October 2009 Archives

That Bloke Mal Ware Is A Real Threat

| No Comments | No TrackBacks
| More
Was chatting with Rik Ferguson of Trend Micro about the, er, no pun intended, trends of malware and other threats earlier this week.

Rik highlighted the seemingly exponential growth in aforementioned threats using Trend Micro's own figures for their own Smart Protection Network - the primary architecture in the company's cloud-based AV products. Between Q3 of last year and Q2 of this, the following differences have occured.

Daily Averages

Q3 2008

Q2 2009

 

Queries to network

 

7,502,421,008

29,183,474,177

+289 per cent growth

Threats blocked

 

 

1,061,196,257

4,000,314,950

+277 per cent growth


These are massive increases by any standards when you're just looking at one product family from a single AV vendor. It does also help to validate my own findings in the recents tests I carried out on Trend Micro's OfficeScan 10 product - the report is available from the Broadband-Testing website: www.broadband-testing.co.uk - where I state that the cloud-based approach has to be the way forward for AV and related IDS/IPS solution for those users who are travelling around a lot especially.

According to AV-Test.org, over 1 million new malware are generated each month.

Which is a lot.


Rik and I spoke about the huge increases in smartphone use and how that is becoming the endpoint of choice. Therefore, how can you put a full-size client onto that kind of platform without killing it stone dead? Using a much reduced client footprint has to be the way forward.

One argument against this approach is that is surely leads to a lower capture rate than "traditional" techniques? Trend Micro has answered that one with a number of further independent performance tests with a variety of labs, so that's one myth squashed. The other concerns what happens if you can't connect to the 'net, but that one's covered in my report.

Of course, Trend Micro's rivals are on the case with the cloud-based solution but the question is - how far behind are they? Answers please on virtual cards, virtually posted in the virtual black box at the back of the virtual room... Or you can just send your comments here.

Making The Point To Point

| No Comments | No TrackBacks
| More

No, we're not talking bizarre, middle-of-nowhere horsey meetings here but wireless broadband.

Having seen half of Andorra dug up for the past couple of years as fibre cable is run anywhere and everywhere (of course you want 100meg connections to your hotel for those special après-ski videos...) it's a welcome lack of wires that comes to mind as I hear my old mate John Earley and his chums at Metronet in Manchester have been installing majorly point-to-point and point-to-multipoint wireless broadband connections across the city (definitely not united).

Which brings us back to one of my favourite topics in IT and that is "what goes around comes around". In this case - and Case is literally correct, unless they had changed their name to Cray by then, and then back to Case... - it was a Case Communications product in the early '90's, a point-to-point, laser-based Ethernet solution (10Mbps) that we tested in a City of London location and it worked great back then even. However, it was not foolproof, since Case had not allowed for the "cleaner factor".

As all IT folks know, the cleaner is the greatest threat to network uptime and so it proved here. Given that this was in the old "City" certain restrictions were in place, such as not allowing ugly as hell transmitter/receiver equipment to be located externally on certain listed buildings. It so happened that this location was in such a listed building. Anyway, having worked perfectly for days, one morning the IT guys got in to find that the link was down - dead as the proverbial Dodo, Yangtze River Dolphin etc etc. From the control end, all looked perfectly ok, so the only answer was to walk to the office where the other (seemingly dead) end of the link was located.

On arriving there and brushing past the sign that said "PLEASE DO NOT CLOSE THE SHUTTER AT ANY TIME" they found that the internally-located laser transmitter/receiver was no longer pointing through a glass window, but straight into some wooden shutters that had been, er, shut, by the IT devil that is "the cleaner".

T'point (to point) being - cleaner factor allowed for - that such technologies worked well back then and still work well now. Not that the Metronet expansion is being limited to Manky weather town. The operator is rapidly expanding its network into Liverpool, Leeds (now we're talking united), Birmingham and Dublin - not quite the "London, New York, Paris, Rome" associated with top perfumeries, but a start nonetheless. And my aforementioned mate John will welcome the Irish connection, particularly if it could extend into the North-West corner of the republic.

What is interesting about Metronet is that it is the first wireless communications operator to achieve profitability and that, to do so, it has deployed product from a (meerkat free) Russian wireless broadband product company - InfiNet Wireless - who we are currently speaking to about testing by pure chance. And guess what InfiNet's claimed USP is? Price-performance. Doubly interestingly, last year Motorola came to us with a view to us testing its wireless broadband products in order to prove that the additional cost of Motorola product (over alternatives such as InfiNet) was justifiable. After long talks and many promises from Motorola, that particular project (not entirely surprisingly) never happened. Shame the kids had to do without Christmas presents last year, but sometimes these things are unavoidable...

So I (and my kids) personally look forward to validating the opposite argument with the InfiNet technology. But what is it being used for I hear you say (I've got finely-tuned hearing)? Good question. Metronet is using InfiNet's technology to offer customers secure, high-bandwidth access to the Metronet core dark fibre backbone (ah - there's always holes in the ground somewhere!), specifically where access bandwidth regularly requires throughput of above 20Mbps while still conforming to Metronet's 99.95% availability SLA req's. So we are talking point-to-point last-mile applications, as well as more complex point-to-multipoint applications covering enterprise networks, public safety and security networks. The deployments support diverse traffic profiles covering applications such as high-capacity backhaul, VoIP-based call centres, video conferencing, high-bandwidth corporate database synchronisation, remote data centre services, public security applications and IP CCTV surveillance, where low-latency networks capable of supporting PTZ-controlled surveillance systems are an important factor.

As well as targeting corporate data clients with high bandwidth and high-reliability business class Internet and MPLS based Point-to-Point network access solutions, Metronet is engaging with local Police and Council Authorities to promote use of its network infrastructure to support wireless connectivity for applications such as CCTV video and ANPR (Automatic Number Plate Recognition) systems. The b******s!

As my mate John Earley explained:

"There's quite a lot that we like about InfiNet.  From a deployment aspect we have found that their kit offers a significant throughput advantage in a smaller channel spacing compared with other manufacturers and we like a bunch of features that the solution offers.  For example, the ability it gives for per VLAN rate throttling which adds an element of network control through the air and enables us to ensure sufficient bandwidth is available for network management and monitoring."

"We also appreciate having direct access to knowledgeable support engineers that can assist with problem resolution as and when required (quite literally)."

Interesting comment, that last one, given that we are talking a Russian company here... and a lesson for many so-called UK ones methinks.

Anyway, I say "bring it on InfiNet" and let's give this Russian technology the Broadband-Testing seal of approval. Part-payment in top quality vodka is negotiable...

How Trendy Clouds Can Minimise Your Ether Footprint

| No Comments | No TrackBacks
| More

Cloud Computing - all marketing guff or reality? And, if it is the latter, then is it really the future?

Industry analyst Gartner Group has already stated that it believes cloud computing will be as influential as e-business. At the same time it warned that 'in the cloud' security services appear at the 'peak of inflated expectations' on Gartner's 2009 Hype Cycle for Infrastructure Protection, expecting reality to deliver it as a mainstream technology within a two to five year timescale.

But what about the here and now? With two laptops and a non-stop travelling month across the UK ahead of me, I took the opportunity to decide for myself whether the cloud is the answer to delivering efficient security services, right-here right-now, including several trips to Brighton, home of the chap who penned those lines a few years ago.

On one laptop, therefore, we installed Trend Micro's cloudy OfficeScan 10 AV software while, on the other, we had a "classic" fat client type AV product, from a well-known purveyor of such. With WiFi and mobile broadband dongles to hand, I was ideally positioned to decide whether the cloud argument is all fluff or really makes sense.

Looking at OfficeScan 10, what we have here is a genuine cloud application that benefits from this approach, enabling fast updates (every 15 minutes) and a relatively light client. It seemed a no-brainer in truth to see the potential benefits of using the cloud approach as a means of ensuring that updates are as timely as possible - critical to the success of an AV product. This approach also removes much of the human requirement for managing updates (pattern file management etc), meaning less chance of errors leading to potentially damaging virus/threat outbreaks. The counter-argument, of course, is what if you cannot get online? The answer is to have enough of a database on your client to protect you in environments you'll encounter offline. But then most of the threats are online...

Of course, there is a key server element to this product. While the OfficeScan 10 suite obviously benefits from having a dedicated server to run on, equally it operates within a virtual environment, such as VMware. We tested in both environments without problems. The modular nature of the server application suite made it very easy to create custom configurations for different types and levels of user, with additional functionality such as file and web reputation able to be applied as required. Via a server plug-in, endpoint security extends to mobile devices - a vital consideration with smart phone and related technology sales and usage increasing enormously within business.

At the client endpoint, while everything can be automated, a simple interface accessible from the Windows toolbar allows the user to optionally run manual scans and related tasks. Comparing day-to-day usage at the client endpoint with another AV product from a well-known vendor, it was clear how 'light' the OfficeScan client is and how non-intrusive it is in comparison. Other features such as the ability to throttle CPU utilisation at the client during scans means that the user experience is essentially completely transparent. Why should they know that AV software is running?

In use during our test period, we were never knowingly aware of the existence of the OfficeScan client, apart from when it captured some test viruses and automatically quarantined them, in line with our configuration options. In contrast, our alternative AV client we were comparing the OfficeScan client with, as well as using more memory, was far more intrusive in terms of the number and length of downloads it made during our test period - in some cases a full client update, rather than simply a virus signature update.

This was really highlighted during travelling around the UK when using a mobile broadband connection - an increasingly common form of Internet access for many users and one that might well become the norm in the next two to three years, as costs continue to fall. Here is where the cloud-based approach really shines. OfficeScan caches as much data locally as it can, which clearly helps in this kind of user scenario. The client can also detect when a laptop or equivalent is in battery mode and cancel an auto-scheduled scan, a life-saver in some cases when travelling with no means of recharging the battery (in every sense).

In summary, the cloud works!

No I'm Not Dead Honest, Just Suffering From Temporary Death By Travel...

| No Comments | No TrackBacks
| More
For anyone else who travels as much as I seem to at the moment, you have my deepest sympathies.

Finally back "home" after over six weeks on the road, almost entirely in England. Well, at least I did catch the English "summer" now relocated to September (except it always has been the best month in my memory). Being in a situation where I rarely had more than two nights in any one location and was at the whim of WiFi-ness, free or otherwise, my purchase (admittedly compulsory for a project I was working on) of mobile data dongles for Vodafone and 3 really did save me.

However, as we found out with our smart phones test for our new Mobile Test Labs operation, 3G dongles (occasionally 2.5G or 3.5G) do tend to drop the "call" when travelling across the UK's rail network, so it's not an ideal solution by any stretch, just far far better than relying on the presence of (affordable) WiFi hotspots. Otherwise, using "free" WiFi in bars proves very expensive and it gets difficult to type after a while.

As part of the Vodafone deal I got a free Samsung N110 Netbook running XP. Given that my main laptop (an Acer Aspire) runs the dreaded Vista, booting up the two side by side reminded me just HOW FAR backward Microsoft went with the V word. The XP netbook was up and running and raring to go, fully five minutes before the Vista machine was. And it doesn't crash either. And it's far quicker to do anything, despite having a slower CPU and less memory.

If any of you meantime have tried upgrading your Vista machine to Windows 7 and have found Vista telling you it can't (after about 30 minutes of pre-install) then just perservere. While I was working on site with my mates at NewNetTechnologies, CTO Phil Snell encountered this very scenario, was denied several times, but kept on in dogged Yorkshire tradition and - lo and behold - finally got Vista to crack and accept its upgrade mission. His laptop is now happily running Windows 7 and what looked like a terminal illness has been resolved by a miracle cure.

Change of subject - if anyone from Avaya is reading this, with your newly acquired customer base c/o Nortel's Enterprise division, I have some excellent technology recommendations for you, starting with UK startup Voipex. If anyone hasn't yet checked out the report on what is finally THE technology that cracked the VoIP syndrome, please go onto the Broadband-Testing website and read the report - www.broadband-testing.co.uk

And talking of free reports that are well worth a read, if Data Centres are your bag, checkout the Next Generation Data Centres report by Bob Cushing from MSC consultants (they're in Sheffield, but I can forgive them for being in the wrong part of Yorkshire - more like the South Pole as far as I'm concerned) which you can find at: http://www.msc-reports.co.uk/