Attacking data in motion at Layer 7+ has become the path of least resistance for hackers and requires a radically new approach to protecting native cloud applications. I’m excited to join Mesh7 and to be working with the extremely talented team that has delivered the industry’s first cloud-native Layer 7+ security mesh. A security at L7+ approach goes beyond the traditional layer 7 to not only look at application urls but also deep into payloads and their schema. This provides the capability to detect and prevent threats like data exfiltration or malware that may be making their way through the payload as data is in motion. It solves the very hard problem of protecting cloud and cloud-native applications deployed across multiple heterogeneous environments. Protecting these applications from distributed attacks is essential now that the path of least resistance has shifted from the infrastructure plane to the application plane at Layer 7+.

Monolithic Versus Distributed Applications

Applications used to be monolithic and threats came from outsiders trying to hack perimeter defenses to reach data in use and data at rest. With the application layer now being highly distributed across public and hybrid clouds, and with the number of end-points (containers, VMs, serverless functions) and Layer 7+ interactions between them (API’s, Kafka message buses, MySQL / MongoDB traffic, and others) having grown more complex, protecting data in motion at Layer 7+ is the new challenge for ops and security teams.

This increased amount of data crossing multiple and more hostile cloud infrastructures has resulted in the path of least resistance now becoming east to west horizontal distributed attacks focused on data in motion. Hackers are no longer outsiders moving vertically through perimeter defenses into and out of infrastructure. They are now able to leverage the same public cloud capabilities as their targets and act as insiders moving east to west across Layer 7+ endpoints.

Protecting Data in Motion at Layer 7+ at the Application Plane

As cloud providers continue to harden their infrastructure, hackers are moving from the infrastructure plane (layer-3 and 4) to the application plane (i.e. layer-7). This is not an easy problem to solve given the increasing number and variation of endpoints and the growing footprint of Layer 7+ operating across multiple heterogeneous clouds. The older technologies of perimeter-based solutions such as web-application firewalls and network firewalls have been repurposed to be cloud native, but these defenses miss the notion of breaching the application plane and then moving east to west from point to point horizontally. The greatest threat to data is no longer happening while it’s in-use or at-rest.

The Need for a Completely New Form of Security

The need for protecting data in motion at Layer 7+ has created the demand for a completely new form of security that acts to prevent horizontal, east-west attacks by securing each endpoint and then vertically blocking attacks in a highly distributed, highly scalable architecture.

The Ideal Solution

The ideal solution for protecting data in motion at Layer 7+ needs to automatically generate a cloud-native security mesh that auto-discovers what endpoints are running and where. This segmentation knowledge combined with a deep-packet inspection of payloads should then automatically generate policies that can be used for proactive enforcement. From a practical perspective, it needs to work without making any changes to the applications components. It also must be easy to install, simple to maintain and work at wire speed without introducing any latency. The system also needs to have a comprehensive set of analytics that provide insight into service statistics, events and alerts, detailed transaction logs, geo location, user behavior, per PII statistics and API attack vulnerability, just to list a few.

Mesh7: Application Security Mesh

This is exactly what Mesh7 has built. It is amazing technology best understood by testing live in your own environment. Best of all, it can be fully deployed within a 30-minute maintenance window and does not require any changes to your applications or infrastructure. If you’re interested in learning how you can turn on Mesh7 in your environment, please email us: trials@mesh7.com

If you would like to learn more about how Mesh7 works, feel free to reach out to me on LinkedIn or email us at info@mesh7.com

I’m extremely excited about what lies ahead for us when it comes to protecting data in motion at Layer 7+ and for application security in general. Stay tuned for more blog posts from our talented team of cloud-native security experts.

As every year, we are incredibly excited to host The Fabric Annual Summit and meet again with our peers, investors, advisors, our co-created companies, and technology leaders in the cloud/IoT infrastructure space.

This year’s theme was Reimagining Infrastructure for a Distributed Era. We kicked off the Summit with a CXO Council meeting in Palo Alto.

Arun Chandrasekaran, Distinguished VP, Analyst from Gartner, set the stage by presenting Gartner’s view of how the future of infrastructure is everywhere.

Gartner predicts that by 2021, 40% of large enterprises will be integrating edge computing principles into their IT projects, up from less than 3% in 2018.

Read The Fabric CXO Council takeaways.

The Fabric Annual Summit followed an intimate, invitation-only meeting with CXOs. After opening remarks from The Fabric’s hosts, Rajan Raghavan and Prabakar Sundarrajan, we were thrilled to have Chris Bedi, CIO at ServiceNow, as a keynote speaker. Chris Bedi talked about infrastructure challenges for the enterprise world.

Watch Bedi’s talk.

Chris Bedi, CIO, ServiceNow

The fast pace of technology, moving towards microservices and serverless, is creating challenges for organizations that are over a century old.

Karl Gouverneur, CIO at Northwestern Mutual and Girish Juneja, Chief Digital Officer at Dover Corporation, talked about how they approach transformation from their IT support teams into an innovative software organization within their companies.

Karl Gouverneur, CIO, Northwestern Mutual & Girish Juneja, Chief Digital Officer, Dover Corp

Amit Zavery, Head of Platform at Google Cloud and Anuj Kapur, Chief Strategy Officer at Cisco, discussed the evolution of application architecture, changes from the distributed infrastructure perspective, organizational, and operational implications.

Watch their fireside chat.

Amit Zavery, Head of Platform, Google Cloud & Anuj Kapur, Chief Strategy Officer, Cisco

A panel on Trends in a distributed world concluded the Summit. Panelists Mallik Tatipamula, CTO at Ericsson, Silicon Valley, Kapi Attawar, Chief Revenue Officer, Blockchain at Samsung, Dr. Stuart Evans from Carnegie Mellon University, Silicon Valley and Debo Dutta, Distinguished Engineer at Cisco focused on how connectivity, compute, control/decision theory, applications, and blockchain evolve to address the infrastructure for a distributed era.

Moderated by Prabakar Sundarrajan, Chief Strategist at The Fabric, each panelist shared insights and discussed use cases, challenges, and opportunities in a distributed world.

Watch the panel

From left to right: Moderator: Prabakar Sundarrajan (Chief Strategist, The Fabric); Panelists: Kapi Attawar (Chief Revenue Officer/Blockchain – Samsung), Debo Dutta (Distinguished Engineer, Cisco), Dr. Stuart Evan (CMU, Silicon Valley), Mallik Tatipamula (CTO, Ericsson, Silicon Valley)

Prabakar Sundarrajan, The Fabric Chief Strategist also elaborated in a series of five blogs the ways that infrastructure and applications are being decentralized, thereby driving needs to evolve infrastructure (compute, network, storage, security, and orchestration) to meet the resulting challenges.

Read Prabakar’s blog:

·      Distributed applications, containers, micro-services, API revolution

·      Distributed edge compute infrastructure

·      Distributed trust, enterprise blockchain, need for distributed tracking

The Summit 2019 photo album

Once again, we’d like to thank the speakers and our guests who made The Fabric Annual Summit 2019 a success. We’re looking forward to the next one!

 

The Fabric recently hosted the CXO Council meeting. The Council consists of CXOs of industry leading companies to discuss and gain private access to the latest breakthrough innovations in next-generation enterprise cloud infrastructure technologies.

The theme for the meeting was “Reimagining infrastructure in a distributed era.”

Arun Chandrasekaran, Distinguished VP, Analyst from Gartner, set the stage by presenting Gartner’s view of how the future of infrastructure is everywhere. He opined that it is not just a journey to the cloud but a journey to a mix.

Gartner predicts that by 2021, 40% of large enterprises will be integrating edge computing principles into their IT projects, up from less than 3% in 2018.

Throughout the discussion, CXO Council members shared their perspectives. Performance, Security, and Compliance were clearly on top of their minds. The fast pace of technology, moving towards microservices and serverless, is creating challenges for organizations that are over a century old. Their challenge is supporting internal operations through legacy mainframe infrastructure while delivering modern user experience using microservices to millennium customers. They opined that they go with an approach of different horses for different courses.

Security is a broad area, and the advice from CXOs was that not all problems have a solution, so take an approach to reduce the risk area. The key takeaway is to focus on three things:

  1. Who did what when
  2. Who is doing what when
  3. Who could do what when

We asked the leaders the key issues on top of their minds as they go through their digital transformation journey. Not surprisingly the top 5 were:

  1.  Optimization their deployments for hyper growth and hyper scale
  2. Hiring talent
  3. Transforming department culture from IT support to a SW organization
  4. Cost reduction through modernization of platforms while maintaining legacy systems
  5. Safety and security of people and assets

In the end, there was advice for startups: If you want to sell into an enterprise, you should provide discrete value. Your offering should save around 30% of the current spend to make the effort of transitioning out worthwhile.

It is always hard to get into the schedule of CXO’s and I am grateful to all for making their valuable time available for an engaging afternoon.