Today’s Internet Service Providers (ISPs) invest money and effort in ensuring that the Internet links they provide to their customers work properly. But is the investment delivering? Let’s do a reality check and review some common myths related to Internet connectivity – and see if there is really any truth behind them.
For decades IT managers have been deploying application delivery (Layers 4 – 7) and security services as point solutions. The network provided the basic connectivity and each L4-7 had to be configured manually per each application. Virtualizing the compute fabric enabled automation at the configuration stage; however, L4-7 and security were still deployed as point solutions. Each application infrastructure change still required intervention in rewiring the physical network, reconfiguring network nodes and, of course, with testing application integrity end-to-end and performance.
If you’re attending this week’s AWS re:Invent, check out our session on Alteon VA for AWS at AWS Marketplace – Booth 228 at 2:15 pm on Thursday, November 13, 2014. At the session, we’ll discuss and demonstrate Alteon VA for AWS.
During the past year, I have had a few conversations with the CIO of one of our e-commerce customers in Europe. And like many online shops, his company was challenged by seasonal peaks of web traffic. I have often heard about these seasonal peaks, but I could never grasp how high they can go and their cost implications to an organization!
Jim Frey is Vice President of Research, Network Management for Enterprise Management Associates (EMA) and is a featured guest blogger.
The steady moves toward internal/external cloud computing, virtualization, more complex web applications, BYOD, the App economy and new strategies for dealing with cyber attacks are bringing disruptive change to IT. These changes are mostly for the good, but along the way that have created a litany of new pain points and challenges.
Availability – aka the big “A” – is often the overlooked leg of the CIA triad (the others being Confidentiality and Integrity). Perhaps one contributing factor is the common belief among security professionals that if data is not available it is secure. Corporate executives, on the other hand, have a different opinion as downtime carries with it a hefty price tag.
Load-balancers are all about availability, scalability and performance of mission critical web-based applications. Therefore, cloud load balancing services are needed to enable enterprises to migrate their mission and performance critical application to the cloud. Mission critical web-based applications are typically multi-tier and distributed. The load balancer connects the application to the external network and load-balancing incoming web-client sessions between the different frontend web-servers.
Availability problems aren’t necessarily unique; however the testing is certainly different, as I discussed in Part 1 of DDoS Yourself.
This “availability security problem” is resulting in an increased risk to enterprise’s whose business models are tied to time (government elections, financial trading, online promotional retailers, insurance reconciliations, etc.).
As a result, many organizations are asking themselves if they have adequate visibility to the vulnerabilities they have to hacktivist (ideologically motivated) and Availability-based (competitive motivated) DDoS attacks?
What happens if your company has reason to believe that it may come under a DDoS attack in the near future or recently suffered an attack? These questions probably come to mind:
-How do I know if the attackers will be successful?
-How can I test my environment myself for expected attacks?
Shouldn’t I already have a good answer for these questions? After all, many organizations pay good money to deploy high performance security and risk teams and expect them to stay on top of questions like these.
Information Availability is needed before Integrity & Confidentiality!!!
Before I get into this heresy talk, let me start off by saying “I’m a security guy!”
I am a lifelong information security veteran who sees himself as a ‘practitioner’ – – that is I am an active participant in practicing the fine art of information security. I view my role in life metaphorically as I envision a Medical Doctor’s role – – trying to best deploy the highest efficacy of a ‘solution’ towards an ailment.