Qualys Blog

www.qualys.com

FireMon – Traffic Engineer for the Corporate Network

LAS VEGAS – In the 1950s, British transportation expert John Glen Wardrop popularized several theories related to network equilibrium models that are useful for predicting traffic patterns and congestion. To prove the theories, he used a tool to help collect data – cables that registered when cars drove over it.

Fast forward 60 years and the same principles are being applied to solving traffic jams on a different type of network – corporate networks. In the area of network security, QualysGuard Vulnerability Management is the default solution to show corporations the risk posture of their networks, Ward Holloway, vice president of business development at FireMon, said in a session at Qualys Security Conference 2013 on Friday. “It’s effective at its job, the backbone of you being able to assess risk in your environment, like a data cable,” he said.Traffic Jam
    photo credit: Buzrael

“But as network security practitioners, you may be working with a complex (environment), multiple data centers around the world, different connections to different partners, tens of thousands of remote connections. When you run a scanner it’s not unusual to be told there are 85,000-90,000 vulnerabilities in an entire infrastructure,” Holloway said. “Which one do you focus on and fix first?”

Similar to traffic engineering, it helps to see the full context of the environment. Upstream, there may be a firewall that blocks all SQL coming into the segment, for example. Or there could be a low-value asset, say a Windows machine running a legacy, outdated billing application, which doesn’t need immediate patching. However, due to a firewall misconfiguration, the server is reachable from the outside, potentially putting valuable financial data at risk.

To address this, FireMon offers an automated traffic management system for risk in corporate environments that allows customers to take the Qualys data and overlay it with the knowledge of the network layout, the switches and routers and intrusion prevention systems to see “exactly how data travels through the network,” according to Holloway. For instance, a corporation could find out that “out of 5,000 vulnerabilities, there’s only 400 you need to worry about that are actually reachable right now,” and of those, only 30 are vulnerable to remote code execution, so fix them first.

Now that’s one way to keep bad guys out of the network.

Leave a Reply