NETWORK VISIBILITY AND CYBER SECURITY
Updated: Dec 10, 2019
Imagine you buy a brand new Bugatti and plan to travel across the beautiful landscape of the European shores, enjoy the stunning view and the fresh air, but suddenly, you find out that some of the best roads are blocked and you are going to miss some of the best views. What a disappointment!
At least when you are driving a car, you know what you may be missing, but this does not apply when you shift to the cyber world. Now imagine that the new and expensive Bugatti is the recent cyber security tool that you have recommended to your company to purchase, and that management expects that it will significantly reduce the cyber security risks. It is indeed the best application that you could pick and it analyzes network traffic in a way that reveals cyber security risks at a very early stage and before it impacts the business. However, the assumption is that the application has full visibility to network traffic with no "blind spots". Well, is this the case in your network?
Historically, organizations used SPAN/Mirror ports that would duplicate network traffic and use that as a source for the monitoring tools, including the cyber security tools. Today, it is clear that the right way to provide full network visibility is by using network TAPs and Packet Brokers, and I will explain why.
There are two key issues when using SPAN/Mirror ports. The first issue is that not all of the traffic is transferred. Under-sized and over-sized packets, as well as packets with CRC errors will never reach the cyber security tool when it relies on the SPAN/Mirror port. Moreover, when the switch is conjested, it will cause the SPAN port to drop packets. Your enterprise may be under a cyber security attack and you will have no clue about it, since the cyber security tool is relying on partial network data. In a sense, it is blind.
So should you invest in deploying a network visibility layer that will provide your cyber security and monitoring tools with full network visibility? The answer is definitely "yes", since cyber security is here to stay and the requirements to connect new and more powerful cyber security applications will only grow.
The solution is based on two key components. The first one are the network TAPs that duplicate network traffic from all the links you wish to monitor, and the second component is the network aggregation, which connects all the TAP traffic into one central location, where you would typically deploy your cyber security tools. Once you have done that, you have established the network visibility overlay network which allows you to perform non-intrusive access to the entire network and ensure that you can gain the most value from your investments in the cyber security solution.
Now that none of the roads are blocked, it is time to hop into your Bugatti and enjoy the great views again.