Hard to believe that I ever thought I would be sitting here wondering about the state of security as a viable career path. I have built my career up as a security dude/hacker for years, but lately I have been noticing a few things.
- Vendors are getting really good at detecting network anomalies and the interfaces are getting easier and easier to program.
- Threat vectors have become so large that now we look at a multi-tiered attack surface instead of a laser-beamed attack point.
- Some of the biggest threats are due to applications and bots.
Here's the thing. I have be tasked to write a TechWiseTV episode on security and truthfully, the stuff I have is really about as exciting as watching a grad student take a calculus exam. There is really nothing "new" under the sun. Oh, sure - product updates, faster detection, less false positives, this header manipulation or that compliance support; yada friggen yada... I refuse to do old attacks like BGP, ARP Spoofing, WPA cracking, etc... I need new stuff!!!
Kinda cool? Ummm... yeah... but I do not go out and by a new car every cycle to get a few nifty features. I suck it up and buy a car with a heated steering wheel when the one I currently have smokes out.
My question is this:
Have we finally done it and gotten to a point where security is handled via a SaaS provider?
Seems to me that a security design goes like this:
- Client-side protection (802.1X, TrustSec, AV, drive encryption)
- Device protection (TrustSec, SSHv2, DAI, SNMPv3, etc.)
- A firewall pair (deep rule set, N+1, line rate or close to it)
- Server Protection (TrustSec, drive encryption, AV)
- VPN subsystem (SSL, Mobile Phones, 3Des)
- Bonus: Log correlation device (OSSIM http://www.alienvault.com or MARS)
Press hard, the bottom copy is yours. (shout out to John Codrea!)
But the two BIG things on these devices are:
- How often are the devices updated to support the latest piss-ant bot, virus, DDOS or application vuln?
- How is MY staff is managing the massive amounts of data generated by these devices? Or do I just plug 'um in, config them and never touch them again?
Is that it? Have we gotten to a point of security templating? Sure, there are a few changes in every account, but for the most part; we security folks are battling the little stuff we have to wait on another vendor to take care. Not much I can do on an XSS except change the browser rules (or browser multiple times) or how many times can I email Adobe about yet another PDF exploit? To me, it feels like I am a security bottom feeder waiting on the next update. What fun is that? Once the gear is installed and tuned in, now what? Just turn it over to a SaaS provider and make sure the current threat level is addressed, I guess. When exploits get to the level of application exploitation, the hacker clearly has the advantage. They have an endless stream of applications, the element of surprise, endless worldwide resources and a complicated global legal system protecting them. They exploit and I wait for an update. I HAVE to have a team of full-time researchers 24x7x365 augmenting my staff to try and level the playing field. Point: SaaS security teams.
The real security action today seems to be at the research or hobbyist level, where folks are hunting C&C for bots and taking them down. Seems like many resellers I talk to agree that security folks are just not something they are asking for. It's nice to know to design to but a dedicated career? No room at the inn. I tell folks all the time that a solid knowledge in security can really make you stand out from others when you design a VOIP, Data Center or foundational network.
Am I wrong here? Is security still a good career path for folks interested? I do not believe so anymore and it hurts to say that. I believe it is like a augmentation skill like Unity in Mass Effect 2. There will always be security but more and more I see it having to be a more of a trusted third-party process that has those resources.
So what to about this show? Well, looks like ScanSafe is a good bet. IPS, ASA, CSA are out. LISP seems cool maybe some botnet stuff. Yawn... Is this really all there is??
Jimmy Ray Purser
Trivia File Transfer Protocol
The length, curl and texture of a dog's fur are controlled by only three genes.
Jimmy Ray Purser is the technical co-host for Cisco's TechWise and BizWise TV. Jimmy Ray also conducts advanced training for engineers across North America and Europe and regularly speaks at industry conferences such as VON, CeBIT, N+I, and Networkers. As a field engineer, Jimmy Ray experiences networking first hand behind the console or in the rack. He is an active member in the IEEE and the Ethernet Alliance and has designed, installed and tested numerous networks for Fortune 500 companies, the United States military and other institutions worldwide. He holds 3 U.S. patents for Ethernet security algorithms with two others pending and one defensive publication, as well as numerous other vendor certifications in networking and security.
Purser holds a Bachelor of Science degree in electrical engineering from Southern Illinois University is currently pursuing a master of science degree in electrical engineering.