Riverbed has been a really interesting company to watch in the networking space over the last few years. A long stalwart in the LAN optimization and acceleration market, the company has seen the way the networking landscape is changing, embracing the challenge to build out their IP to keep themselves relevant. They’ve spent over half a decade building out their SD-WAN portfolio, made strides in the cloud networking space, and provided innovative edge solutions like their Riverbed SteelFusion.
Recently, at Tech Field Day, I got to hear more about Riverbed’s security position than I had previously considered. Their Chief Security Architect, Vincent Berk, had a session in which he discussed how the company is approaching advanced persistent threats and their overall security vision for the future. While fairly quick, it gave a lot of insight into how the company approaches this important area. What stood out to me was a metaphor Vincent used during the talk, with Riverbed takings some cues from the Roman Empire.
Security Sine Qua Non
At first, comparing your security practices to the Roman Empire seemed like a curious choice. After all, the Roman Empire had a rather ignominious, if protracted, decline (the reason it is history rather than contemporary politics). But as the session went on, it felt a little more justified.
Militarily, the Roman Empire wasn’t exactly the most distinguished group on the world stage. While the Roman Legions are certainly well known, other ancient armies certainly were more notable for prowess, ferocity, and tenacity. But they had one important quality that allowed them to make history for centuries: they kept coming back.
For many ancient empires, wars weren’t particularly long due to economic reality. Equipping and provisioning an army and the support needed to go on campaign was profoundly expensive and often posed logistical impossibilities to operate long term. As such, wars were often ended by a few, sometimes just a single, horrific encounters. Societies weren’t built for the conflict.
To be able to expand from the British Isles in the north to the Egyptian Nile in the south, the Roman Empire had to be able to sustain losses and keep coming back. These couldn’t be catastrophes, but the army was built not around winning a single determinant battle, rather sustaining a campaign the longest. The very term “a Pyrrhic victory” came from the Romans losing a battle but winning a war because of that staying power.
Similarly, Riverbed isn’t trying to build a single Hadrian’s Firewall to protect your network. While the Romans also recognized the importance of having a strong perimeter, that’s the beginning of Riverbed’s security posture, but far from the end.
Alea Iacta Est
Riverbed’s approach to security has to a certain degree been determined by the solutions they’ve offered for a while. Their portfolio is built around the idea of capturing packets and flows, from there inspecting the traffic. They’ve built a full portfolio around that simply stated idea, and it shows in their approach to security as well.
As a security provider, there are major benefits to this approach. They sit in-line of all major traffic, which is captured with full resolution. This theoretically provides a comprehensive picture of activity. As Vincent stated though, having a reputation for capturing at full resolution across the network can make customers set their expectations remarkably high. After all, if you have all the traffic, shouldn’t Riverbed be able to see any security issues?
Getting back to the Roman Empire metaphor, Riverbed built three pillars to their security approach. One is based on branch security. This is the security of the network at that specific branch location. This probably has the highest emphasis on perimeter security with next-generation firewalls and behavioral detection. In the analogy, these are the forward outposts on the frontier of the empire, waiting for the Visigoths.
The second pillar is digital forensics and incidence response in depth. If branch security is the forward outpost, this is kind of the standing Roman army, ready to go to the hotspots once they crop up. Preventing all security incidents is impossible, but being able to recognize them quickly and analyze them is possible and incredibly important. Since Riverbed captures all the packets, the question here isn’t if they have the information needed for the analysis. The challenge here is to be able to quickly make them available, either to human review or directing the packets automatically to other tools.
And the third pillar is the overall Riverbed ecosystem. In our (arguably tortured) Roman Empire analogy, this is the larger society and infrastructure that allows for a large standing army to be possible. For Riverbed, this is about having robust integrations with incidence response and other tools. The primary challenge of security is that it’s a problem with an unknown set of bounds. As such, depending on a single set of security tools will inevitably lead to failure. Any security solution that doesn’t support a larger ecosystem and set of integrations will inevitably come across a security incident that falls outside of its bounds.
Sunt Lacrimae Rerum et Mentem Mortalia Tangunt
What I found most informative about this session wasn’t a technical deep dive into features, or a demo of the latest interface, but a frank look at the realities around modern network security. Security is already seen as a treadmill we can never get off on, only keep up with. And that was before advanced persistent threats (or state actors) became commonplace concerns for large enterprises and service providers. In that kind of landscape, we might indeed find the prospects for security bleak.
But Riverbed’s pillars of their security approach show they are on the right track to stay on the treadmill. Riverbed’s security philosophy reflects the reality that organizations will find themselves in, rather than setting themselves up against impossible ideals that can never be reflected. Instead, they’ve built their security around minimizing the impact of any intrusions, responding to them quickly, and building out integrations with partners to provide adjacent solutions, not within their purview.
The rest of their Tech Field Day session was just as illuminating! Be sure to check out all the video coverage here.