IF-MAP took center stage at a recent major National Security Agency conference focused on network and enterprise security. It was a coming-out party of sorts for IF-MAP, which was being shown on everything from intrusion detection systems for monitoring network scans and password cracking, to Android smartphone clients.
The NSA Trusted Computing Conference & Exposition, held September 20-22 in Orlando, brought together senior executives and IT security thought leaders from government, industry and academia. It focused on the current state of network security, and on new techniques and technologies for enhancing security tomorrow.
As an open, unified standard for security information management, IF-MAP played an important role at the conference. IF-MAP compatible devices were on display at multiple booths, and security software using IF-MAP was on show as well. Following are just some of the ways in which IF-MAP was on display.
Byres Security and Juniper Networks showed the Tofino Industrial Security Solution, which uses IF-MAP to provide security for millions of legacy PLCs and HMIs used in critical SCADA and process control systems. The publish/subscribe capabilities of IF-MAP let the Tofino Security Appliance coordinate with Juniper network appliances and other vendors' sensors to determine the location and situation of a given SCADA device and to tailor security policy in real time.
Lumeta demonstrated IPsonar's IF-MAP client, which detects network leaks and publishes that information to the TNC Metadata Access Point. Other network devices can use the information Lumeta IPsonar discovers to prevent unauthorized "backdoor" Internet connections that bypass network access controls. At the booth, an open source Snort intrusion detection system checked for network scans and password cracking tries, and reported what it found to a MAP server.
Infoblox displayed its new IBOS IF-MAP server for security coordination. In the booth, an employee badge scanner was reporting physical security information to a MAP server. By providing a standards-based means for exchanging data in real time between systems from different vendors, the IF-MAP protocol supports a new era of orchestrated applications with dramatically reduced integration costs.
NCP, a member of the ESUKOM project team, demonstrated how to provide automated security for mobile devices and central IT networks using TCG's IF-MAP protocol. The demonstration included an IF-MAP VPN client in an Android phone allowing or blocking the phone from connecting to the corporate network.
Enterasys, Hirsch Electronics and Infoblox showed IF-MAP integrating physical security information and a badge reader with a network access control system. The demonstration showed how physical presence can be used as a requirement for network access. You can see a video of the demonstration here.
Aruba, Hirsch Electronics and Infoblox demonstrated location-based control of wireless access. The Aruba controller connects and disconnects users to APs based on the users' physical locations as they badge into and out of different rooms.
For another look at IF-MAP at the conference, read this account by Eric Byres, CTO and VP Engineering of Byres Security.