On the latest episodes of Altitude, Woody had the pleasure to speak with Susan Hinrichs, Chief Scientist, and Nick Davitashvili, Senior Cloud Network Architect. For anyone interested in scaling security across the cloud, open source systems, systems thinking, and adapting and growing stronger in the face of disruption, check out the episodes here!  https://aviatrix.com/altitude/

Scaling Security Across the Cloud: Chief Scientist on Distributed Cloud Firewall

In this episode, Woody dives into the world of cloud security using open source systems with our special guest, Susan Hinrichs. 
 
Susan Hinrichs, Chief Scientist at Aviatrix, is a multifaceted professional with a strong background in the open source networking and security space. As a designer and implementer, she has contributed significantly to the development of distributed cloud firewall. Susan's expertise extends well beyond traditional networking, encompassing diverse areas such as cloud routing, application security, policy-based traffic engineering, and distributed systems. 
 
Throughout this insightful conversation, Susan discusses the advantages of open source platforms, Aviatrix contributions to the open source community, and the open source DNA of the Aviatrix Distributed Cloud Firewall. Susan and Woody also explore possible directions for Distributed Cloud Firewall and the role that AI and ML could play in network security. 

Timestamped Overview:
r00:02:11] Group responsible for traffic termination and scrubbing. Used open source software and contributed back. 
b00:06:55] Extended Berkeley Packet Filter (eBPF) enables efficient traffic analysis in kernel space, particularly for dropping network traffic at low levels with minimal effort. It provides a more cost-effective alternative to IP tables for implementing firewall policies. 
i00:10:07] Approach: Not everyone is the root. All processes aren't root. Need to elevate. Complicated product made simple. 
s00:14:27] Open Stack's limitations revealed as enterprise-scale businesses require dedicated specialists, making it costly. Distributed cloud firewall innovates multicloud security. Scaling security in the cloud is challenging due to layer 3 and up the stack complexities. 
e00:16:38] Distributed firewall challenges and solutions summarized. 
m00:21:53] Smart groups are created with tags on VMs, subnets, and VPCs. These groups are used to create rules for traffic routing. With Aviatrix fabric, gateways are protected, and traffic routes are understood. The controller analyzes gateways and enforces rules accordingly. Rules are pushed or pulled to the gateways. 
00:26:15] Security group orchestration across different cloud platforms has limitations due to varying models and rule limits. Difficulties arise when translating intermixed allows and denies into only allows, potentially causing networks to split and requiring more rules. Despite extensive work, there are cases where policy expression is not possible. Other tools, like VMware and Cisco, offer similar orchestration capabilities, but the physical enforcement points may still restrict the unified view presented to customers. 
00:30:30] Moving towards intrusion protection, analytics, and service mesh for enhanced security. 
e00:34:05] The impact of AI and machine learning on security systems. 
r00:35:16] AI helps with alarm fatigue and data correlation.

Exploring Anti-fragility in the Cloud

In this episode of Altitude, Woody welcomes special guest Nick Davitashvili, Senior Cloud Network Architect at Aviatrix.

Nick is an accomplished architect and keynote speaker with a strong background in networking, cloud, and cybersecurity architecture. He brings a unique and profound perspective to his role; having lived in various parts of the world, he's cultivated a multi-faceted approach to his work as a cloud network architect.

The two dive into the fascinating realms of anti-fragility and cloud network architecture, offering listeners valuable insights into these complex subjects. Nick explains the concept of anti-fragility – a system's ability to thrive and improve from volatility, unlike traditional fragile systems. The discussion extends to how cloud network architectures can benefit from anti-fragile principles, adapting and growing stronger in the face of disruptions.

Timestamped Overview:
i00:00:50] Cloud architect enjoys solving connectivity challenges at Aviatrix.
l00:03:41] Music school in Georgia (not the U.S. state), Indian classical music.
i00:08:25] Cloud projects often require improvisation and adaptation. Improvising is a skill that requires being in the moment and making judgment calls. It stimulates different neural connections and can boost performance.
n00:10:23] Music and coding are similar creative processes. Context is important when analyzing data. Challenging thought processes lead to learning and growth. Reflection is crucial for understanding cloud architecture.
00:13:44] Architects must embrace mistakes, question standards, improvise, and take risks. Critical thinking and problem-solving skills matter more than academic credentials.
c00:18:19] Anti-fragility in systems: embracing errors, gaining strength.
s00:23:10] DevOps embraces anti-fragility, including chaos engineering and security.
e00:26:33] Decentralization, distributed cloud, security controls, and redundancy.
o00:27:47] Closing thoughts.