The Bear Flow
Bear provides a unified client agent that works across operating systems and numerous types of devices from bare metal to the cloud. Within this general paradigm, Bear enables Active Directory-like authentication, authorization, and auditing/accounting. It is the authorization that is the focus of this post – but first, we must step back to understand two major issues.
Firewalls were originally meant to keep out the bad guys – hence the “wall” part. From the first view, firewalls are a problem in modern enterprises given their tendency to turn into bottlenecks. Most are simply not fast enough to handle high volumes and adding sufficient numbers is incredibly costly over time. As we move into the cloud, the shortcomings of these firewalls become more apparent as simple address-based filtering fails and more intrusive measures only exacerbate the performance issue.
Beyond this high-level set of issues, there is a more fundamental flaw in firewalls. Modern firewalls can only turn ports on and off and a common technique, called port scanning, can readily determine a considerable amount of information simply by reading what ports are opened or closed. In fact, many intrusion efforts start with port scanning to look for vulnerabilities.
While modern operating systems do provide software-based firewalls, placing enterprise security in the hands of employees is often not ideal. Attempting to force firewall profiles on large organizations also fails in the face of BYOD.
Gateways are, in many ways, more intelligent forms of firewalls as they monitor traffic and look for anomalies upon which they can attach various rules. The problem with gateways is that they are intrusive into business processes, and they do not scale well. Thus edge protection/overlay network solutions are forced to implement a number of gateways to keep up with demand.
Gateways act as guardians of communications and will handle data routing based on a device identity and targeted destination. They provide a rudimentary bridge between BYOD and the enterprise that attempts to mitigate intrusion efforts from untrusted devices.
Bear Flow Engine
The main problem with both approaches is an inability to handle data under load. To this end, Bear moves the protective aspects of these third party devices into a distributed paradigm wherein each device maintains its communications control. The on/off approach of firewalls is replaced with Open, Closed, Redirect, and Obfuscation. Redirect ports invisibly route and/or clone traffic to other locations without intruders ever seeing a redirect. Obfuscation ports wrap communication in a separate wrapper. Thus FTP can come out as Web, and Web as text and text as email. The Bear communications control list enables incredible complex firewall rules that elevate protection beyond the concept of a simple wall.
Bear also moves gateways down to the level of each device for more distributed packet processing. Not only does transferring the gateway to each device enable distributed processing, but it also simplifies the rules for gateway communications by simplifying single device source rules. Bear can support BYOD without the massive cost of requisitioning new gateway servers throughout the enterprise and without intrusive new security policies.
Bear uses a generic workflow engine (Flow Engine) to handle very complex device communication interactions over time and thus enables firewalls to adapt and change over long running sessions. A Bear Flow system can run over Ethernet, WiFi, Bluetooth, RF and other such options while enabling highly sophisticated and customizable rules to be applied to various groups of devices. Those rules can be changed at any time and can be integrated with custom behavioral response workflows to automate common scenarios at the edge of an enterprise and all controlled by experts through a central, visual, interface.
People have wanted to eliminate firewalls for a long time, but device integration efforts precluded this reality. With Bear, people will finally be able to move beyond the firewall/gateway (firegate?) limitations that enterprises suffer from today.
What do you think – would endpoint firewall and gateway capabilities be of interest? How and where would you use such a product?