Jon's Network

I may like company X’s algorithms for scanning traffic but hate their GUI. Why does one have to be attached to the other?

Rob tipped me off to some commentary by Mark Curphey about taking advantage of the long-tail phenomenon that the internet has made possible.

What Mark essentially suggests in part 1 is that we need a platform that allows users to mix and match information and features – an enterprise mash-up in web 2.0 jargon.

By definition a “platform� is a system that can be reprogrammed and therefore customized by outside developers and users and so it can be adapted to countless needs and niches that the platform’s original developers could not have possibly contemplated, much less had time to accommodate.

One thing lacking now are the standards that allow us to mash-up security and networking functions and their outputs much like we now mash-up data on the web. We lack the platform that Mark is describing.

A few months back I lamented the fact that appliance solutions lock the customer into a UI and feature set that only roughly fits their needs. I thought a possible solution would be a platform such as Cobia that would allow users to customize their appliance to perform different functions on the network. Each function would be a plug-in module that could be made by some third-party that might sell it or give it away. There would be many competing developers creating different plug-ins (and platforms for that matter) that allow the user to tailor the product to their own needs. I like this idea because I see it in use in the content management systems world. There are tons of plug-ins for Joomla, Drupal and WordPress that are free or cheap that let someone build a website starting with a basic platform as a foundation.

I want to take this a step further now, and I believe it is in line with what Mark and Rob have in mind. If not, forgive me (and let me know).

There aren’t enough data taxonomy or communication standards to allow our network security products to be anything but isolated gardens in the data center. Nearly everything comes in an appliance form factor and nearly none of them talk to each other. The sole method of interaction is through a web UI or command line by a human. And your sole option for features is whatever the vendor decides to develop.

I attended a Fortinet demo recently to see how they do their content filtering now on their Fortigate UTM device. They do have some slick features, but there are some things I see lacking that can be done better by other vendors. I asked them if they can do something similar to ICAP or WCCP (some of the only standards I know of that allow different products to talk to each other). I had to explain to the guy that some companies will want to scan the content a bit more than just searching for simple keywords like Fortinet does. Customers would appreciate the ability to extend their product with other features. Fortinet told me they have no API nor plans for an API but I can talk to them about one later they said. Well, I don’t get paid to help them make their product better and I’m sure they have their own plans anyway. But why reinvent the wheel? Vericept has excellent linguistic analysis that would let anyone do almost any analysis they want right out of the box and if Vericept ever releases their SDK, anyone, including Fortinet, can slap it right on and be done with it.

We have some degree of interoperability with IDS signatures, content filtering lists and AV scanning engines. I would like to see the interoperability more layered. I may like company X’s algorithms for scanning traffic but hate their GUI. Why does one have to be attached to the other? Take a lesson from modern web development and separate the content from the presentation. There are more lessons from web developers that can be used on our network systems design. Take a gander at Getting Real by 37 Signals. Check out some of their software and notice how easy to use it is. Also notice the well documented API that even I can understand. Your data is completely accessible when it is in their application.

I’m the least qualified to propose a solution to this but I see how the web is working now and it is nothing like what goes on in our data centers. The web is moving in a data-centric direction. People are free to slice and dice at will. XML and other standards lets us move data around the world and present it again. XML-RPC lets me post to my blog without logging into the GUI. I can fetch posts without logging into the GUI too. Why would I have to log into my firewall to see what that is doing, then log into my content filter to see what that is doing, then log into my mail server to see what that is doing? Can’t I just grab the feed? If the data produced by our network appliances had a standard form we could then input it elsewhere and make it more valuable and automate more processes.

A quick stab at an interoperability framework:

1. Hardware. Designed to run lots of different stuff. Crossbeam is an example of this.
2. Operating System. Not necessarily in the traditional sense but probably.
3. Platform. This would be like the WordPresses, Drupals and Joomlas in the CMS world. I think Cobia is taking a crack at this.
4. Software functions. Related to (3) above. These are various implementations of algorithms to solve different problems. They are standards based so you can mix and match them on platforms. They take an input and generate an output and you chain them together to make a system.
5. Communication. Something XML-based to allow one to take the outputs from the functions and put them into new functions.
6. Repeat 4 and 5 ad nauseum.

I’m going to wake up tomorrow and maybe someone will tell me that this already exists, but I really don’t see it. I’m sick of selling people approximate solutions. I want to sell them something truly valuable because it gives them back their data.