Archive by Author | James Naylor

Black Friday, DDoS and another IT headache!

Linear Scalability would have made some retailers a lot more money on Black Friday and left them better prepared for the peak in internet traffic. Why might you ask is this possible? Anybody watching the news, surfing the web or actually leaving the comfort of their armchairs to visit a shop in person this weekend can’t have missed the phenomenon called “Black Friday” arriving in the UK.

Now I’m not one to dismiss new trends and indeed I would consider myself an “early adopter” on the axis of the maturity curve; however Black Friday bought two big issues out in to the open for retailers. The first and not my interest today, was the requirement for many of the UK Police forces to deploy teams of police in riot gear to manage the hysteria as waves of people flocked to the stores to pick up a bargain. The second was the legitimate Volumetric Denial of Service (DoS) attack that retailers invited to their sites on the back of the torrent of advertising emails that were sent out in the run up to the event.Black Friday

For those of you who don’t understand what Volumetric a Denial of Service attack is, Arbor Networks classifies it as an “attempt to consume the bandwidth either within the target network/service , or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.” And that’s exactly what happened on many commercial websites with the number of visits and site requests swamping them and causing so much congestion that people couldn’t get on them to find a bargain let alone buy one!

Now we’ve all seen this kind of issue with ticket sites – you want to buy tickets for the latest band and spend hours waiting to get in to a queue to buy them. But retailers were caught out and several implemented queuing systems through the course of the day which I’m sure infuriated many people as they had to wait up to an hour to get access to the site. Some might say that this isn’t an issue as it’s a British tradition to queue patiently for things – however the internet isn’t British and in this “always on, always connected world” we are moving towards, a queuing system quite frankly doesn’t cut it with today’s “always on, always connected” internet consumers.

The dilemma facing retailers is that to implement infrastructure that supports that amount of availability when it isn’t used for much of the year isn’t cost effective. Which is why many have resorted to a queuing system that throttles traffic to the back end systems and ensures that the website stays up and running and delivering acceptable performance and reaction times to those accessing it. In doing so however a large proportion of the potential spending population will go elsewhere and therefore whilst no doubt profitable, many retailers failed to maximise the potential of Black Friday.

So what are the alternatives? Linear Scalability is one solution to this problem – the ability to deliver continuous throughput through the provision of on the fly additional infrastructure. This where cloud services can provide the answer and Computacenter can assist. Cloud adoption has been slow in the main as a result of security concerns – why would you trust your crown jewels and intellection property (IP) to a cloud provider when it’s a challenge to protect it within your own datacenters? And this is where we are missing a trick… Most organisations if they looked at the bottlenecks in their systems on Friday would have quickly realised that the issue lay in the web delivery capability which wasn’t able to meet the number of requests being made and not the application or database servers sitting at the back end. By moving or complementing the delivery engine in the cloud, many retailers would be able to maintain performance and the IP would have stayed in the corporate datacenter but the content delivery would have expanded exponentially to cope with demand.

In a “Pay Per CPU Per Hour” cloud model Computacenter can help you implement the necessary architecture to provision and decommission infrastructure on the fly thus allowing you to maximise the money making potential of events such as Black Friday and other peaks in sales throughout the year. Taking the analogy further, if you were able to provision such infrastructure on the fly then why have a DR datacenter sitting idle for much of the year and why not do this to mitigate nefarious Distributed Denial of Service (DDoS) attacks? Equally why tie yourself to one cloud provider when you can go where the most cost effective solution is on a month to month basis?

Computacenter is one of the few organisations that can help you with the end to end delivery of such solutions and won F5’s 2014 “Rising Star” award this year in recognition of our innovation and integration of the F5 portfolio in to our solutions. To implement linear scalability you need a raft of vendors – from load balancing and provisioning to networking and datacenter; we have one of the most comprehensive capabilities in Europe and can build and demonstrate this to you in our Customer Solutions Centre in Hatfield.

In an always on, always connected world where website usability and reaction times are proportional to the profitability, why wouldn’t you come and talk to us?

The Threat Landscape Has Changed Once Again…

The front page of Today’s Metro highlighted something that the security industry has been calling out for a while – what was once complicated technology is now commonplace in our homes – in our computers, tablets, routers, digital televisions and even domestic appliances such as smart fridges and unfortunately much of it is vulnerable to compromise.

Researchers at Proofpoint and Lancope have identified compromised household appliances being used to send Spam.  Should we be worried?  Personally I think we should heed this warning – many of these devices are running old operating systems that are open to compromise; something driven by the ongoing drive for value and cost effective computing.  This is in all likelihood the tip of the iceberg – Manufacturers need to accept responsibility and more importantly start to develop self healing operating systems that update on demand from trusted sources – let’s hope the industry takes heed and consumers accept what will be more expensive systems in the future.  

In a similar vein for a while now I’ve been concerned about the amount of power in our mobile devices.  Whilst the UK bucks the trend with a penchant for the seemingly secure Apple operating system, much of Europe favours the Android operating system which has been targeted by criminals for some time.  Couple this to the uncapped “all you can eat” internet packages and we have an attack vector much larger than many botnets – I only hope that the mobile network operators are well prepared.  

It’s a moot point when you consider that increasingly users trust their phones more than their computers that we suddenly find ourselves in a situation where those devices we trust the most potentially present the biggest threat to our security.  This is even more prevalent when we consider the amount of data now traversing business devices – the endpoint is mobilising and organisations are increasingly looking to securely enable and empower employees.  In this rapidly changing landscape it’s critical that the right security strategy is deployed. 

Computacenter delivers differentiated security solutions – from email and web gateway security solutions to advanced persistent threat mitigation and from desktop to datacenter and network to cloud we have end to end solutions that help maintain the security posture of your organisation.

It’s the New Year – Out with the Old McAfee and in with the New Intel Security?

Intel’s announcement last week that the McAfee name was being retired was greeted with varied responses but McAfee is and always was a serious security vendor and the always connected strategy is one that plays well in the current threat landscape.  At Computacenter we view security across Workplace and Datacenter, network and cloud and as such Intel Security is one of the few vendors that can stake a claim right the way across the organisation.  Visibility across this piece with effective correlation of security events alongside the Global Threat Intelligence platform makes Intel Security a great solution if visibility were key.

Vendors get acquired and product names change so what’s different about Intel’s rebranding of McAfee?  Well this marks the completion of the integration of Intel and Mcafee’s security organisations and brings two logos that are synominous with computing and security together.  In the same conference Intel Security Group announced their intention to make mobile security free later this year.  Some components of mobile versions of McAfee software will be free to use on iOS and Android devices, while Intel will introduce Intel Device Protection technology this year to improve enterprise security of all Intel-based Android mobile decisions.  This move I have to applaud as malware on the Android platform has been an issue for some time now and it’s long been my assertion that with the increased processing power and unlimited bandwidth of many phone contracts lays open the potential abuse of these platforms for nefarious means.

Fear, uncertainty and doubt aside Intel have the potential to dramatically change the threat landscape and mitigation of the majority of malware on mobile devices is to be applauded – in the commoditised world of mobile phones consumers shouldn’t have to worry about malware stealing information from devices that are increasingly more trusted than online banking apps in a standard browser.  It does however beg the question why Windows Mobile 8 seems to be missing from the mix and maybe the answer lies in the integrated security of the platform – only time will tell whether this becomes the next target for criminals and state hactivists.

So what are the implications of a grown up Intel Security Proposition?  2013 was the year in which the market shifted from a prevention strategy to one of detection and mitigation – from “It’s not when you are breached but how soon you detect and mitigate a breach.”  From an organisation that drives the global computing evolution I’m expecting great things – imagine a safe internet where computing environments self heal and mitigate against a trusted baseline and where there is no scope for running malware to impact or exfiltrate information.  Let’s be honest the only thing that is probably preventing this is sheer computing power – A cohesive Intel Security Strategy promises great things and I look forward to what Intel Security has in store.

One of The Greatest Security Road Shows is About to Roll in to Town!

Infosecurity Europe starts on the 23rd April and historically has seen the latest and greatest IT security products launched to fanfare, song and even scantily clad ladies all vying for the industry’s acclaim and market share.  

However in recent years the market has changed and we no longer have the luxury of waiting for the annual Infosec to launch new products – they’re released when ready as competitive edge has become all-consuming and the threat landscape unrelenting in its diversity and evolution.  At least the latter is what vendors will have you believe – the truth is that security mitigation is becoming a commoditised landscape which is no doubt why certain vendors have stayed away in recent years. 

But commoditisation doesn’t meant that the problem is fixed – you know how to mitigate known threats  – it’s the unknown that’s the big issue.  If you’re going to Infosec the following should be on your to do list – if you want a differentiated view of the vendor landscape please feel free to contact me: 

  • Ddos – Distributed Denial of Service Attacks – historically mitigated in the cloud – Ddos is getting smarter and moving closer to the application layer making it a harder problem to resolve in the cloud – a blended approach of on premise and cloud is evolving.
  • APTs – Advanced Persistent Threats – those threats that we don’t know or have a method for detecting are those pieces of malware written by teams focussed on breaching an individual organisation – brand focussed and hell-bent on financial gain – ignorance is no longer a satisfactory excuse and IT Security teams have to have an answer.
  • BYOD – Securing the device isn’t enough – If always on computing is going to become a reality we need to secure communication within the device and more importantly the applications communicating with one another on the device.
  • Risk Based Computing – Security used to be built around trusted devices, secure connections and 2 Factor Authentication to identify the user.  The threat landscape has changed this – it’s about untrusted devices, enablement and did I mention threat mitigation?  A risk based approach to computing, enablement and threat mitigation is about to be released to the market – remember you heard it here…
  • Cloud Computing – won’t become mainstream until we can secure the content – a cohesive approach to securing the cloud is the only way forward –naturally Computacenter has the answer. 

I’ll be at the show on Wednesday – for a lively discussion you can contact me through your account manager or this page.

Fear Uncertainty and Doubt? Embrace the “New Normal”

Fear Uncertainty and Doubt or FUD has become a mantra with vendors – put simply get over it!

With one week to go until the RSA Security Summit  – The world’s changing, IT security is evolving and if the vendors are to be believed there’s a Cyber War raging on the internet!  Distributed Denial of Service (Ddos), State led hackivism and the ever present Advanced Persistent Threat (APT) all challenge your business led initiatives of mobility and enablement against a backdrop of Governance Risk and Compliance and gaps will exist in most security strategies.

Welcome to the “New Normal” – we don’t know what tomorrow’s challenges will bring but here, today business outcomes need to be delivered and the conventional network led approach to security whilst necessary isn’t the most efficient route to success.  Computacenter is speaking at RSA’s Security Summit on the 22nd April – come and hear about a different approach to resolving your security outcomes.

James