Key to inline security success: 'Traffic inspection and detection', exec says
Protecting both network performance and security in an organisation requires a delicate balancing act, according to Ixia.
That's according to Jason Landry, senior solutions marketing manager at Ixia. He believes the key to successful inline security monitoring is to enable traffic inspection and detection without affecting network and application availability.
“If one of your security tools becomes congested or fails, you still want to be able to keep traffic moving, continue monitoring, and prevent a network or application outage,” says Landry.
“This is more difficult if you deploy inline security appliances behind the firewall in a serial configuration, because the clogged appliance stops all traffic. You can overcome this with redundant network paths but they are expensive and can lead to wastage.
Landry explains that the goal of a security fabric is to provide security tools with the specific type of traffic they are designed to monitor, regardless of where that traffic is in the network, with complete resiliency.
“This increases the effectiveness of analytics and security tools, and optimises their data access. A security fabric intuitively and intelligently routes and load-balances the right data to the right tools, every time,” he explains.
“A security fabric should include a bypass switch, which sends traffic back and forth to inline security tools located off the network, and network packet brokers that send traffic to specific tools for inspection and monitoring.
Landry has identified a number of desirable features of a high-performing security fabric.
The first is network resilience that includes an external bypass switch, letting administrators maintain and fix tools without disrupting traffic flow or security monitoring.
Number two is tool visibility and efficiency. Landry says that tools need to aggregate traffic from multiple links and provide complete visibility to improve inspection and detection.
Two more key features being security resiliency and high availability. He explains that modular security fabric lets organisations incrementally increase resilience over time to achieve very high uptime for security monitoring.
“Deploying an extended security fabric with redundant network packet brokers (NPBs) eliminates the packet broker as a single point of failure. This is known as active-active configuration, and is essential for environments that require full failover,” says Landry.
Other features include context-aware data processing, security intelligence processing and maximum return on security budget.
“Monitoring requires processing an exploding amount of data. Your security infrastructure must be strong enough to protect your assets and data, while being efficient enough to not impact network or application response time,” explains Landry.
“It should also let you monitor traffic everywhere in your network and offer context-aware intelligence to optimise tool performance, and self-healing resiliency to completely recover from any tool failure.