Authored by: Barb Rigel, Senior Manager Network Visibility, Keysight Technologies
How shocking would it be to learn that a dangerous intruder has been hiding inside your home for six months?
And, to make matters worse, you only find out after your neighbour tells you. What? That is not only scary and well, more than just a little creepy, it’s hard to even imagine.
Yet, that is exactly what happens in many security breaches. The Ponemon Institute’s 2020 Cost of a Data Breach Report showed that it takes organisations on average 206 days to identify a breach and another 73 days to contain it. Unfortunately, many companies find out about a security breach from someone outside the organisation such as a customer, partner or law enforcement.
Malware, viruses, and trojans can sneak into your network and go undetected by your security tools. Cybercriminals know that many enterprises cannot effectively monitor and inspect all SSL traffic, especially at scale as traffic increases. They’re banking on it and too often they win that bet.
When security tools do identify potential threats in the network, it’s not uncommon for IT and SecOps teams to experience ‘alert fatigue’; something experienced by more than 80% of them. Sumo Logic research reports that 56% of companies with more than 10,000 employees receive more than 1,000 security alerts every day and 93% say they cannot address all alerts the same day. Cybercriminals are also aware of alert fatigue and count on IT to ignore many security alerts.
So, what can you do?
Solving the problem with inline security
Effective security monitoring requires end-to-end visibility into traffic across all network links, including virtual and encrypted traffic - without dropping data packets. Today, you have more traffic to monitor than ever. Globalisation, the IoT, cloud, virtualisation and mobile devices are forcing companies to extend their network edge, often to places that are hard to monitor which can cause vulnerable blind spots.
The larger and more complex your network, the better chance you’ll experience network blind spots. Like a dark alley, these blind spots provide a place for threats to go unnoticed until it’s too late.
The best way to address risks and eliminate dangerous blind spots is to create an inline security architecture so you can immediately inspect and stop bad traffic before it ever enters your production network.
A strong visibility solution is the foundation of your security architecture since you need to inspect the massive amount of data crossing your network quickly to identify and filter packets for further analysis.
A network packet broker (NPB) is a critical component of your inline security architecture. The NPB is a device that optimises the flow of traffic between a network tap or SPAN port and your network monitoring and security tools. A NPB sits between bypass switches and inline security appliances and adds another valuable layer of data visibility to your security architecture.
On top of world-class architecture utilising dedicated hardware acceleration, NPBs deliver intelligence and contextual awareness through software applications that provide advanced capabilities including aggregation, deduplication, load balancing, data masking, packet trimming, geolocation and tagging. With an increasing number of threats entering networks through encrypted data packets, Keysight Vision NPBs with SecureStack, for example, can also decrypt and quickly inspect all SSL/TLS traffic.
Think of a NPB as a go-between that helps your security appliances connect seamlessly and safely, to ensure that they do not cause network failures. NPBs help reduce the load on your tools, remove blind spots and improve mean time to repair (MTTR) with faster troubleshooting.
While an inline security architecture may not defend against all threats, it will provide clear vision and secure data access. Data is the lifeblood of your network and sending the wrong data to your tools or, worse, missing data entirely because of dropped packets can leave you feeling safe and protected when, in fact, you are not.