What Does Network Visibility Have to Do with GDPR?
Work is underway at enterprises in Europe and beyond to prepare for the European Commission’s General Data Protection Regulation (GDPR), going into effect next year on May 25, 2018. If you haven’t thought much about these new rules, you may have some catching up to do. GDPR will impact all organizations that either conduct business in the European Union (EU) or process personal data that originates in the EU. That means nearly every global enterprise. The regulation affirms the duty of organizations to protect the personal data of EU citizens and give them more control over how that data is handled. One big change is that firms that process personal data processing are now just as liable as firms that collect data.
GDPR is a multi-faceted regulation that affects IT infrastructure, processes, and people. No single solution provides the entire answer. But it is clear that strengthening network security and preventing data loss are key to compliance, and those are issues Ixia knows something about.
At first you might wonder, “What does Ixia’s focus on enhancing network visibility have to do with GDPR?” Well, an essential component of defending your data and resources is being able to see all of the traffic moving through your network(s). Network blind spots are commonly used as a foothold for malicious malware and can lead to a data breach and exposure of personal data. The best visibility architectures reduce the opportunities for malware, botnets, and other attacks to get a foothold. Some common weaknesses in network visibility are:
- Virtual and cloud-based traffic: Virtual and cloud-based traffic needs to have the same level of inspection and analysis as traffic between traditional physical devices. You need a visibility architecture with the ability to see inside these environments and inspect communications for threats.
- Dropped packets: You also need to make sure your visibility engine is strong enough to process growing volumes of traffic at sufficient speed and without dropping any packets. Overloaded engines that drop packets or become congested when running multiple filters can create blind spots and vulnerabilities.
- Inefficient use of inspection and monitoring tools: An engine with the ability to filter packets by user, device, application, or geolocation can help tools work more efficiently by sending them only the data they are designed to monitor. With greater efficiency, your existing infrastructure can process more traffic, leaving you more budget to spend on advanced deep packet inspection tools.
- Not planning for downtime: Security infrastructure is great when it is working but you need to consider what happens if you suffer a failure in a system, software, link, or power supply. Keep your security defenses strong with a visibility architecture that can automatically shift traffic to backup tools and maintain full inspection and analysis.
- Being overwhelmed by security alerts: The IT staff can be overwhelmed following up on all the alerts issued by firewalls and intrusion prevention systems. To overcome this issue, some companies are deploying special-purpose filters to block all communications with IP sites associated with threats and attacks and to reduce the number of alerts.
Figure 1: Key Ixia visibility architecture components support GDPR
You may have deployed best-in-class solutions for breach prevention and detection, but to fully comply with GDPR, you may also need to prove you have taken steps to test and verify your overall security infrastructure. In terms of ongoing operations, you may need to document the defensive actions taken, implement specialized data handling procedures, and be able to quickly notify any persons who data is compromised. These issues are more related to the environment your tools operate in. This is where Ixia adds value.
The following are typical projects where we can assist companies in their preparation for GDPR:
- Achieving visibility in the cloud: Ixia provides cloud-native access of traffic in both private cloud and public cloud environments. Ixia CloudLens™ uniquely filters and processes packets at the source, to eliminate the need to transmit packets back to a centralized monitoring location. The architecture supports greater scalability, network agility, and security. Find out more at CloudLens Public and CloudLens Private.
- Monitoring encrypted traffic: The key to using data encryption is to not let it lull you into a false sense of security, as cyberattacks are frequently embedded in encrypted traffic. It is vitally important to decode and inspect encrypted traffic. Ixia’s high-performance visibility engine provides visibility to encrypted traffic without compromising security using role-based controls and a bidirectional decryption capability. Learn more at Visibility Features: SecureStack-SSL Decryption.
- Identifying and masking personal data: Ixia first developed this feature to secure “personally identifiable information” (PII) such as credit card and social security numbers in data sent to monitoring and analysis tools, but it is also ideal for GDRP purposes. Administrators can obscure any data pattern they choose with an easy-to-use graphical interface or use Ixia’s pre-defined templates. Find out more at Visibility Features: PacketStack-Data Masking.
- Testing security infrastructure: In addition to achieving visibility, organizations should validate their network infrastructure is robust and defends against breaches. Ixia test solutions help ensure correct implementations and configurations and simulate network traffic at high volume, that includes personal data, as well as malware and other threats. Find out more at BreakingPoint.
- Deploying resilient security solutions: Ixia’s resilient security solutions ensure you will still be protected if your security infrastructure suffers a temporary outage or you need to take a device offline for upgrade or maintenance. Ixia’s high-performance packet processors are uniquely able to share the workload and provide near-instant recovery in the event of a failure. Find out more at Security Resilience.
- Integrating real-time application and threat intelligence: Pre-filtering known bad IP addresses and traffic out of the data that flows to your security solutions will enhance the performance of your tools and reduce the number of alerts the security team needs to follow up on. Find out more at ThreatARMOR™.
Preparing for GDPR is complex and evolving. Although there are no easy solutions to address all of the requirements, ensuring you have total visibility to the traffic moving across your physical, virtual, and cloud network segments lays a solid foundation.