|By Jon Shende||
|December 2, 2010 06:45 AM EST||
As mentioned in Part 1 of this article, one of my functions is to research current and up and coming solutions within the technology realm, particularly that of distributed computing and cloud computing.
It is a strong possibility that malicious users will eventually identify and exploit potential flaws within the cloud computing model. CSPs, in their pursuit to secure market share may have underestimated the possibilities of attack and misuse of their cloud resources by a malicious user or users.
The likelihood that the creation, storage, processing and distribution of illicit material will present major legal issues, is also a grave reality 
Digital Forensic Examiners also know that any effective forensic system has to have an effective means of monitoring and collecting a wide range of data as; there is no directive which states what may be pertinent to any one case a priori.
With regard to possibility of insider attacks, collecting data at the entry points of a network will not contribute to tracing insider attacks.
When our admin director signed me up to attend the webinar, The Case for Network Forensics - from Solera Networks a few weeks ago; to be honest I thought that it would be a variation of some tools already in use by another start-up.
The synopsis of this webinar had me recall a paper I read a while ago by a Gartner consultant  which stated, "Cloud services are especially difficult to investigate, because logging and data for multiple customers may be co-located and may also be spread across an ever-changing set of hosts and data centres," then, I figured it was only a matter of time before a start-up proved this statement wrong.
Enter Solera's discussion on network forensics. One takeaway was that the core nature of this product is that it is like a Security camera - and it records everything.
Ok I thought, digital forensics examiners typically have vast amounts of data to sift through in a traditional system anyway; how will this company's tools expedite the sorting and analysis to output what we need that is specific to an investigation within the cloud; which will be accepted in a court of law?
Also digital evidence by itself can be extremely fragile, in that it can be altered, damaged, or destroyed by improper handling or examination. As forensic examiners we know how critical it is to ensure that precautions are taken to document, collect, preserve and examine evidence. As you know any failure in this process can render a case inadmissible in court.
I took my questions to Peter Schlampp VP Marketing and Product Management and Alan Hall Director Marketing  from Solera, who provided insight as follows.
Within the cloud Solera's tools does not use a typical custom silicate, but rather will see packets as they are seeing it as if on a traditional system NIC. Integrated into a cloud service providers environments this system claims to ensure that the customer are the only one seeing aspects of their data and no one else.
Of course I wondered about the VM managers at the cloud service provider (CSP) who manages the VMs at this point, as they can see customers' data.
The response, I received was as follows: Data tracks on the customer view, will be that of who interacted with their system in the cloud and what types of connections came in to the system hosted in the cloud. In other words it records traffic between virtual host on a physical host.
The system also has an integration with Sourcefire's defense center, although I haven't conducted a PEN-TEST in over a year, I still keep updated on current processes and technologies within the IT Security - Pen-Testing world; knowing that SNORT is utilized, was an immediate plus for me.
In the event of an incident, an investigator can drill down to event level which shows the frame of traffic; an alert from a Sourcefire event will then go directly to a Solera networks device.
Data provided from this can provide answers to: How did the connection get initiated? How do you know what happened afterwards? And for a host that was compromised one can potentially follow paths.
Despite this I still express some concerns with regard to levels of assurance for data held within the cloud amongst others. In order to get objective feedback, I approached one of my mentors Mark Pollitt for his sage input. Although he expressed his concern regarding the Solera's pitch of "network forensics for amateurs," he did state that "anything that will make analysis easier and capable of being done (even just as triage) by less skilled operators is very useful."
Whilst not an endorsement, it put my mind at ease in the sense that: the company had a vision which was on track with regard to a direction for virtualization, the cloud and forensic examination.
As a technologist there is nothing like more data and case study results to satisfy my reserve, so I presented these concerns to Schlampp and Hall, who responded with food for thought as follows:
Advanced Solera Networks network forensics technology now gives the ability to make data more understandable to a common individual. Packet detail is now rendered as web pages, emails, IMs, MS Office docs, etc. That means we can utilize support staff that can interpret this "human visible" or "human readable" data and clearly understand that the data obviously contain information we don't want leaked from our organization. With the advances Solera Networks makes, users have more front line incident response personnel that can determine if the appropriate triage requires escalation to those limited personnel that possess the in-depth skills. Those skills, combined with a complete forensics record from Solera Networks appliances, can uncover exactly what happened and more importantly, help determine the proper course of action and do so quickly to close the gap in response time between incident and remediation.
In a perfect world, effective network forensics requires the ability to "capture it all, all of the time." When we don't know what we don't know, capturing it all is the only way to ensure we have the complete data to interrogate and create the accurate story of what happened. However, what we end up with in practical use is usually something short of "everything."
We have to factor in things like amount of storage at our disposal, how fast our networks are running, what data or systems we have determined as most valuable in our organization, data protection regulations, etc. Accounting for these and other factors, Solera Networks has real-time network forensics technology that lets you make choices on what to capture - all data on every segment; selective segments of data based on port, specific applications, protocols, IP addresses, etc.; or, even get as granular as analyzing every packet for specific information like a hex pattern and only retaining those packets.
Selective capture requires a trade-off between creating more manageable "haystacks of data" and "missing the needle" altogether because it is in a different haystack of data that we didn't have the foresight to capture. Because of Solera Networks approach network forensics technology has evolved to the point where we can stick with one haystack and have the tools to find the exact needle in near real-time.
With any new product only time can tell the benefits it will provide. With regard to digital forensics and the drive to adopt cloud computing systems, any tool that will improve results, reduce false positives and give an investigator data that is relevant, factual and which can be presented and accepted in a court of law will be valued. I believe that these tools combined with a system such as that of ForNet  could chart a part for forensics investigations within the cloud ecosystem.
Accordingly ForNet :"helps with the postmortem of any security incident including insider attacks. It can also store potential evidence for months, which is much longer than any existing solution. With an integration of its XML based query routing protocols, coalescing of synopses, and a user interface, an analyst can locate evidence relating to an incident efficiently and transparently."
1.Politt MM. Six blind men from Indostan. Digital forensics research workshop (DFRWS); 2004.
2.Digital Forensics:Defining a Research Agenda -Nance,Hay Bishop 2009;978-0-7695-3450-3/09 IEEE
4. Cloud Computing Storms: Biggs, Vidalis; IJICR Vol 1, Issue 1, March 2010
5. GARTNER. 2008. Tough questions: Gartner tallies up seven cloud-computing security risks.
6.Peter Schlampp VP Marketing and Product Management,Alan Hall Director Marketing - Solera Networks
7.ForNet: A Distributed Forensic Network, Kulesh Shanmugasundaram - Project ForNet NYU Polytechnic University.
SYS-CON Events announced today that HPM Networks will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. For 20 years, HPM Networks has been integrating technology solutions that solve complex business challenges. HPM Networks has designed solutions for both SMB and enterprise customers throughout the San Francisco Bay Area.
Aug. 1, 2015 04:45 PM EDT Reads: 469
The Software Defined Data Center (SDDC), which enables organizations to seamlessly run in a hybrid cloud model (public + private cloud), is here to stay. IDC estimates that the software-defined networking market will be valued at $3.7 billion by 2016. Security is a key component and benefit of the SDDC, and offers an opportunity to build security 'from the ground up' and weave it into the environment from day one. In his session at 16th Cloud Expo, Reuven Harrison, CTO and Co-Founder of Tufin,...
Aug. 1, 2015 03:00 PM EDT Reads: 508
With SaaS use rampant across organizations, how can IT departments track company data and maintain security? More and more departments are commissioning their own solutions and bypassing IT. A cloud environment is amorphous and powerful, allowing you to set up solutions for all of your user needs: document sharing and collaboration, mobile access, e-mail, even industry-specific applications. In his session at 16th Cloud Expo, Shawn Mills, President and a founder of Green House Data, discussed h...
Aug. 1, 2015 02:45 PM EDT Reads: 443
Mobile, social, Big Data, and cloud have fundamentally changed the way we live. “Anytime, anywhere” access to data and information is no longer a luxury; it’s a requirement, in both our personal and professional lives. For IT organizations, this means pressure has never been greater to deliver meaningful services to the business and customers.
Aug. 1, 2015 11:15 AM EDT Reads: 165
Container technology is sending shock waves through the world of cloud computing. Heralded as the 'next big thing,' containers provide software owners a consistent way to package their software and dependencies while infrastructure operators benefit from a standard way to deploy and run them. Containers present new challenges for tracking usage due to their dynamic nature. They can also be deployed to bare metal, virtual machines and various cloud platforms. How do software owners track the usag...
Aug. 1, 2015 10:30 AM EDT Reads: 209
The Internet of Everything (IoE) brings together people, process, data and things to make networked connections more relevant and valuable than ever before – transforming information into knowledge and knowledge into wisdom. IoE creates new capabilities, richer experiences, and unprecedented opportunities to improve business and government operations, decision making and mission support capabilities.
Aug. 1, 2015 10:00 AM EDT Reads: 290
There are many considerations when moving applications from on-premise to cloud. It is critical to understand the benefits and also challenges of this migration. A successful migration will result in lower Total Cost of Ownership, yet offer the same or higher level of robustness. In his session at 15th Cloud Expo, Michael Meiner, an Engineering Director at Oracle, Corporation, analyzed a range of cloud offerings (IaaS, PaaS, SaaS) and discussed the benefits/challenges of migrating to each offe...
Aug. 1, 2015 09:45 AM EDT Reads: 127
Chuck Piluso presented a study of cloud adoption trends and the power and flexibility of IBM Power and Pureflex cloud solutions. Prior to Secure Infrastructure and Services, Mr. Piluso founded North American Telecommunication Corporation, a facilities-based Competitive Local Exchange Carrier licensed by the Public Service Commission in 10 states, serving as the company's chairman and president from 1997 to 2000. Between 1990 and 1997, Mr. Piluso served as chairman & founder of International Te...
Aug. 1, 2015 09:45 AM EDT Reads: 389
One of the hottest areas in cloud right now is DRaaS and related offerings. In his session at 16th Cloud Expo, Dale Levesque, Disaster Recovery Product Manager with Windstream's Cloud and Data Center Marketing team, will discuss the benefits of the cloud model, which far outweigh the traditional approach, and how enterprises need to ensure that their needs are properly being met.
Aug. 1, 2015 08:00 AM EDT Reads: 1,686
SYS-CON Events announced today that MobiDev, a software development company, will exhibit at the 17th International Cloud Expo®, which will take place November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software development company with representative offices in Atlanta (US), Sheffield (UK) and Würzburg (Germany); and development centers in Ukraine. Since 2009 it has grown from a small group of passionate engineers and business managers to a full-scale mobi...
Aug. 1, 2015 08:00 AM EDT Reads: 304
In their session at 17th Cloud Expo, Hal Schwartz, CEO of Secure Infrastructure & Services (SIAS), and Chuck Paolillo, CTO of Secure Infrastructure & Services (SIAS), provide a study of cloud adoption trends and the power and flexibility of IBM Power and Pureflex cloud solutions. In his role as CEO of Secure Infrastructure & Services (SIAS), Hal Schwartz provides leadership and direction for the company.
Jul. 31, 2015 11:45 AM EDT Reads: 143
[slides] A New Architecture for the Internet of Things By @JKirklan | @ThingsExpo @RedHatNews #IoT #M2M #InternetOfThings
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at @ThingsExpo, James Kirkland, Red Hat's Chief Arch...
Jul. 30, 2015 07:30 PM EDT Reads: 1,408
Malicious agents are moving faster than the speed of business. Even more worrisome, most companies are relying on legacy approaches to security that are no longer capable of meeting current threats. In the modern cloud, threat diversity is rapidly expanding, necessitating more sophisticated security protocols than those used in the past or in desktop environments. Yet companies are falling for cloud security myths that were truths at one time but have evolved out of existence.
Jul. 30, 2015 06:00 PM EDT Reads: 1,811
Take the Long View with Digital Transformation By @IoT2040 | @ThingsExpo #IoT #M2M #API #Microservices #InternetOfThings
Digital Transformation is the ultimate goal of cloud computing and related initiatives. The phrase is certainly not a precise one, and as subject to hand-waving and distortion as any high-falutin' terminology in the world of information technology. Yet it is an excellent choice of words to describe what enterprise IT—and by extension, organizations in general—should be working to achieve. Digital Transformation means: handling all the data types being found and created in the organizat...
Jul. 30, 2015 05:00 PM EDT Reads: 1,099
[slides] Workloads and Public Cloud at @CloudExpo By @utollwi | @ProfitBricksUSA #DevOps #Containers #Microservices
Public Cloud IaaS started its life in the developer and startup communities and has grown rapidly to a $20B+ industry, but it still pales in comparison to how much is spent worldwide on IT: $3.6 trillion. In fact, there are 8.6 million data centers worldwide, the reality is many small and medium sized business have server closets and colocation footprints filled with servers and storage gear. While on-premise environment virtualization may have peaked at 75%, the Public Cloud has lagged in adop...
Jul. 30, 2015 04:00 PM EDT Reads: 2,218
The time is ripe for high speed resilient software defined storage solutions with unlimited scalability. ISS has been working with the leading open source projects and developed a commercial high performance solution that is able to grow forever without performance limitations. In his session at Cloud Expo, Alex Gorbachev, President of Intelligent Systems Services Inc., shared foundation principles of Ceph architecture, as well as the design to deliver this storage to traditional SAN storage co...
Jul. 30, 2015 03:00 PM EDT Reads: 1,751
MuleSoft has announced the findings of its 2015 Connectivity Benchmark Report on the adoption and business impact of APIs. The findings suggest traditional businesses are quickly evolving into "composable enterprises" built out of hundreds of connected software services, applications and devices. Most are embracing the Internet of Things (IoT) and microservices technologies like Docker. A majority are integrating wearables, like smart watches, and more than half plan to generate revenue with ...
Jul. 30, 2015 02:30 PM EDT Reads: 120
The Cloud industry has moved from being more than just being able to provide infrastructure and management services on the Cloud. Enter a new era of Cloud computing where monetization’s services through the Cloud are an essential piece of strategy to feed your organizations bottom-line, your revenue and Profitability. In their session at 16th Cloud Expo, Ermanno Bonifazi, CEO & Founder of Solgenia, and Ian Khan, Global Strategic Positioning & Brand Manager at Solgenia, discussed how to easily o...
Jul. 30, 2015 01:45 PM EDT Reads: 390
Growth hacking is common for startups to make unheard-of progress in building their business. Career Hacks can help Geek Girls and those who support them (yes, that's you too, Dad!) to excel in this typically male-dominated world. Get ready to learn the facts: Is there a bias against women in the tech / developer communities? Why are women 50% of the workforce, but hold only 24% of the STEM or IT positions? Some beginnings of what to do about it! In her Opening Keynote at 16th Cloud Expo, S...
Jul. 30, 2015 12:00 PM EDT Reads: 2,064
The speed of software changes in growing and large scale rapid-paced DevOps environments presents a challenge for continuous testing. Many organizations struggle to get this right. Practices that work for small scale continuous testing may not be sufficient as the requirements grow. In his session at DevOps Summit, Marc Hornbeek, Sr. Solutions Architect of DevOps continuous test solutions at Spirent Communications, explained the best practices of continuous testing at high scale, which is rele...
Jul. 30, 2015 12:00 PM EDT Reads: 1,405