Lora O'Haver
Senior Solutions Marketing Manager

What is a security fabric?

October 5, 2016 by Lora O'Haver

Guarding the enterprise network perimeter by putting everything behind a firewall is just not practical anymore. Data are everywhere. Workloads run anywhere. And hackers…well…they are trying to get into your network wherever and whenever they can. The strategy of a singular network guard, a firewall, just won’t do. What happens if someone or something get past the firewall? That is exactly the goal of hackers when they use a technique known as an advanced persistent threat (APT). They aim to get inside your network and stay there, undetected, for as long as possible while they open up back doors and sift through your files looking for valuable data they can steal.

The increase in attacks coupled with workload mobility are just a couple of the reasons enterprise security has moved beyond the traditional firewall. Businesses are deploying an increasing number of security appliances and monitoring tools to protect their brand, their secrets, and their customers’ information anywhere it is. This insatiable appetite for more security has littered data center racks with network security appliances in every size, category, and color – all doing their part to protect you from external threats or analyzing internal traffic. And while they may be doing different things, there is one thing all network security tools have in common – they need access to network traffic. And that is what a security fabric delivers.

A security fabric is more than a security delivery platform

Some may label the function of delivering network traffic to security tools a security delivery platform (or SDP). And while the description may be accurate, simply delivering data to your security and monitoring tools is not enough. Getting the right network traffic to the tools that need it, without fail, every single time, is what separates a security fabric from a security delivery platform. No packets can be lost trying to remove duplicates. No packets can go undelivered because of overlapping filters. Otherwise, the security and monitoring tools you invested in could easily misdiagnose or worse, fail to alert you to a possible threat.

A security fabric is the foundation for stronger inline and out-of-band security deployments

To create a stronger inline and out-of-band security deployment, it all starts with strategically deploying data access devices throughout the network. External bypass switches are used to protect inline security tools like firewalls, intrusion prevention systems (IPS), and unified threat management (UTM) systems from becoming a single point of failure and disrupting network connectivity. Physical and virtual taps along with SPAN ports provide passive data access to out-of-band tools like security information and event management (SIEM) systems, intrusion detection systems (IDS) as well as various forensic, recording, and packet capture tools.

A security fabric is the model for deploying and integrating network security and monitoring tools

All of your inline and out-of-band security and monitoring tools plug into the network packet broker (NPB). So do the data access devices like taps and bypass switches. This provides all of the tools with complete data access regardless of where the tool is physically located. Before the traffic is delivered to your tool, packets are processed by the security fabric’s data processing engines located inside the NPB. Ixia’s Security Fabric has dual data processing engines. The context-aware data processing engine automatically recognizes rich metadata and more than 220 application signature families so you don’t have to write regular expressions for every type of application filter you want to configure. The security intelligence processing engine masks sensitive information like credit card and social security numbers for data compliance and also decrypts SSL traffic so your security tools can find malware hidden in encrypted communications.

Ixia’s Security Fabric also takes security intelligence processing one-step further than a security delivery platform can. Activate the Security Fabric’s threat intelligence gateway to automatically block traffic from IP addresses known to distribute malware, viruses, and other attacks from ever entering your network. Removing this known bad traffic can help relieve your security tools from ever having to inspect it and block it and we have seen customers like Hyperbox reduce their number of SIEM alerts by 80%.

So, what is a security fabric? By now, you probably have a pretty good idea. And if you want to explore the Ixia Security Fabric a little further, check out its web page: https://www.ixiacom.com/securityfabric