecurity research, development, and technical standards".

The main tenant of the bill requires President Obama's administration to perform assessments of each agency in order to determine "cybersecurity workforce skills".  Additionally, it establishes a scholarship program to be used by undergrad and grad students who also agree to work for the government as "cybersecurity specialists" after graduating. The push is on to educate the current and future government workforce on all things cyber:

“Investing in cybersecurity is the Manhattan Project of our generation,” Representative Michael Arcuri, Democrat of New York, a sponsor of the bill said on the House floor last week. “But this time around we are facing far greater threat. Nearly every high school hacker has the potential to hamper our unfettered access to the Internet. Just imagine what a rogue state could do.”

Mr. Arcuri said that the federal government will need to hire between 500 and 1,000 more “cyber warriors” each year to keep up with potential enemies. Troops online “are every bit as important to our security as a soldier in our field,” he said.

This is an important step in our ongoing cybersecurity battle. The Senate plans on introducing a companion bill soon and that should be a priority since the new proposed budget, while increasing overall defense and cyber related spending, does cut the Homeland Security Department’s cybersecurity division. The hope is that the separate House/Senate bill(s) will make up for that hit at DHS, while starting to create future cybersecurity experts. It seems as though both the House and Senate are taking the topic of cybersecurity seriously and will earmark funds for cyber education.

Although details are still lacking on what the final bill will look like, the focus on education is welcome since "knowing is half the battle".

Answers to the Top IPv6 Questions

Media headlines tell us we should be concerned about IPv6. After all, cyber criminals are already "taking advantage of IPv6 vulnerabilities" and we are running out of IPv4 addresses "at an alarming rate". But there are so many unanswered questions around IPv6 and shifting through what is truth and what is hype can be a challenge. We figured we would take on the IPv6 conversation in our next webcast and answer the questions you have been asking:

• What does IPv6 actually mean for my network?
• Will we really run out of IPv4 addresses in 2011?
• Is IPv6 only about address allocation or is it also more secure than IPv4?
• Is the IPv6 standard ready for prime time?
• Are cyber criminals actually using IPv6 today to attack networks?

I'll be moderating the conversation and joined by BreakingPoint CTO Dennis Cox and Software Architect, Brent Cook. Brent wrote the post, "6 Surprising Facts about IPv6" and both gentleman will be taking your questions during the session. Here are the details:

Upcoming Cyber Security Events

Tomorrow begins a mad rush of cyber security events throughout the country. BreakingPoint will have people at several shows over the next month, and in most cases we will be providing on site cyber security simulation demonstrations. In case you are attending one of these shows or simply live in the area and want to meet up give us a shout here or on Twitter. I've listed some of the upcoming events below:

		DoD Cyber Crime Conference January 25-27, 2010  |  St. Louis, MO BreakingPoint will be exhibiting in booth #404 at the Cyber Crime Conference.The conference focuses on all aspects of computer crime and incident response: intrusion investigations, cyber crime law, information assurance, as well as research, development, testing, and evaluation of digital forensic tools. Learn more.
		Netcentric Warfare January 25-27, 2010  |  Arlington, VA BreakingPoint will be exhibiting at IDGA's NCW event. It is the world's largest and most respected event focused on network enabled operations, and the premier forum for the exchange of plans and best practices on the net-centric innovation. Learn more.
		Cyber Warfare January 27-28, 2010  |  London, UK BreakingPoint will be exhibiting and speaking at this conference. Stay tuned for more details on the presentation. Learn more.
		AFCEA West 2010 February 2-4, 2010  |  San Diego, CA BreakingPoint will be exhibiting in booth #2006 at the AFCEA West conference. West is the largest event on the West Coast for communications, electronics, intelligence, information systems, imaging, military weapon systems, aviation, and more. Learn more.
		USEUCOM Intelligence Summit February 15-17, 2010  |  Heidelberg, Germany BreakingPoint is an exhibitor at USEUCOM. The Summit will bring together US and European mission partner capability planners, program managers, intelligence producers, end-users, and subject matter experts from government, military, law enforcement, academia, private sector, and leading edge technology organizations. Learn more.
		NANOG February 21-24, 2010  |  Austin, TX BreakingPoint is the Monday Afternoon Break Sponsor at NANOG. Learn more.