Networking solutions firm Brocade announced a multi-year strategic partnership with defense IT contractor Harris Tuesday, and unveiled a prototype of the first fruit of the new alliance — a ‘cyber maneuver engine’ designed to conceal data and network architecture from hackers who may get into a system.
‘The IP addresses of the assets within the system are changing every four seconds,’ said Brocade’s Vince Garr, staffing a demonstration of the new technology at the 2016 Federal Forum, presented by Brocade and produced by FedScoop. ‘The attacker cannot see the assets, cannot even see the data.’
Skilled hackers often lurk on a system for weeks or months before gaining the access they need to the data they wish to steal, Garr noted. But with the cyber maneuver engine at work, such persistence will do them no good. ‘We are cutting off their OODA [observe, orient, decide, act] loop. They are stuck at observe and orient, with no opportunity to decide or act,’ he said.
Garr said the cyber maneuver engine was the first ‘definitive result of the partnership [with Harris]. They have a library of capabilities. This is one of the books.’
‘This partnership is a framework to integrate Harris’ security technology with Brocade’s open SDN solution to provide a secure and automated network to federal agencies and help them become more resilient against cyber attacks,’ Brocade’s Director of Federal Tony Celeste said.
The engine requires a sophisticated software defined network, or SDN, to operate, explained Brocade’s Steve Wallo.
‘The secret sauce is in the software,’ he said.
SDN ‘centralizes the policy of how information flows [throughout the network] to a common point [rather than being on the boxes]. And that allows you to manipulate and move the data as you require, as opposed to what the box will allow you,’ Wallo said.
‘It’s a different approach to securing the network,’ Wallo explained. Rather than try to keep intruders out, you assume they’re inside already. ‘Someone’s going to get in eventually,’ he said. But once inside, the cyber maneuver engine means hackers won’t be able to find what they’re after.
‘You’re camouflaging what they’re after, you’re moving it around,’ he said. ‘It has to be a layered defense, no one’s saying you don’t need firewalls.’
But that change in attitude — acknowledging that hackers will almost certainly breach perimeter defenses — is a tough leap for many federal IT officials, Wallo acknowledged.
According to former GSA IT official Dave McClure, who spoke at a roundtable on the sidelines of the forum, the single biggest challenge the federal government faces in cybersecurity is such a ‘culture shift, moving the federal government from a perimeter-based approach to a more offensive stance.’
Next generation cybersecurity tools like the cyber maneuver engine are only possible with a modernized IT infrastructure, Brocade executives explained during the forum.
‘You cannot maximize cybersecurity without new architecture,’ Brocade CEO Lloyd Carney told the opening general session. ‘In order to get to the next level of cybersecurity … you have to modernize.’