« Cloud Computing: Invented By Criminals, Secured By ??? | Main | When The Carrot Doesn't Work, Try a Stick: VMware Joins PCI SSC... »

November 10, 2008

I Can Haz TCG IF-MAP Support In Your Security Product, Please...

Quantumlolcat In my previous post titled "Cloud Computing: Invented By Criminals, Secured By ???" I described the need for a new security model, methodology and set of technologies in the virtualized and cloud computing realms built to deal with the dynamic and distributed nature of evolving computing:

This basically means that we should distribute the sampling, detection and prevention functions across the entire networked ecosystem, not just to dedicated security appliances; each of the end nodes should communicate using a standard signaling and telemetry protocol so that common threat, vulnerability and effective disposition can be communicated up and downstream to one another and one or more management facilities.

Greg Ness from Infoblox reminded me in the comments of that post of something I was very excited about when it became news at InterOp this last April: the Trusted Computing Group's (TCG) extension to the Trusted Network Connect (TNC) architecture called IF-MAP.

IF-MAP is a standardized real-time publish/subscribe/search mechanism which utilizies a client/server, XML-based SOAP protocol to provide information about network security objects and events including their state and activity:

IF-MAP extends the TNC architecture to support standardized, dynamic data interchange among a wide variety of networking and security components, enabling customers to implement multi-vendor systems that provide coordinated defense-in-depth.
 
Today’s security systems – such as firewalls, intrusion detection and prevention systems, endpoint security systems, data leak protection systems, etc. – operate as “silos” with little or no ability to “see” what other systems are seeing or to share their understanding of network and device behavior. 

This limits their ability to support coordinated defense-in-depth.  In addition, current NAC solutions are focused mainly on controlling network access, and lack the ability to respond in real-time to post-admission changes in security posture or to provide visibility and access control enforcement for unmanaged endpoints.  By extending TNC with IF-MAP, the TCG is providing a standard-based means to address these issues and thereby enable more powerful, flexible, open network security systems.


While the TNC was initially designed to support NAC solutions, extending the capabilities to any security product to subscribe to a common telemetry and information exchange/integration protocol is a fantastic idea.

TNC-IFMAP


I'm really interested in how many vendors outside of the NAC space are including IF-MAP in their roadmaps. While IF-MAP has potential in convential non-virtualized infrastructure, I see a tremendous need for it in our move to Infrastructure 2.0 with virtualization and Cloud Computing. 

Integrating, for example, IF-MAP with VM-Introspection capabilities (in VMsafe, XenAccess, etc.) would be fantastic as you could tie the control planes of the hypervisors, management infrastructure, and provisioning/governance engines with that of security and compliance in near-time.

You can read more about the TCG's TNC IF-MAP specification here.

/Hoff



 

Posted at 11:37 AM in Cloud Computing, Infrastructure 2.0, Virtualization |

Technorati Tags: , , , , , , , , , , , , , , , , , ,

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451be3669e2010535e815fc970c

Listed below are links to weblogs that reference I Can Haz TCG IF-MAP Support In Your Security Product, Please...:

» Hoff wants to know who the IF-MAP Haz and Haz'nots are from StillSecure, After All These Years
So Chris Hoff thinks he might have come across the perfect solution to his vexing cloud/virtual security issues. A comment from from Greg Ness over at Infoblox fired up a synapse in the Hoff's brain and he recalled that the... [Read More]

Tracked on November 10, 2008 at 04:42 PM

» The Adoption Curve for IF-MAP from Got the NAC
Chris Hoff blogged yesterday about using TCGs standard IF-MAP protocol to connect security functions throughout the cloud. I couldnt agree more! Thats exactly what IF-MAP is for: helping security systems share the information they ... [Read More]

Tracked on November 11, 2008 at 11:46 AM

Comments

My Photo

About

Disclaimer

  • The views and opinions expressed here are those of Christofer Hoff only and in no way represent the views, positions or opinions - expressed or implied - of my employer or anyone else.

Archives

More...

Subscribe to this blog's feed

Recent Posts

Recent Comments

Categories

May 2009

Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31