Monday, October 28, 2013

DARPA Grand Challenge targets automated cyber security

A view of some of the sensing hardware on an
autonomously piloted vehicle in the DARPA Grand Challenge.
DARPA (the Defense Advanced Research Projects Agency) announced the next focus area in their series of Grand Challenges that have included autonomously driven vehicles, humanoid robotics and now automated network defenses. The Cyber Grand Challenge seeks to drive an automation revolution in information security.

"The trends we've seen in cyber attacks and malware point to a future where automation must be developed to assist IT security analysts," said Dan Kaufman, director of DARPA's Information Innovation Office which is in charge of organizing the Challenge.

The competition, slated for early to mid-2016, is expected to draw teams of experts from industry and academia, with qualifying teams competing for a cash prize of $2 million, with second place earning $1 million and third taking home $750,000. The teams' systems would automatically identify software flaws, scanning the network to identify affected hosts. Teams would score based on how capably their systems could protect hosts, scan the network for vulnerabilities and maintain the correct function of software.

While Uplogix most likely will not be participating in the competition we do offer some related functionality that could be incorporated into a Grand Challenge solution.

First, there is secure access. No security solution would be successful if it introduces new security vulnerabilities to the gear it is supposed to be protecting. For example, managing in-line devices like intrusion prevention systems (IPSs), Uplogix manages from an out-of-band position. This ensures that even if the network is down, the devices are still being monitored, and access to those devices over the console port continues to be enforced with AAA (authentication, authorization and accounting) measures still in place.

Applying the requirements of the Cyber Grand Challenge to a larger view of a network means that when a threat is automatically detected and patched, that update will likely need to be distributed to similar devices across the network. The configuration management automation Uplogix provides could be useful in this situation.

With reliable enterprise-wide execution of configuration changes, Uplogix can push config updates to similar devices automatically and verify that the changes "take" with the device returning to an operational state. For those devices with issues that prevent them from coming back up, the SurgicalRollback feature will back out the changes and return the devices to its previous state. Notifications for system administrators will indicate which devices might require additional human attention.

While the Grand Challenge series is designed to spark innovation initially targeted at a defense industry application, the commercial applications (both direct and indirect) of the Cyber Grand Challenge will likely be seen even faster than autonomous cars and robotic disaster first responders. And as for the Uplogix solutions, they are available today!

Friday, October 18, 2013

Uplogix supports National Cyber Security Awareness Month

Uplogix compliance reporting records who 
has accessed devices and what was done.
Both Uplogix and the National Cyber Security Awareness Month (NCSAM) are celebrating 10-year anniversaries in 2013, and share a relevance in today’s technology landscape that more important than ever.

The month-long NCSAM event aims to raise awareness of cyber security issues to create “a safe, secure, and resilient cyber environment.” Uplogix local management enhances enterprise security by extending role-based administrative access policies to network and communications devices and by providing detailed auditing and reporting in support of attaining and demonstrating regulatory compliance. All of these capabilities are maintained even in the event of a network outage.

The Stop. Think. Connect. campaign provides resources to the public to promote awareness of online safety. For industry cyber security, the campaign offers suggestions for reducing the risk of cyber threats from the loss of sensitive customer and employee data to network security.


One security role of Uplogix in corporate networks is supporting industry-specific IT audit and compliance reporting, primarily through in-depth reporting of changes made to the IT infrastructure. Regulations requiring this type of accountability include Sarbanes-Oxley (SOX), the Payment Card Industry Data Security Standards (PCIDSS), the Health Insurance Portability and Accountability Act (HIPAA), the Energy Policy Act (NERC/FERC), and the Federal Information Security Management Act (FISMA).

“By leveraging the Uplogix Local Manager’s dedicated serial connection with managed devices and servers,” said Uplogix founder and CTO James Dollar, “Uplogix Local Management Software logs all changes made by users and the results of these changes. Our customers are able to document who did what, and with what impact to the network.”

While NCSAM materials say that everyone has a role to play in cyber security, Uplogix is working hard to remove some of the human contributions to cyber insecurity. Human error is largely responsible for the majority of cyber security infractions, whether accidental or due to the human nature to skip steps or try to shortcut procedures aimed at ensuring security. Uplogix automates many of level-1 network management tasks, removing humans—and their shortcomings—out of the process entirely.

Uplogix is a registered Industry Champion of the National Cyber Security Awareness Month for 2013.

For more information about Uplogix functionality for secure network administration, please visit www.uplogix.com/security.

Friday, October 11, 2013

Gartner on the rise of the machines

"Come with me if you want to live" -
not quite that dramatic. Maybe more
"Work with me if you want to be in IT."
This year's Gartner Symposium and ITXpo featured strong messages around the importance of the so-called digital workforce. Defined broadly as smart machines that take over tasks and work handled by humans, analysts forecast wide ramifications within the next seven years.

The focus of the presentations were smart machines that totally take over human jobs, having especially strong impact on highly-skilled positions in the tech industry - including IT professionals. Gartner Analyst Kenneth Brant said CIOs that don't prep for the digital workforce will likely have short careers, and the IT profession will be hit directly with overdue impact.

The key advice for IT leaders was for them to get ahead of the smart machine trend and start investigating. Then determine the impact on IT professionals, and finally to respect the human disruption that will accompany the redefinition of jobs. Gartner expects the smart machine era to be the most disruptive in the history of IT.

Of course, at Uplogix we're already deep into the smart machine world. Our Local Managers connect to other devices and manage them like a Level-One technician would -- if they never slept and always followed the run book to the letter. While this isn't redefining IT as we all know it, Local Management definitely has an impact on many of the tedious tasks that are part of running a network today. We like to think that we're making today's IT professionals more effective by automating the routine tasks and serving as an onsite toolbox and assistant for administrative functions conducted by humans.

This fits into the Gartner Hype Cycle for Emerging Technologies focused on "the evolving relationship between humans and machines..." While much of the discussion revolves around bio-related technologies like 3D bioprinting and neuro-interfaces, the three main trends are applicable to Uplogix:

  • Augmenting humans with technology 
  • Machines replacing humans
  • Humans and machines working alongside each other

The hype cycle follows a standard curve over time going through periods of increasing and decreasing expectations. Starting with the rise of Innovation Triggers to the Peak of Inflated Expectations, down through the Trough of Disillusionment, and finally rising through the Slope of Enlightenment to the Plateau of Productivity. 

Where is Uplogix on this curve? We'd like to say our growing customer base and increasingly wide distribution across different vertical markets puts us heads-down and marching up the Slope of Enlightenment. Maybe once we start putting in neuro-interfaces to our Local Managers we'll enjoy the view from that Plateau of Productivity...

Monday, October 7, 2013

Federal shutdown highlights need for network automation amid the trend toward doing more with less in IT

The Uplogix CTO offers an editorial on the overlooked
importance of network automation in federal initiatives
for data center consolidation and the cloud.
With the current federal shutdown, many federal employees are on furlough, yet essential operations continue. For IT groups, this is an expansion of the current trend of being asked to do more with less. Much of the focus in federal IT is on consolidation of data centers and cloud technologies for federal applications, but in a recent editorial Uplogix founder and CTO James Dollar warns that one area being overlooked is the network itself.

Centralization of information relies on robust connections for data and applications, and without reliable network management automation, the cost savings of high profile projects might be lost if traditional network management techniques are applied.

When it comes to providing faster, stronger networks, network management tools are getting better, but only incrementally because they still rely on trained humans to actually do most of the work. Dollar says real network management automation hasn’t taken off because of the basic issue that tools are still dependent on the network to manage the network. As a result, they are pretty much limited to reactive tasks like monitoring, dashboarding and analysis.

“Until IT groups move beyond this fundamentally flawed approach, they won’t be able to realize automation savings,” said Dollar in the editorial. “Just “keeping the lights on” for the network will continue to consume upwards of 50% of IT’s resources.”

By de-coupling the management of the network from the network itself, Dollar says, great gains can be made toward reducing the human effort required while providing the resilient networks needed for the success of cloud and other cost saving initiatives.

The Government Accountability Office (GAO) released a study that said about $55 billion of the $80 billion spent on federal IT goes toward steady state systems, while $25 billion goes to new development. Industry analyst Gartner says that typically infrastructure and operations spending accounts for about 50% of total IT headcount. Improving automation can free up substantial resources for cost reductions, new innovations, and even keeping the lights on during a government shutdown.

For more information about federal applications for Uplogix Local Management, please see www.uplogix.com/federal.