Hi, I'm Kailash Ambwani and I'm the CEO of FaceTimeCommunications. Today, I'm going to speak to you about 'Greynets.' 'Greynets'are the biggest challenge for security enterprise managers today. What are'Greynets?' One way to think about 'Greynets' is to look at applications andsee how applications get deployed. Do they get deployed at the enterpriselevel, at the department level or at the end-user level and then to look at thebehavior of these applications at the network level. Are they well-behaved atthe network level or are they evasive at the network level? With this, let'slook at a few applications.
Let's look at e-mail. When you join a company, you get ane-mail address and e-mail is an enterprise-wide application and that in fact,it behaves really well at the network level. It's SMTP. It goes through awell-defined port, etc. Let's look at another application. Let's look at Webconferencing. Web conferencing typically gets deployed at the department level,but it's very evasive at the network level. Web conferencing users encryptedprotocols that tunnels through Port 80. It does everything it can to getthrough your security infrastructure as easily as possible. Another evasiveapplication is IM. IM, which also gets deployed at the end-user level, tends toagain be very evasive at the network level and we know that the same applies tothings like P2P.
Now, not all end-user applications are evasive. So forexample, if you look at Web browsing, Web browsing is used at the end-userlevel and is actually quite well-behaved. This HTTP is Port 80. Another set ofapplications are adware, spyware and adware spyware in fact, are so far on thisaccess that they were getting deployed without even the end-user knowing aboutthat and now we're finding that adware and spyware are getting evasive at thenetwork level. This quadrant is what we call 'Greynets.'
Now, why do we call them 'Greynets?' We call them 'Greynets'because these applications are not necessarily bad. Some applications like Webconferencing and IM can be very beneficial. Other applications like P2P andadware and spyware can be very problematic. What are some of the issues thatthe applications raise? Well, they represent a vulnerability for you. You'vegot code that hasn't gone through your quality assurance running on yourdesktops. That code might have vulnerabilities. They represent securitythreats. There are viruses and worms that are now propagating through theseapplications. They represent compliance issues. What kind of communications ishappening with these applications and are you keeping track and logging thosecommunications? They represent management issues. Who's using these applications.How much bandwidth is getting used. Do you have control over all that?
So, to manage 'Greynets' and to control 'Greynets,' youfirst need to be able to detect them, which as we've shown here with theevasiveness is not easy to do and once you've detected them, you need to decidewhat you want to do with them. Do you want to block them and clearly? You wantto block adware spyware. You probably although not always want to block P2P. Ordo you want to enable them because there's real business value? For example,you want to enable Web conferencing. You want to increasingly enable IM. Whatdoes enabling means? Enabling means, you've got to address these issues. You'vegot to have hygiene. So you've got to check for viruses and worms and spam.You've got to have compliance. You've got to make sure that you're logging allthe messaging that's going on in these applications and you've got to havestrong user policies in place: who can use them, when can they use them, howmuch bandwidth are they allowed to take.
So, these applications represent business value, but theyalso represent threats, neither black nor white. That's why we call them'Greynets' and the challenge is how do you enable the good 'Greynets' whileblocking the bad ones.
