How To Improve Network Security With Network Visibility
Everyone in IT is concerned about network security. One broken, or even weak, link in the network architecture can lead to a breach that costs millions of dollars. No one wants to own that weak link. What can you do about it though? There are lots of different kinds of tools (IPS, IDS, DLP, WAF, etc.) in use and they can be located throughout the network. What about the complexity involved with these types of solutions? And what about the functionality that enables the security solutions?
I recently participated in a video podcast with John Jacobs of Fortinet. We discussed these questions to get to the root of this matter. In the end, it’s about creating visibility into the network to get a truly adequate picture of your security solution. This is true whether the security tools are deployed inline or out-of-band. Inline security solutions (firewalls, IPS, SSL decrypt, WAF, etc.) are installed in the path of live network traffic and can be used to analyze traffic in real-time. Out-of-band security solutions (IDS, DLP, SIEM, log analysis, etc.) are installed outside the path of live traffic. In this scenario, a copy of the traffic (or select pieces of traffic) is made and forwarded to the appropriate security tools for analysis. Security tools (like NGFW, WAF, IPS, etc.) can then be used to implement your data analysis strategy.
A Visibility Architecture is an extremely important part of the picture because it organizes the flow of information to security and monitoring tools. Without it, you don’t know what the quality and integrity of the input data to the tools is. A Visibility Architecture delivers an end-to-end infrastructure which enables physical and virtual network, application, and security visibility. Network packet brokers (NPBs) are central to both inline and out-of-band solutions because they can parse the requisite data needed and distribute that data to one or more security tools. Once the network packet brokers are installed, it makes it much easier for the security tools to analyze data for various threats.
Specifically, here are some example use cases of what you can accomplish when a Visibility Architecture is combined with security analysis tools:
- External bypass switches can be installed to increase component and network availability
- External bypass switches allow for the insertion and removal of security tools without taking down the network
- NPB’s can filter out uninteresting data and either continue to pass it down stream or delete it from the monitoring stream
- NPBs also allow you to serially chain suspect data and pass that data from tool to tool for analysis
- NPB’s can often perform SSL decryption so that the data can be decrypted once and sent to multiple tools for processing
- NPBs can be used perform load balancing which allows network engineers to create an n + 1 (up to an n + n) architecture for security tools
- NPBs can also be used to create high availability (n + n) architectures for security tools
In the end, any network security solution is only as good as the quality of data feeding the tools. Visit the podcast I mentioned above along with the Ixia Out-of-Band Visibility solutions page and the Ixia Inline Security solutions page to see how network visibility and visibility architectures can help you.