Network Security
11 May, 2012
What is Security Automation and Why is Trusted Computing Group Involved?
For years, IT and security staffs have struggled with integrating various hardware, software and services for enterprise IT. While many of these individual products serve important functions, they've traditionally existed as stand-alone products serving a specific purpose. And that worked fine for a while. But in today's fast moving and mission critical IT environment, users want more...more info about what's going on in the network...more info about what devices are connected...more info on who is coming and going and whether they're authorized to do so...and to make policy decisions based on this data.
There is a way to connect this stuff. About four years ago, Trusted Computing Group rolled out the IF-MAP (Metadata Access Protocol) interface, as part of its Trusted Network Connect, or TNC, architecture. At its core, IF-MAP is a simple way for all devices to communicate data to a common repository. In a nutshell, IF-MAP is a standard client/server protocol for accessing a Metadata Access Point (MAP). The MAP server has a database for storing information about network security events and objects (users, devices, etc.); it acts as a central clearinghouse for information that infrastructure devices can act on. The IF-MAP protocol defines a powerful publish/subscribe/search mechanism and an extensible set of identifiers and data types. MAP clients can publish metadata and/or consume metadata published by other clients.
Earlier this week, TCG announced some updates to improve the specification's interoperability and ease of implementation. You can read more about that here.
Today, active TNC contributor Lisa Lorenzin of Juniper Networks spoke to Interop attendees about using IF-MAP to automate security. Noted Lorenzin in her talk, "...We have a wealth of information in our networks, from various sources - policy servers, firewalls, switches, networking infrastructure, security components...most of that information is locked away in separate silos by product, by technology, by group within the organization..." She uses the Tower of Babel as an example of how info is in varying formats. IF-MAP is the common way to enable centralization and communication of information, enabling security automation.
Not at the show? You can view Lisa's deck here.
Network Security
Read Post