RealTime IT News

Ofir Arkin, CTO, Insightix

Jeff HawkinsNetwork Access Control (NAC) was one of the most talked about networking technologies of 2006.

Some have positioned it as a silver bullet with the ability to defend a network against all comers. One man and one company in particular stood out amid the torrent of NAC hype in 2006 and poked holes in a number of different approaches to NAC.

Ofir Arkin, the CTO of Insightix, took the podium at the Black Hat conference last summer and revealed ways that to bypass certain NAC approaches.

Beyond research, Insightix currently has two products, Discovery and NAC. Discovery "discovers" what elements are on a network while NAC performs access control.

Internetnews.com recently chatted with Arkin about what Insightix is doing and why standards for NAC aren't necessarily the key to better products.

Q: What are some of the things that you don't like about other network security products in the market that you've made sure to avoid or improve upon at Insightix?

Our first product was Insightix Discovery. When I was consulting to organizations the biggest issue that I had was to understand what do I have in order to build the right defenses. Working without knowing what is on the network and how it looks and what the infrastructure is doesn't work. You can't protect what you're not aware of.

So our first goal was to provide a solution that gives real-time information about the IT network. The biggest thing that I saw when I was working as a consultant is that many organizations work in the dark.

They know they need to buy security solutions, but they don't have the understanding of what they have. You'd think that it would be trivial to answer, but we found out that these are non-trivial questions, and the problem of discovery is something that still needs to be answered.

On NAC, we do believe that in order to provide proper network access control you first need to understand what you have and be able to identify in real time any element that tries to connect to the network.

There is a void between what people know and what they don't know. And that void is where vulnerabilities and the issues that at the end of the day we lose sleep over . We need to know what we have in order to be able to have control over our infrastructure.

Q: Insightix does discovery and NAC. Does that also include threat management, either directly or via partnership?

We try to do everything home grown.

We do not provide threat management because we are not a threat-management company. We do not provide vulnerability assessment because we are not a vulnerability-assessment company.

First and foremost we're the guys that provide you with the ability to know your network in real time, and we're the guys that, on top of that ability, can keep your network safe in terms of who can access your network and who can't, while making sure that they're compliant with policy. And it's all done in real time.

Q: The market is actually a little confused about what NAC is. A compliance solution? A security solution?

I do think that for most, NAC is a security solution. It needs to make sure that the elements that we don't want to be on our network are not on our networks in real time.

There are companies that cannot provide element detection in real time. But they try to bend the definition of NAC towards the compliance angle. Because every company that may have some kind of a technology and want to join the NAC bandwagon, they bend the definition.

Q: Do NAC standards matter? Whether it's TNC, IEEE or otherwise?

I don't think a standard matters. I think what a solution actually provides you and how complete it is actually determines if the solution is something that you need.

With some of the vendors you need rip out your existing infrastructure and replace it with new equipment if for example you want to support 802.1x.

Is there a real value with 802.1x? Don't get me wrong 802.1x is a valid technology and it's important and I do like it, but it's only valid if you buy the equipment.

At the end of the day you have to ask yourself what you want to do. Why do you need a NAC solution?

You want to know what's on your network and you want to make sure that the elements that are on your network are compliant with a policy. Sounds simple right? But what's the cost? Will it require me to replace my infrastructure? How much time will it take to implement? Is the technology used to perform quarantine powerful enough?

Standards may be written in the future but how long will it take to become a standard and for everyone to agree on? You need to see what solutions today can do for you and how it actually performs and then you can decide if it's the right solution for you or not.

Q: At Black Hat you talked specifically about DHCP. is there something else at a top level that really isn't secure?

DHCP was only the first part of my presentation. Many picked up on that but I actually talked about 802.1x and basically all of the various approaches to detect network elements and how they could be bypassed.

In my new version of the presentation I will add more solutions so you'll be able to see other solutions that I didn't mention before.

Q: What is the biggest challenge you face as the CTO of Insightix?

You know sometimes you can't sleep at night. I'm the co-founder of the company and it's important to move the company forward. I've got employees; it's a baby that grows. It's actually a dream that takes shape and grows.

I think that the most important thing is to develop the types of things that are expected from us from our customers' perspectives. That's why I go out and ask customers what they feel they are missing or need more of from the solutions we provide.

We make sure that the next version will include the type of things that are still missing. I think that at the end of the day, when you have a listening ear and you know how to identify what is important you can succeed because you are fulfilling what your customers and what your channel [are] asking for.

Of course there are many other aspects of the technology that I'm in charge of that needs to work and it works. I get to play with the technology and to think about new exciting things, and that's part of why I choose to take the technology path.

I still have time to sit in the lab to do things to innovate and that's a key aspect of my role that I most enjoy.