Story image

Key to inline security success: 'Traffic inspection and detection', exec says

15 Nov 2016

Protecting both network performance and security in an organisation requires a delicate balancing act, according to Ixia.

That’s according to Jason Landry, senior solutions marketing manager at Ixia. He believes the key to successful inline security monitoring is to enable traffic inspection and detection without affecting network and application availability.

“If one of your security tools becomes congested or fails, you still want to be able to keep traffic moving, continue monitoring, and prevent a network or application outage,” says Landry.

“This is more difficult if you deploy inline security appliances behind the firewall in a serial configuration, because the clogged appliance stops all traffic. You can overcome this with redundant network paths but they are expensive and can lead to wastage.”

Landry explains that the goal of a security fabric is to provide security tools with the specific type of traffic they are designed to monitor, regardless of where that traffic is in the network, with complete resiliency.

“This increases the effectiveness of analytics and security tools, and optimises their data access. A security fabric intuitively and intelligently routes and load-balances the right data to the right tools, every time,” he explains.

A security fabric should include a bypass switch, which sends traffic back and forth to inline security tools located off the network, and network packet brokers that send traffic to specific tools for inspection and monitoring.”

Landry has identified a number of desirable features of a high-performing security fabric.

The first is network resilience that includes an external bypass switch, letting administrators maintain and fix tools without disrupting traffic flow or security monitoring.

Number two is tool visibility and efficiency. Landry says that tools need to aggregate traffic from multiple links and provide complete visibility to improve inspection and detection.

Two more key features being security resiliency and high availability. He explains that modular security fabric lets organisations incrementally increase resilience over time to achieve very high uptime for security monitoring.

“Deploying an extended security fabric with redundant network packet brokers (NPBs) eliminates the packet broker as a single point of failure. This is known as active-active configuration, and is essential for environments that require full failover,” says Landry.

Other features include context-aware data processing, security intelligence processing and maximum return on security budget.

“Monitoring requires processing an exploding amount of data. Your security infrastructure must be strong enough to protect your assets and data, while being efficient enough to not impact network or application response time,” explains Landry.

“It should also let you monitor traffic everywhere in your network and offer context-aware intelligence to optimise tool performance, and self-healing resiliency to completely recover from any tool failure.”

Aerohive launches guide to cloud-managed network access control
NAC for Dummies teaches the key aspects of network access control within enterprise IT networks and how you can secure all devices on the network.
Sungard AS named DRaaS leader by Forrester
It was noted for its disaster-recovery-as-a-service solution’s ability to “serve client needs at all stages of their need for business continuity.”
Gartner: The five priorities of privacy executives
The priorities highlight the need for strategic approaches to engage with shifting regulatory, technology, customer and third-party risk trends.
emt Distribution adds risk intelligence vendor
Flashpoint has signed emt Distribution to provide channel partners in Oceania and South East Asia a solution for illicit threat actor communities.
CrowdStrike: Improving network security with cloud computing solutions
Australian spending on public cloud services is expected to reach $6.5 billion this year according to Gartner
Thycotic debunks top Privileged Access Management myths
Privileged Access encompasses access to computers, networks and network devices, software applications, digital documents and other digital assets.
Veeam reports double-digit Q1 growth
We are now focussed on an aggressive strategy to help businesses transition to cloud with Backup and Cloud Data Management solutions.
Paving the road to self-sovereign identity using blockchain
Internet users are often required to input personal information and highly-valuable data from contact numbers to email addresses to make use of the various platforms and services available online.