Pete Silva

Lori MacVittie Interview at Cloud Connect

Pete Silva — Sat, 20 Mar 2010 00:14:06 GMT

I got a chance to sit down with another member of the Technical Marketing Team at F5, Lori MacVittie at the Cloud Connect conference in Santa Clara this week. We chat about Web 2.0, Infrastructure 2.0, dynamic networks, cloud interoperability standards, what 3.0 looks like and a few other things. Thanks Lori!

Technorati Tags: MacVittie, F5, infrastructure 2.0, integration, collaboration, standards, cloud connect, Pete Silva,F5,security,application security,network security, business, education, technology

Smart Cities – From IDC Directions 2010

Pete Silva — Fri, 19 Mar 2010 17:12:32 GMT

ATT showed up at my door yesterday explaining that they are pulling all the copper (as he pointed up at the telephone pole) and replacing it with fiber to the home. It’s fun watching these young sales guys go for the immediate assumptive close with, ‘You’re one of the lucky ones and now your phone, internet and cable will be going over fiber – which package best suits you?’ I’m not one of those ‘triple-play’ fans but the whole ‘fiber to the home’ reminded me of a presentation I saw last week at the IDC Directions 2010 in San Jose: Smart Cities: Proving Ground for the Intelligent Economy from Rick Nicholson, VP Research, IDC Energy Insights. There are two big mega trends, as he put it, to the Smart City: Urbanization and Intelligent Technologies.

Urbanization. As Wellington E. Webb, the former Mayor of Denver put it, ‘19^th century had Empires, 20^th century had Nation States and the 21^st Century will be a century of Cities. The percent of people moving to cities is on the rise.

Intelligent Technologies. There are many Intelligent Devices like smart meters, sensors, camera, smartcards, cell phones and all the other devices that capture and send data. There are also pervasive Broadband networks to connect all the devices and there are Analytics and Social Media to process all the real time information. Devices plus Technology drives Smart Cities.

Why are people moving toward a Smart City? There is Sustainability. Things like going green, conserving water, power and resources is not only smart for the planet but to our overall survival. There is a business reason - economic development is occurring in these cities and there is Stimulus Funding to jump start these ventures. A Smart City infrastructure needs to support Energy, Network Communications, Water, Transportation, Buildings, City Services and it’s technology that ties these all together. There are also many IT opportunities in the Smart City. Energy is one. Rick explained that electric use has doubled from 1973 and continues to grow. Cities must meet that demand with clean, efficient energy while managing energy costs. With the Smart Grid, there are opportunities for hardware, software, devices and communications. There are smart meters and grid sensors, there are electric vehicles and their networks - and all these need software and analytics to help manage use. He talked about Transportation as a Service, Car 2.0 or Mobility on Demand. For a fee (which includes everything – gas, maintenance, insurance), you can pick up a ‘TaaS’ car where ever it may be parked, use a special smartcard to unlock & start it and leave it at certain approved locations (with the smartcard capturing time/mileage/etc) for the next customer to drive. You need routing and sharing information, charging stations, back office CRM and Asset Management software along with consumer services to make it all work. A Daimler venture called Car2Go is in a pilot trial in Austin, TX.

In Health Care, the aging population, costs, chronic disease all bump up against the quality of life expectations we all have. Both for better care and controlling costs we now have telemedicine, remote patient monitoring, intelligent devices, electronic health records, patient portals and so forth. All these need to communicate, coordinate and collaborate for proper end user care.

In Retail, there is a battle between the small urban shop and the large suburban warehouses. It costs more money to deliver goods to cities so shelf space and understanding what the consumer wants/needs is very critical. In-store technology includes things like, self service check out, mobile Personal Shopping Assistants and digital signage. Once again, back office software and infrastructure are a major components. Partnering with someone who’s building out a lot of this infrastructure or providing the devices, might be advantageous according to Rick.

For Financial Services and consumer banking in the urban area, there will be fewer and smaller branches, fewer specialists and already, there is some acceptance of consumer self service. Smart Banking will have Personal Teller Machines which is essentially an ATM but with video and voice. There’s mobile banking, security & fraud analytics and again, back office software, a dynamic infrastructure and those specialized controllers to seamlessly integrate and deliver all these.

He sees these Smart Cities gaining traction in mid-size cities, like Austin, TX who wants to become the Clean-Tech Capital with their Pecan Street Project. Amsterdam is another example of sustainable living in a port city. Now, instead of having the ships dock and run their diesel generators, they can plug in at the port which reduces noise and pollution. He mentioned that many of these projects are still in the early stages and establishing a Brand now is important. Here too, partnering with engineering firms, contractors, construction and the makers of the intelligent devices is a great way to get in at the beginning and says there is a $200 Billion market globally.

The Bullets:

Need to sell to both public and private consortia
Look for Smart Cities popping in medium size urban areas since these are still in development
Emerging markets in Asia and the Middle East are ripe since they are essentially starting from scratch.

Technorati Tags: Pete Silva,F5,security,application security,network security, business, education, technology

Self Serve Security

Pete Silva — Thu, 18 Mar 2010 04:03:45 GMT

Education of users has become a hot topic of late. The final keynote at the recent RSA Conference was all about using education to combat cybercrime. This article has statistics showing that, when Small and Mid-Market companies were asked, ‘what would help improve the level of security at their companies,’ 75% (48% for employees & another 25% for senior management) said Security Awareness. And, the recent issue of SC Magazine featured an article where Dan Beard, the Chief Administration Office for the House of Representatives says that organizations must educate end users and that end user education is the weakest link in cyber security. In that same article, Stephen Scharf, CISO at Experian explains:

“The human element is the largest security risk in any organization,”…“Most security incidents are the result of human errors and human ignorance and not malicious intent. Therefore, it is critical that significant effort is focused on education and awareness to reduce these occurrences.”

The human element has always played a role in security, cyber or otherwise. Growing up in Rhode Island, we used to always leave the keys in the ignition of the vehicles parked in our driveway. We felt safe were we lived – and granted, we lived in a rural area so the main crimes committed were things like stealing eggs from Carpenter’s Farm. Certainly, there are still plenty of areas and towns that have that type cocoon. As I went off to college in Milwaukee, I had to remind myself early on – ‘you’re not in Wakefield anymore,’ since I’d instinctively leave my wallet crammed in the sun visor of my Rabbit Diesel. I had to change my behavior when I moved from a small rural area to a larger city. Internet users must do the same but we are creatures of habit. Similar to leaving a wallet in the car, since that’s what I did most of driving life up to that point, many internet users still behave as if it’s 1995 and they are still on Prodigy. The threats are different and more severe but behavior is the same. Times change but sometimes people don’t, won’t or can’t.

As all those articles point out, End User Education is vitally important to any organization and should be a key part of the overall IT security strategy. Users knowing what and what not to do when something seems fishy is an important part of your defense – especially when it’s something your firewalls, WAFs, IDS/IPS and other perimeter mechanisms might have missed. Education needs to be ongoing however and not a one shot deal since, according to Dr. Maxwell Maltz, it takes 21 days to make or break a habit. This has since been deemed a myth and everyone is different but it does bring up a good point. Security education, training and knowledge is not an overnight cram session – any security professional will attest to that. A single afternoon meeting going over ‘corporate policies for end users’ regarding information security will not help those who already have bad habits. It needs to be ongoing, consistent and relevant to their daily lives, including the serious consequences of poor behavior. Help users understand the risks/threats, break the bad habits that might lead to exposure and secure your infrastructure in a way that no piece of hardware/software can. Help users help themselves.

While not directly security related, F5 recently started offering Free Web Based Training for our end users. IT admins are end users too, ya know. F5 Networks Web-Based Training (WBT) courses introduce you to basic technology concepts related to F5 technology, recent changes to F5 products and basic configurations for BIG-IP Local Traffic Manager (LTM). These are self-paced and you can access them at any time and as many times as you like. The cool thing is if you complete all of the lectures and labs for the LTM Essentials WBT, you have met the prerequisite requirements for the Advanced Topics, Troubleshooting, and iRules classes.

In 5 Minutes Video - How I Create an ‘In 5 Minutes or Less’ Video

Pete Silva — Thu, 11 Mar 2010 17:39:15 GMT

Thought it would be fun to produce one of these even though I got a new timer now. I show how I create an In 5 Minutes Video, In 5 Minutes or Less. Behind the scenes in 5 Minutes. :-)

Technorati Tags: Pete Silva,F5,security,application security,network security, education, technology, social networking, webinar, video

In 5 Minutes Video - Smart Connection with the BIG-IP Edge Client

Pete Silva — Thu, 11 Mar 2010 13:54:06 GMT

Watch how the F5 Networks BIG-IP Edge Client solution gets you connected automatically when you boot/start up your computer along with seeing browser based access of the F5 BIG-IP Edge Gateway.

Technorati Tags: Pete Silva,F5,security,application security,network security, business, banks, education, technology, social networking, webinar, video

Dan Kaminsky Interview Part I

Pete Silva — Tue, 09 Mar 2010 21:49:36 GMT

Peter Silva of F5 sits down with IOActive's Dan Kaminsky. In this extremely informative and lively discussion, the Domain Name System is the topic. DNS infrastructure, DNS vulnerabilities including DNS Cache Poisoning, DNSSEC and what's happened since the discovery of the flaw are all discussed. In 3-10 minute segments.

Technorati Tags: Pete Silva,F5,security,application security,network security, business, banks, education, economy, technology, blogging, blogs, social networking, webinar, video, partners

Dan Kaminsky Interview Part II

Pete Silva — Tue, 09 Mar 2010 21:43:44 GMT

Peter Silva of F5 continues his conversation with IOActive's Dan Kaminsky. Please see Part 1 for complete description. In this segment, Dan talks about the discovery of DNS Cache Poisoning, DNSSEC and the overall importance of DNS to the Internet.

Technorati Tags: Pete Silva,F5,security,application security,network security, business, banks, education, economy, technology, blogging, blogs, social networking, webinar, video, partners

Dan Kaminsky Interview Part III

Pete Silva — Tue, 09 Mar 2010 21:37:31 GMT

Peter Silva of F5 finishes his chat with IOActive's Dan Kaminsky. Please see Part 1 for complete description. In this segment, DNSSEC conversation continues and Dan explains what's happened since his discovery of DNS Cache Poisoning vulnerability. And info on an upcoming DNSSEC Webinar.

Technorati Tags: Pete Silva,F5,security,application security,network security, business, banks, education, economy, technology, blogging, blogs, social networking, webinar, video, partners

F5 Networks Partner Spotlight - Splunk

Pete Silva — Tue, 09 Mar 2010 20:48:46 GMT

Peter Silva interviews Will Hayes of Splunk during the 2010 RSA Conference. Part of F5 Networks Partner Spotlight Week at RSA.

Technorati Tags: Pete Silva,F5,security,application security,network security, business, banks, education, economy, technology, blogging, blogs, social networking, webinar, video, partners

F5 Networks Partner Spotlight - Layer 7 Technologies

Pete Silva — Tue, 09 Mar 2010 20:41:30 GMT

Peter Silva interviews Scott Morrison, CTO of Layer 7 Technologies during the 2010 RSA Conference. Part of F5 Networks Partner Spotlight Week at RSA.

Technorati Tags: Pete Silva,F5,security,application security,network security, business, banks, education, economy, technology, blogging, blogs, social networking, webinar, video, partners

F5 Networks Partner Spotlight - OPSWAT

Pete Silva — Tue, 09 Mar 2010 20:32:16 GMT

Peter Silva interviews Benny Czarny, CEO of OPSWAT during the 2010 RSA Conference. Part of F5 Networks Partner Spotlight Week at RSA. f5.oesisok.com

Technorati Tags: Pete Silva,F5,security,application security,network security, business, banks, education, economy, technology, blogging, blogs, social networking, webinar, video, partners

F5 Networks Partner Spotlight - Secure Passage

Pete Silva — Tue, 09 Mar 2010 20:18:15 GMT

Peter Silva talks with Jody Brazil, President & CTO of Secure Passage during the 2010 RSA Conference. Part of F5 Networks Partner Spotlight Week at RSA.

Technorati Tags: Pete Silva,F5,security,application security,network security, business, banks, education, economy, technology, blogging, blogs, social networking, webinar, video, partners

My 2010 RSA Conference & Kaminsky Interview

Pete Silva — Sun, 07 Mar 2010 15:22:01 GMT

I hung out at the 2010 RSA Conference last week and wanted to share some observations from the show. Rain early in the week reminded me of why the organizers moved it later in the Spring the past couple years but the sky’s cleared and the remainder of the week, we got the nice, crisp, sunny Bay Area weather. F5 decided not to exhibit this year but we did attend in full force, meeting with analysts and customers along with focusing our video camera on partners and doing a Partner Spotlight Week at RSA. It was kinda fun to attend as a typical participant.

I got there around 11am on Tuesday, just as the Expo floor was opening. I easily got my badge without any delay. I remember the long lines a few years ago when we all gathered in the main entrance. They’ve improved the check-in process over the years but I’m also guessing most attendees got their badges on Monday. Met with some F5’ers between analyst meetings, saw a very cool demo of our BIG-IP Edge Gateway Client solution and made my way to the Expo floor. All the usual companies were displaying their wares but I’m always amazed by all the company names I’ve never heard of along with lots of color companies – Blue that, Red this, Black the other thing. There were many ‘systems management’ companies and a whole ton of ‘token’ companies. I even overheard another attendee mention how many token companies there were. And of course, Cloud. Everyone’s got some ‘cloud’ solution, even those who really do nothing in the cloud, except maybe store your info, added ‘cloud’ to their signage. I don’t have any official attendance numbers but it did seem a bit fuller this year verses last.

Since we didn’t have a booth, I decided to do a ‘Partner Spotlight Week at RSA’ shooting video segments of the various F5 partners at the show. Something I’ve been thinking about for a while and with many all in one place, it made the task easy. Every partner was very accommodating and excited to participate. The basic premise would be, introduce the company – talk about the integration both technically and business wise – then show a quick demo if one was available. Even with short notice (most I just walked up to and asked on the spot) they were very engaging and all were done in a single take. I want to thank Splunk, Layer 7 Technologies, OPSWAT and Secure Passage. Great job guys!

The highlight of my week came on Thursday. F5 and Infoblox will be offering a Webinar on March 10th called DNSSEC: Compliance is Easier than You Think. I was lucky to get one of the webinar speakers, Dan Kaminsky, Director of Penetration Testing at IOActive (and the guy who exposed the serious DNS vulnerability, DNS Cache Poisoning) who was gracious to participate in an interview with me – and boy what an experience! We talked all about the DNS infrastructure including how DNS works, his discovery, DNSSEC and many other interesting topics. What I thought would be a quick 5 minute chat turned into a full blown half hour conversation about many things Internet related. Great stories about the discovery and some of the challenges he faced along the way. It was awesome – thanks so much Dan – good times!!

The Videos

Technorati Tags: Pete Silva,F5,security,application security,network security, business, banks, education, economy, technology, blogging, blogs, social networking, dnssec, dns, kaminsky, webinar, video, partners

A is for Application, J is for Jacked

Pete Silva — Fri, 26 Feb 2010 19:22:18 GMT

…Criminal-toasty Application Jacked, Data’s tasty stolen too, You’re Application’s Hacked. Application’s Jacked, Application’s Jacked - hum hum the rest in your head, glad to plant a jingle in you, to sing out all day!

Almost every day now, there seems to be a report about some ‘important’ system getting breached or some credit cards/identities being stolen or insecure infrastructures getting exposed with schools, universities, municipalities, states and even entire countries being the latest victims. The recent 7Safe UK Security Breach Investigations Report stated, “86% of all attacks, a weakness in a web interface was exploited” and in his blog last week, Jeremiah Grossman wrote about the discrepancy in security spending verses the types of attacks that occur. He breaks down the numbers to show that most of the security spending goes to perimeter defense like firewalls and says, ‘Organizations spend their IT security dollars protecting themselves from yesterday’s attacks, at the network/infrastructure layer, while overlooking today’s real threats.’

This got me thinking – will we ever get ahead of the game? Is it a question of habit? Is it being uninformed or not understanding the true nature of the threats? Is it just checking the compliance box and not really going after true protection? Is it a budget, education, staffing or perception issue? Are the crooks way smarter? Are there too many areas to secure – applications, code, infrastructure, DNS, data, and any other piece that needs to be protected? Are there just a whole mess of insecure systems on the internet just waiting to get jacked? Or a combination of all these? Probably depends on many, mixed factors depending on organization, personnel, region and what can be accomplished within whatever boundaries are placed on those who are tasked to implement a solution. Many security professionals over the years focused on a particular discipline like network, database, application and so forth yet many of those same folks are now tasked with understanding and securing all areas of the organization.

Almost every second of our life, we make choices/decisions hopefully based on the best information we have at the time. Maybe we ask for additional advice, if available, to make a more informed decision. Sometimes emotions come into play when trying to come to a rational conclusion and we all know the head and the heart can pull you in opposite directions. There’s a part of me that wants to scold those who are lazy with securing data. (Incidentally, I did that last night at the Disney on Ice show – one of the vendors had a clipboard with a stack of credit card receipts sitting right in front of the register for people to use to sign their slips – I could have easily slipped that into my jacket while he wasn’t looking and disappeared into the crowd with a stack of signed CC receipts. I informed him that his ‘ease of use’ was actually not so smart. He pulled it and later, while the clipboard was still there, the receipts were absent.) Then there’s the other side that feels the need to educate and help those who might not understand the ramifications of their actions – the softer side of psilva.

In our personal life, while we might ponder or struggle with the huge, life changing decisions like a job change or moving the family, and after careful consideration we usually make the right choice but it’s all the little miniscule, insignificant decisions we make throughout the day that defines our character. When the basis for our decisions is coming from several different factors and the outcome can effect many swaths both across the organization and the public at large, that can make it a much more difficult endeavor, especially when it comes down to Infrastructure vs. Application, even though both should get attention. We can yell, bang our head against the wall, plead and beg, but security is a though beast to tame for typical IT departments. Even if they do declare Application Security is top priority, there may be many other factors holding them back. We probably still have a way to go when it comes to prioritizing dollars based on actual attack stats until it hits close to home – by then, it’s too late.

Technorati Tags: Pete Silva,F5,security,application security,network security, business, banks, banking, education, economy, technology

F5 Web Media On-Demand

Pete Silva — Fri, 19 Feb 2010 18:17:18 GMT

We’ve had some exciting announcements of late, like the BIG-IP Edge Gateway and the BIG-IP LTM VE, and lots of great content has been developed to highlight the benefits of these solutions. It’s been a while since I’ve updated you about our Social Media sites and the various ways we deliver F5 content. More than a year ago, we started to follow and contribute text, audio and video to the multitude of public Social Media outlets. DevCentral has always been our social, community driven site, well before some of these newer social networks but we also recognized the need to engage with the various communities on the internet. What started out as experiment, especially the Audio Whitepapers, multi-media has now become a mainstay of the various forms of F5 content offered, allowing you to get the latest from F5, anytime and anywhere.

Recent Videos

Recent Audio White Papers

F5 Networks Social Media & Content Sites

Thanks for reading, listening and watching. If there is anything you’d like to see, let us know!!

Technorati Tags: F5, BIG-IP, v10.1, Edge Gateway, Pete Silva, security, application security, network security, blogging, blogs, social networking