THE 5 HIDDEN COSTS OF CYBER SECURITY THAT YOU SHOULD AVOID
Updated: Dec 10, 2019
It is common wisdom that Cyber Security and Monitoring applications that analyze network traffic must have full network visibility to avoid ‘blind spots’ that may be the source of a cyber security attack. In a previous post named Network Visibility and Cyber Security, we explained why the industry is shifting from SPAN/Mirror ports towards Network Packet Broker solutions. This post focuses on the 5 hidden costs that you want to avoid when deploying Network Packet Brokers, or NPB in short, that enable and optimize your cyber security and monitoring tools and applications.
The high cost of not deploying NPB A few weeks ago I had a discussion with an old colleague at Dimension Data, a global system integrator, and he said that while operators and large enterprises appreciate the benefits of deploying the network visibility layer, many of them are reluctant to do so, due to the high cost of the NPBs. Apparently, this challenge is not limited to Dimension Data customers. Last week I was on a roadshow in India and met a large mobile operator based in Mumbai and heard that they did a partial deployment of NPBs, due to the high cost, and this was with their 10G pipes and before the upgrade to 100G pipes. When you do not deploy a network visibility layer, or do it in a partial manner that does not fully avoid ‘blind spots’, the risk is losing unsatisfied customers who may be impacted by cyber security attacks or performance issues. Moreover, without full NPB deployment that covers all your network segments, your ability to run filters that reduce cyber security tool utilization, is limited, which will result in the need to invest in additional cyber security resources and licenses.
High deployment costs Up to the late 90’s, customers used to pay premium prices for their IT infrastructure, since hardware and software were non-standard and proprietary. If you purchased a computer from Digital Equipment Computers, known as DEC, you had to use their proprietary VMS operating system running on proprietary VAX servers, communicate with the proprietary DECNETprotocol, and connect to the server using proprietary VT100 terminals, all manufactured by Digital Equipment Computers. This was expensive and did not make economic sense, and the industry soon switched to standards that allowed the use of best of breed hardware platforms which resulted in improved performance at a lower cost. The NPB market is going through a similar paradigm. Incumbent packet broker vendors such as VSS, Gigamon and Ixia, offer proprietary hardware, just like DEC did four decades ago, and charge their customers premium prices to finance their high hardware manufacturing costs. CGS, on the other hand, provides the next generation Network Packet Brokers appliances, based on best of breed top-of-rackswitching platforms that provide superior performance at an affordable price.
High maintenance costs NPB vendors often provide massive discounts for their proprietary appliances to close a deal, assuming that the annual maintenance costs based on list price will generate the expected revenue. Making a 5 year TCO can partially mitigate this risk.
Expensive upgrade costs Typically, when one buys a network appliance, he or she are confident that it will be sufficient for 3-5 years, however, this is often not the case. An upgrade from 10G pipes to 40G or 100G may require the purchase of new NPBs to replace the old ones. In order to avoid this, make sure that the NPB you purchase today that supports your 10G and 40G pipes, will also support 100G pipes, without the need to replace the hardware. Also, try to avoid a complex licensing model that will require you to pay premium prices for additional ports.
NPB power consumption, cooling and data center rack space costs The fifth hidden cost is the high power consumption, the cooling and the large rack space that most of the first generation NPB solutions require. You should be looking for high density NPB that can provide you with the current and future requirements in a 1U chassis.
CGS has developed the next generation NPB solution with superior performance, scalability and reliability, based on top-of-the-rack switching platform that significantly reduces cost, complexity and footprint. The 1U chassis, supports 32 ports of 40G/100G and 128 ports of 10G/25G which simplifies migration between 10G, 25G, 40G and 100G ports.