An Ixia network tests server blades. (Ixia)
SAN FRANCISCO — Distributed throughout the exposition hall at this year’s RSA conference are more than a handful of companies that offer no solution to fix a client’s security posture, but instead offer a wide range of tools to help companies test their security and learn to respond to threats.
“Testing people, that’s a big part of the equation that many overlook,” said Scott Register of Ixia, one of the network-testing companies presenting at RSA. “In the real world environment, it’s not about detecting the attack, it’s about how people respond to the attack.”
Ixia’s primary focus is on providing server blades that can be plugged into a network and create all kinds of problems in a controlled manner. The system creates realistic network traffic, generated from complex mathematics as opposed to replaying a recording of historical data, and can insert a wide range of attack vectors from a list of threats updated by the company every two weeks. A dashboard allows a user to control the varieties of attacks that are launched and monitor the type of changes the network experiences.
The company’s primary device was designed to be light enough to pack in a suitcase for a commercial flight, and has an easily removable hard drive so that sensitive government networks can use it while keeping their own hard drives and avoiding any risk of exfiltration of data.
The hardest part of providing testing solutions is creating realistic traffic. Network defenders look for specific varieties of code, and if the testing option is producing only random bits of gobbledegook the process doesn’t provide much training for people.
Register said the company’s solution produces a wide range of traffic, from emulating iPhones to producing twitter feeds. The system had gotten particularly good with Twitter, and that his engineers sometimes couldn’t tell if a feed was real or generated.
The change in the number of types of devices that are connected to a network is one of the largest challenges facing defenders, and one of the most critical components of testing, said Ankur Chadda of Spirent, a U.K. based testing solutions company.
“We used to see only computers as network connected devices,” he said. “Now there is almost no limit to the devices.”
Spirent also offers server blade solutions, but the company is now providing a cloud-based option. Like Ixia, Spirent updates its attack vectors every two weeks, but by using the cloud the company can more quickly deploy and tweak its system. Because of its required Internet connection, which is a no-no in the world of sensitive government data, the cloud technique is meant for the commercial market.
The company’s solutions include the ability to fuzz test, a process where random data is thrown at a system to test for any unexpected crashes.
Chadda said that while testing is becoming far more common, there’s still a tendency to make it a compliance requirement rather than an improvement tool.
“A lot of people put testing as the last piece, which means when things get tight, it’s cut off,” he said. “We’re trying to suggest that they do it as part of the whole process. If you just do it at the end it’s a check mark.”