Darth Vader’s Network Packet Broker
Did a lack of network visibility doom the Death Star?
Science fiction has had an interesting relationship with computer technology over the years. Some portrayals have seemed pretty reasonable and in fact turned out true – witness the tablets from 2001: A Space Odyssey. They nailed it with that one, reading the morning news on something very much like an iPad. Similarly, Larry Niven envisioned “copseyes” – police operated drones in Cloak of Anarchy. In other cases, the view makes sense but we aren’t there yet. For example, Battlestar Galactica had an all analog control plane, engineered in a universe where AI was not only highly developed, but was actively working toward human extinction. Hard to hack analog hardware. Other views just made very little sense, like how in Independence Day, Jeff Goldblum with his PowerBook 5300 was able to fatally hack an interstellar alien invasion fleet without even having a phy level connection.
When we look at Rogue One, the latest Star Wars movie, the plot centers around rebel efforts to steal the plans for the moon sized Death Star battle station. Fortunately for the rebel heroes, the Death Star has a documented, relatively easily exploitable flaw contained within the digital plans. We can thus assert that the Death Star is an Internet of Things device ;-)
The Death Star, being a moon sized battle station, isn’t vulnerable to frontal attack – sounds like a lot of corporate networks. It is, as shown in the first Star Wars movie, when Luke Skywalker blew it up with a well-placed shot, vulnerable to a particular back door.
Without going into spoiler territory, the Death Star, a large and complex device, undoubtedly has large and complex plans. One would hope that the Imperial forces would have at least tried to implement some sort of IPS and DLP systems. Maybe they did, but perhaps they were feeding their tools with the wrong network packet broker.
One of the things we have seen in customer networks, is that some network packet brokers start dropping packets when under load. This could result in a number of bad things, including delayed detection of intruders or even a failure to detect an intruder. Similarly, DLP efforts could be impacted to the extent of letting important files, like Death Star plans, get out without detecting their exfiltration.
Long and short of it is that when security and network integrity are important, you need to have comprehensive and effective network visibility. If your network visibility infrastructure is not up to the task, you may have problems and even worse you may believe that you have coverage and visibility in an environment where your visibility has gaping holes – holes through which APTs (or rebel scum) might crawl through and steal the plans to your Death Star or next generation product.