ASTech Foundation – Where Are They Now? – Wedge Networks

Author Avatar Posted on June 24, 2015 by Wedge Networks Administrator

Published online by the ASTech Foundation – June 24, 2015

“To say the Internet of Things (IoT) is a diverse category of technology is an understatement. The list of IoT devices includes anything that can be connected to the cloud and, in 2015, this includes refrigerators, ovens, light switches, phones, cars and other devices that might have the word “smart” attached to it. The list is endless.

It is difficult to keep regular Internet usage safe, with researchers expecting the number of connected individuals to surpass 3.3 billion by the end of 2015. So, how do we account for these other devices that we take for granted and who is protecting them?

Wedge Networks was named a finalist for the 2010 ASTech Award for Outstanding Achievement in Information and Communications Technology Innovation for their work on web security. Since 2010, Wedge Networks has grown its operations focusing on protecting cloud-connected devices.

Wedge Networks now provides leading edge cloud security solutions to more than 18 million devices by protecting corporations, Internet service providers and individuals at the network level. This allows Wedge Networks to protect devices before intrusions affect end users and without interrupting systems along the way.”

To see the full article, visit ASTech.ca.

astech_logo_primary

Posted in Industry News, Wedge News | Leave a comment

Security As A Service Is No Longer Just A Liability

Author Avatar Posted on June 11, 2015 by Wedge Networks Administrator

Video Feature Published on ThirdNetworkNews.com – June 11, 2015

The MEF vision of an agile, assured and orchestrated Third Network promises unlimited benefits for global business, but one of the first reassurances the market will need is a promise of more consistent security – as a service, not just as a band-aid.

Third Network News provides a video in which industry experts discuss new ways of thinking about network security that align with Third Network principles. Included experts are:

  • Hongwen Zhang, CEO, Wedge Networks
  • Nan Chen, President, MEF
  • James Walker, President, OpenCloud Connect (formerly CloudEthernet Forum); VP of Managed Network Services, TATA Communications
  • Rob Ayoub, Research Director, NSS Labs
  • Iben Rodriguez, Principle Architect, Cloud and Virtualization, Spirent Communications

To view the video, please visit ThirdNetworkNews.com.

ThirdNetworkNewsLogo

Posted in Industry News, Latest Security News, Wedge News | Tagged , | Leave a comment

The Internet of Things is Here – But We Can’t Trust the Things

Author Avatar Posted on June 3, 2015 by Wedge Networks Administrator

-By Hongwen Zhang, CEO & Co-Founder, Wedge Networks and Co-Chair of the OpenCloud Connect Security Working Group
(Published on DataQuest India Online, June 3, 2015)

The Internet of Things needs secure network services through SDN and NFV – because nobody can secure the Things. Even if we try, we can’t keep the Things (better known as endpoints) secured. There are far too many mobile and wireless devices with an incredible variety of operating systems and hardware configurations. There are too many last-mile networks, from the enterprise WiFi to the coffee shop to the home to the playground. There are too many data centers, too many APIs. There are no borders. There is no trust — and there can’t be trust.

The Things cannot be secured. The best hope for preserving end-user privacy, for ensuring data integrity and for protecting devices against intrusions and corruption, is Software Defined Networking. More than that, layered on top of SDN, security implement via Network Functions Virtualization.

Let’s explore the problem, and then see why the only reasonable mass-market solution is to secure the network.

We can’t trust the Things. Smartphones, fitness bands, vending machines, thermostats, inventory control systems, weather stations, Internet cameras, WiFi routers. Who knows about the security of the device’s firmware and operating system? Think about hacked debit-card machines in retail stores. Think about Lenovo laptops with Superfish. Not good!

Many devices have no security or obsolescent encryption. Many can’t be updated, and many won’t be updated even if patches are offered. Let’s not even think about the devices where the password remains set to the factory default – a problem that’s plagued the industry for decades. Even when devices offer some sort of user authentication via software, it cannot be trusted. We have no idea who is using that device, or who might be watching its data.

We can’t trust last-mile networks. Airports, airplanes, coffee shops — we are all aware of the threat from sniffers watching for unencrypted data (such as logins and passwords). Man-in-the-middle attacks are not theoretical.

Compounding the challenge: In an IoT scenario we may not even be able to identify the networks handling the last mile or even 10 miles. We certainly can’t find that out from a cloud data center.

Packet headers from fitness bands or point-of-sale systems will reveal an IP address, but we don’t know who carried that packet, and if that carrier is trustworthy.

We can’t trust data centers and APIs. A data center is a black box. We know that data went in, and we know that data comes back out. What’s happening inside? Nobody knows. Whether the data center is in the cloud, at a host provider, or inside a corporate data center, there is no way of determining who has access to the IoT data. When we consider the range of IoT applications, from off-the-shelf health monitoring to bespoke instrumentation, it’s impossible to determine exactly which services are back-ending any particular product or service.

Today’s super-interconnected world of APIs (Application Programming Interfaces) adds to the uncertainty. Many cloud applications rely upon multiple cloud providers today, and that number is increasing. Free and paid APIs are increasingly attractive to developers. I predict that within a few years, we’ll find numerous security holes and breaches that were enabled both by cloud-to-cloud transactions and by the use of malicious (or hacked) web APIs.

We can’t protect the border when there is no border. The definition of a network has become increasingly nebulous. Long gone are the days when we could secure the intranet with a firewall appliance. The Internet of Things encompasses devices that would be inside the traditional intranet, but also outside. Homes. Customer sites. Employee smartphones that are on the enterprise WiFi one moment, and outside on WiFi or cellular data five minutes later.

This is the problem in a nutshell: We can’t trust the integrity of the end device’s security. We can’t determine exactly where the data is being processed and stored. We can’t reliably predict how the IoT device is connected to the back end, and what security looks like on those ever-changing pipes. And we can’t even define a secure perimeter to surround the Internet of Things.

The best way to secure IoT is by securing network services. Old approaches of heavy iron rigid security systems cannot be effectively used to provide enterprise grade large scale security coverage in network services due to high cost of deployment and management. SDN/NFV not also solves such high cost issue but also promises a much agile service provision process by dynamically defining the network that connects the IoT end devices to the back-end data centers or cloud services. At first, SDN may be implemented primarily in the cloud or the data center, and then expand to encompass carrier networks. At some point, it even may reach out or into the last-mile network, though that is years in the future.

Where SDN is implemented, Security-as-a-Service can be defined using NFV, providing the service provider with a measure of control and confidence that although the IoT devices can’t be secured, the network can be bound together into a single virtual network. Forget about fiber, cable, WiFi, cellular data. Think instead of secured VPNs, implemented even where traditional VPN technology isn’t supported.

Please see the full article at DataQuest India Online.

Dataquest logo

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , | Leave a comment

Can You Answer These 4 Questions About Your Network Security Policies?

Author Avatar Posted on May 27, 2015 by Wedge Networks Administrator

By Alan Zeichick, NetworkWorld, May 26, 2015

“Network security doesn’t have to be expensive, and it doesn’t have to be complicated. Yes, there are lots of excellent products, service and consultants ready to help improve your network security, and yet that shouldn’t be the first place an organization goes to prepare against hackers, insider threats, data loss and malware. Fancy new technologies won’t help if you’re not focusing on the roots of good cybersecurity. Let’s talk about some of the most important questions that people rarely ask about cybersecurity, perhaps because they seem so simplistic.

We all know that it doesn’t matter how good a home security system is if someone leaves the garage door open overnight – and a pricey car alarm doesn’t help if the keys and clicker are left in the ignition, and the car window’s open.

Here are four questions that reflect a foundation of security management. Your answers may help set the foundation of a solid security posture.

1. Are the network’s security policies up to date?

Creating a comprehensive security policy can be a nightmare. Endless meetings with stakeholders. Wheeling and dealing between IT and line-of-business management. Striking and re-striking the fine line between approving a policy that’s overly broad, and specifying so many minute details that the policy becomes too hard to implement. Not only that, but there are pressures to make policies as broad as possible to provide the least inconvenience to employees (and their managers who don’t have patience for such matters).

Like someone who buys a snazzy new smartphone only to see its twice-as-cool replacement announced the next day, once security policies are finished, those policies are almost immediately out of date.

Applications become decommissioned – and yet the application’s access ports remain active. New use cases are brought before the IT department. New on-premise applications go online, while some line-of-business departments write shadow contracts with cloud services providers. Are those covered by the security policy? Painful though it may be, security policies must be kept up to date, not only through regular reviews, but also by a process of actively amending the policy before security configurations are changed.

2. Are security configuration changes driven by security policy?

Continuing in that vein, there are myriad areas where security-related configuration changes are applied on a network. Firewalls and Intrusion Detection / Prevention Systems (IDPS) like those from Cisco or Wedge Networks are one area; change management systems like those from AlgoSec or Firemon are another.

There’s more to network security, though, than firewalls. Organizations need to configure policies on servers like Oracle or Microsoft Exchange; identity systems including Firebase or Okta; network routers and Wi-Fi access points; Virtual Private Network (VPN) servers, cloud-based applications like HubSpot or Salesforce.com; and of course, on-premise file and application servers.

Beyond routine moves, adds and changes to accommodate new employees or projects, changes to security settings in any of those areas should be policy-driven. When an application comes online, goes offline, or moves to another security zone on the network, the first step should be to document it within the security policy, while checking for conflicts or contradiction. Then, and only then, once changes to the policy are understood and approved, should administrators be allowed to make changes to firewalls, access control lists, Virtual LAN (VLAN) configurations, and so-on.”

For the full article, please visit NetworkWorld.com.

nwlogo10

Posted in Industry News, Latest Security News, Wedge News | Tagged , , | Leave a comment

Bring Your Own Encryption: The Case For Standards

Author Avatar Posted on May 13, 2015 by Wedge Networks Administrator

-By Hongwen Zhang, CEO & Co-Founder, Wedge Networks
(Published in Business Cloud News, May 13, 2015)

Being free to choose the most suitable encryption for your business seems like a good idea. But it will only work in a context of recognized standards across encryption systems and providers’ security platforms. Since the start of the 21st century, security has emerged from scare-story status to become one of IT users’ biggest issues – as survey after survey confirms. Along the way a number of uncomfortable lessons are still being learned.

The first lesson is that security technology must always be considered in a human context. No one still believes in a technological fix that will put an end to all security problems, because time and again we hear news of new types of cyber attack that bypass sophisticated and secure technology by targeting human nature – from alarming e-mails ostensibly from official sources, to friendly social invitations to share a funny download; from a harmless-looking USB stick ‘accidentally’ dropped by the office entrance, to the fake policeman demanding a few personal details to verify that you are not criminally liable.

And that explains the article’s heading: a balance must be struck between achieving the desired level of protection against keeping all protection procedures quick and simple. Every minute spent making things secure is a minute lost to productivity – so the heading could equally have said “balancing security with efficiency”.

The second lesson still being learned is never to fully trust to instinct in security matters. It is instinctive to obey instructions that appear to come from an authoritative source, or to respond in an open, friendly manner to a friendly approach – and those are just the sort of instincts that are exploited by IT scams. Instincts can open us to attack, and they can also evoke inappropriate caution.

In the first years of major cloud uptake there was the oft-repeated advice to business that the sensible course would be to use public cloud services to simplify mundane operations, but that critical or high priority data should not be trusted to a public cloud service but kept under control in a private cloud. Instinctively this made sense: you should not allow your secrets to float about in a cloud where you have no idea where they are stored or who is in charge of them.

The irony is that the cloud – being so obviously vulnerable and inviting to attackers – is constantly being reinforced with the most sophisticated security measures: so data in the cloud is probably far better protected than any SME could afford to secure its own data internally. It is like air travel: because flying is instinctively scary, so much has been spent to make it safe that you are

less likely to die on a flight than you are driving the same journey in the “safety” of your own car. The biggest risk in air travel is in the journey to the airport, just as the biggest risk in cloud computing lies in the data’s passage to the cloud – hence the importance of a secure line to a cloud service.

So let us look at encryption in the light of those two lessons. Instinctively it makes sense to keep full control of your own encryption and keys, rather than let them get into any stranger’s hands – so how far do we trust that instinct, bearing in mind the need also to balance security against efficiency?

Please see the full article at Business Cloud News.

BusinessCloudNews

Posted in Industry News, Latest Security News, Wedge News | Tagged , , | Leave a comment

Yes, Virginia, NFV Services Can Be Testable, Scalable and Predictable

Author Avatar Posted on April 28, 2015 by Wedge Networks Administrator

By Alan Zeichick, NetworkWorld, April 28, 2015

“A year is a long time in this business, and it’s great that NFV software embedded in a software-defined network has moved from ‘by golly, it works!’ proof-of-concept to a hard-driving test that shows reliable performance under load.

One of the coolest demonstrations at the RSA Conference in San Francisco was of a network functions virtualization (NFV)-based firewall and Deep Content Inspection engine embedded into the software-defined networking (SDN) control plane of a heavily laden network. The firewall/DCI engine filtered content and blocked SQL injection attacks in real time, without slowing down the simulated network.

The OpenStack-based testbed was created and run by Spirent, a Southern California firm well known for its network testing platform. The security firm with the firewall and DCI engine was Wedge Networks, a Canadian company that’s focused on the cloud.

The testbed validated the ability of WedgeOS – Wedge’s virtualized firewall and Deep Content Inspector – to block identified content in the OpenStack-based virtual environment.”

For the full article, please see NetworkWorld.com.

nwlogo10

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , | Leave a comment

Wedge Networks and Spirent Demonstrate the Security, Flexibility, and Scalability of the Open Cloud

Author Avatar Posted on April 22, 2015 by Wedge Networks Administrator

Wedge Cloud Network Defense™ embeds high-performance security in a virtual test network orchestrated and measured by Spirent

San Francisco, April 21, 2015 —Wedge Networks and Spirent Communications jointly demonstrate that NFV-based functionality can be embedded into cloud networks as virtual services – and that those services can exhibit the performance, predictability, scalability and elasticity required by commercial operators and enterprise customers today.

The test validates the ability of WedgeOS™ and Wedge NFV-S – the underlying security service engine of Cloud Network Defense™ (CND) – to identify and block identified content in an OpenStack-based cloud environment. Using Spirent Avalanche to generate stateful traffic and malicious attacks, WedgeOS™ will block malicious content based on configured policies. Spirent Velocity will orchestrate the test environment while using Spirent iTest to automate the test cases.

The demo also showcases the OpenCloud Reference Architecture recently released by OpenCloud Connect, an industry association focused on creating cloud service standards. OpenCloud Connect (formerly known as the CloudEthernet Forum) has also developed the OpenCloud Project, an open test bed for validating end-to-end interoperability for cloud, datacenter and network services.

Dr. Hongwen Zhang, CEO of Wedge Networks, said: “Today’s network is a cloud-connected network, and cloud-connected networks require a different vision of security than traditional networks. Because NFV-S embeds security into the data plane of network, you now have security applied inherently as a characteristic of the network. Therefore, users don’t have to suffer the same security issues as in the old network model with traditional security implemented on the end point itself or at the network perimeter. ”

Scott Parcel, Spirent VP of Marketing & Operations, said: “This demonstration shows that the performance of NFV solutions can be reliably predicted, and shown to scale elastically to handle traffic growth and spikes. Customers migrating to virtual networks from physical network devices need to see this predictability in order to have confidence in deploying NFV services.”

Spirent and Wedge Networks will be showing this demo at the RSA Conference in Booth (South Expo #S2027). The two companies will repeat the demonstration at Interop in Las Vegas, from Apr. 28-30, in Booth 820.

About Wedge

Wedge Networks™ is transforming the way security is delivered. Powered by the innovative WedgeOS™, Wedge Networks’ Cloud Network Defense™ platform is designed to combat the shifting threat landscape associated with cloud, mobility, Internet of Things and consumerization of IT. By embedding security within the network as an elastic, scalable service, it is the only cloud security solution to perform high-performance content inspection without requiring traffic to leave the network. The award winning Wedge Platform™ is deployed globally, delivering security protection for tens of millions of users in Fortune 500 companies, government agencies, internet services providers, and across all industry verticals. Wedge Networks is headquartered in Calgary, Canada and has international offices in Dallas, USA; Beijing, China; and Manama, Bahrain. For further information visit: http://www.wedgenetworks.com/

About Spirent Communications

Spirent Communications plc. (LSE: SPT), a global leader in test and measurement, offers an extensive portfolio of solutions to test data centers, cloud computing and virtualized environments, high speed Ethernet networks and services, 3G/4G wireless networks and devices, network and application security, and positioning technologies. For more information visit, www.spirent.com

Contacts:
Zonic Group
Hannah Whitrow
+ 44 7760806070
hwhitrow@zonicgroup.com

Posted in Industry News, Wedge News | Tagged , , , | Leave a comment

The Internet of Things is Here – But We Can’t Trust the Things

Author Avatar Posted on April 17, 2015 by Wedge Networks Administrator

Wedge CEO, Dr. Hongwen Zhang’s article is featured at SDxCentral.com.

“The Internet of Things needs secure network services through SDN and NFV – because nobody can secure the things. Even if we try, we can’t keep the things (better known as endpoints) secured. There are far too many mobile and wireless devices with an incredible variety of operating systems and hardware configurations. There are too many last-mile networks, from the enterprise Wi-Fi to the coffee shop to the home to the playground. There are too many data centres, too many APIs. There are no borders. There is no trust – and there can’t be trust.

The things cannot be secured. The best hope for preserving end-user privacy, for ensuring data integrity and for protecting devices against intrusions and corruption, is software-defined networking. And more than that, layered on top of SDN, security implemented via network functions virtualization.”

For the full article, please see SDxCentral.com.

sdxcentral

Posted in Industry News, Latest Security News, Wedge News | Tagged , , | Leave a comment

Bring Your Own Encryption: New Term in the Cloud Age

Author Avatar Posted on April 6, 2015 by Wedge Networks Administrator

By Hongwen Zhang, Wedge CEO and Chair Security Working Group, CloudEthernet Forum – Monday, April 6, 2015

“The idea of encryption is as old as the concept of written language, but with the spread of literacy, ever more care had to be taken to make sure that only the privileged few can read the hidden message. Today’s encryption typically relies on some sort of “key” to unlock and make sense of the message it contains, and that adds a new level to the problem: now the message is secure, the focus shifts to protecting the key.

In the case of access to cloud services: if we are encrypting data because we are worried about its security in an unknown cloud, why then should we trust the same cloud to hold the encryption keys? Hot on the heels of BYOD – or “Bring Your Own Device” to the workplace – come the acronym for Bring Your Own Key (BYOK).

Microsoft recently announced a new solution using HSMs (Hardware Security Modules) – so that an enterprise customer can use its own internal HSM to produce a master key that is then transmitted to the HSM within the Windows Azure cloud. This provides secure encryption and means that not even Microsoft can read it – because they do not have the master key hidden in the enterprise HSM.

It is not so much that enterprises cannot trust Microsoft, but more to do with legal complexities. In the wake of Snowden revelations, it is becoming known that even the best protected data might be at risk from a government or legal subpoena demanding to reveal its content. Under this BYOK system, however, Microsoft cannot be forced to reveal the enterprise’s secrets because it cannot access them itself, and the responsibility lies only with the owner.

This is increasingly important because of other legal pressures that insist on restricting access to certain types of data. A government can, for example, forbid anyone from allowing data of national importance to leave the country – no simple matter in a globally connected IP network. There are also increasing legal pressures on holders of personal data to guarantee levels of privacy.”

For the full article, please see NetworksAsia.net.

NetworksAsia Logo

Posted in Industry News, Latest Security News, Wedge News | Tagged , , | Leave a comment

Software Defined Networks + Security = Cloud Innovation

Author Avatar Posted on March 13, 2015 by Wedge Networks Administrator

March 10, 2015 – TMC News (Staff Writer)

Software Defined Networks + Security = Cloud Innovation. The mind often boggles when thinking about innovation in the cloud. The cloud, after all, enables everything from mobile gaming to business computing, and the players behind the cloud are involved in data centers, infrastructure, networking, wireless, software development, and more. As we think about the Clouded Leopards Den 2015 cloud innovation price, let’s ponder one great example of a cloud innovator: Wedge Networks.

Wedge Networks is all about security, with a focus on service providers like Internet service providers, cloud hosting companies, and even large enterprises.

The heart of the company’s offerings is WedgeOS, a Deep Content Inspector security platform that can provide real-time object-level analysis of network traffic. With WedgeOS, not only can the individual parts of an individual network packet be thoroughly analyzed for threats, but the higher-level digital objects carried over many network packets can also be recognized and handled. In other words, WedgeOS can be used to block network malware, enable data loss prevention, implement anti-spam systems, load up a firewall, provision security policies, and more.

For more information, view the whole article at tmcnet.com.

TMCnet-telecom-logo

Posted in Industry News, Latest Security News, Wedge News | Tagged , , | Leave a comment