Lora O'Haver
Senior Solutions Marketing Manager

Six Key Opportunities to Improve Security with Better Visibility

January 13, 2017 by Lora O'Haver

If you will be upgrading your network security this year, don’t forget to plan for how your new security appliances and analysis tools will receive a complete view of all of the relevant data that moves across your enterprise. The fact is—you can’t monitor what you can’t see. Building an effective network visibility architecture is essential to keeping your defenses strong.

Although network visibility is critical, getting approval to invest in new visibility infrastructure may lack the “wow” factor of other security investments and be a harder sell with budget managers. There are, however, several key events that provide a natural and logical opportunity to raise the issue with stakeholders and gain their support.

Deploying next generation firewall or IPS appliances

The implementation of a next generation firewall (NGFW) or intrusion preventions system (IPS) is a great opportunity to implement an architecture that gives you more control over the flow of network traffic to your security devices. For example, a security fabric solution (Blog: What Is a Security Fabric?) lets you deploy or upgrade an inline security appliance while the network is up and functioning, eliminating the need to wait for a network maintenance window. Since network downtime is generally undesirable and maintenance windows are in high demand, this can be a highly-compelling proposal.

To minimize downtime, you first install an external bypass switch on the live network, which takes only a few minutes. Then you place the bypass in ‘fail open’ mode, to route traffic around the device and maintain network flow, while you deploy the new appliance. No matter how long deployment takes, there is no impact to the network. A bypass that offers ‘tap mode’ can also allow you to test the appliance, by sending it a copy of all live traffic for processing. Once you are satisfied the NGFW or IPS is operating as desired, you can switch the bypass to ‘off’ and begin the flow of live traffic through the new appliance. The net impact on network availability is only a few minutes, versus the hours you will spend deploying and configuring the NGFW or IPS.

Upgrading network to 100GE

Upgrading your network to handle rising traffic volumes is also a good time to reconsider security architecture. A security fabric based on intelligent network packet brokers aggregates traffic from across your enterprise and delivers the data at the speed each security appliance and tool requires, eliminating the need to upgrade all of your devices at the same time you upgrade the underlying network. With a security fabric, you have the ability to continue operating your 10GE and 40GE security tools, until volume exceeds their capacity. You can upgrade tools when budget is available, rather than having to upgrade along with the network link.

Rolling out a major new service

If you are planning to rollout a new service or application to customers or end-users this year, make sure application performance with live security inspection is part of your pre-release testing. Congestion or failure of inline security appliances can have a serious impact on quality of service. Pre-release security testing can highlight weaknesses in your security architecture and provide justification for a security fabric that supports super-fast and safe inline processing. Safety, of course, is boosted through the use of an external bypass switch. And a network packet broker with intelligent filtering and load balancing capabilities can reduce congestion and keep your inline security appliances operating efficiently, for maximum application responsiveness.

For business-critical services or applications, it also may be necessary to demonstrate high availability security in pre-release testing and simulate failure in your inline security appliances. A security fabric with redundant NPBs configured in active-active mode is an excellent option. In this approach, two NPBs are completely synchronized and actively processing network traffic simultaneously, to provide the highly-efficient processing with near-instant recovery in the event of a failure.

Addressing compliance mandates, audits and lawful intercept requests

Regulatory compliance and audits are becoming increasingly common for organizations in practically every industry. A related issue is responding to a request for detailed network data at the request of a legal authority, for the purpose of analysis or evidence. These situations require visibility of data across your entire network, and failure to comply can result in stiff penalties. Consultants that focus on compliance often begin by helping the organization reexamine their security architecture and finding ways to increase network visibility. Sufficient network taps must be installed to monitor each network link, including those that enable connection to virtual resources. Once traffic is accessible, a security fabric using NPBs can be used to aggregate and filter the traffic as necessary. These issues are great opportunities to obtain the funding necessary to improve network visibility and security.

Expanding into new geographies

Another natural opportunity to improve network visibility is when an organization is preparing to expand into a new territory or establish a new data center. Expansion is costly and an approach that minimizes new infrastructure costs is likely to be well received. Be sure to consider how a security fabric with intelligent NPBs can efficiently aggregate data from across the enterprise, filter that data based on the unique needs of each specific tool, and provide metadata about network traffic for use in threat detection and problem resolution. These capabilities make your existing infrastructure work smarter and more efficiently, which can often reduce new capital expenditures. And because the effort is focused on expansion, stakeholders are often more open to a new approach.

Recovering after a security incident

The most obvious opportunity to secure funding for network visibility is when the organization is recovering from a security incident or data breach. This is the optimum time to reconsider the status quo and think “outside the box”. If you’re trying to influence others, circulate information on the advantages of a security fabric. Read success stories describing how others in your industry have made improvements to their network security. Or--reach out and ask for a demo of Ixia solutions. We’d be happy to help.