Use Network Packet Brokers to make data center security infrastructure more efficient and cost effective (by Yoram Ehrlich)
Use Network Packet Brokers to make data center security infrastructure more efficient and cost effective
Today’s enterprise networks and service providers are in a conundrum: as network technologies advance, managing network security has become harder and costlier. Sure, they could continuously introduce new monitoring tools - but this adds configuration hours and management complexities to an already intricate scenario. They could also replace slow-running tools with higher-speed devices - but they’ll incur additional costs. Or, for better results, they can adopt a holistic network monitoring infrastructure that enables migration to a higher network speed while increasing the effectiveness of existing security and monitoring tools.
Today’s security landscape demands strong, holistic-visibility architecture
Security breaches are moving up to ever higher (and frightening) levels and remain a thorn in organizations’ sides. Verizon’s 2018 Data Breach Investigations Report (DBIR) indicated that in 2017, more than 53,000 security incidents were reported and 2,216 breaches confirmed. The number of actual attacks remains unknown but undoubtedly is considerably higher.
Unfortunately, the issue of network security cannot be solved with a one-time purchase, and no security product is “perfect.” Today’s organizations’ best bet is a Network Visibility architecture-based security solution that reveals hidden network dangers and inefficiencies, identifies network hiccups and outages, increases network security, and addresses potential compliance issues — all before they impact the business.
Look for these four critical components when choosing a holistic approach: high efficiency and flexible access to the network, monitoring middleware functionalities (filtering, packet grooming, etc.), advanced monitoring functions (application intelligence, NetFlow support), and monitoring tools connectivity.
...and a more efficient and cost-effective security infrastructure
IT departments currently deploy three to five network tools per link or group of links in the datacenter network, which runs security, compliance, analytics, and various other applications. When these tools are taken offline for upgrades, traffic stops being filtered or traffic flow stops entirely. Moreover, each security and analysis tool is specialized, and they often discard 90%+ percent of the traffic received to get to the specific traffic they can process.
Now, what if each tool were fed only the IP traffic it was able to process in the first place and all its bandwidth and processing power directed only toward their specialized applications, without dropping unwanted packets. What if, in encrypted traffic, these security tools (which analyze just the first 100 bytes of each packet) were not fed a large 1,500-byte packet - a grossly inefficient process considering that today’s datacenter core networks routinely support 100Gb networks and generate petabytes of traffic each day?
Network Packet Brokers can save the day
Thanks to the cost and time it takes to analyze network traffic per bit and re-examine the network architectures that deliver IP packets to the analytics tools, enterprises can no longer afford to buy these tools indefinitely. They need a specialized Ethernet switch that in addition to copying packets can also strip, groom, and place IP traffic automatically with the right security and take terabits of traffic in 100Gb, 40Gb, and 10Gb increments and feed the right data to the right tool in 1Gb or 10Gb increments, with continuous levels of resilience.
The age of Network Packet Brokers is here, and here’s what they can do:
- Provides visibility into network links without degrading availability
- Allows migration of network speeds up to 100Gbps
- Accelerates time to diagnose problems, while ensuring that CAPEX and OPEX costs remain stable as network sizes and speeds grow
- Lowers CAPEX and OPEX costs further with early deployment as part of strategic planning
- Better utilizes monitoring/security infrastructure, simplifies operations, and increases ROI
Four ways NPBs improve ROI
- Load balancing future-proofs 1/10Gb security/ monitoring tools when upgrading to 40/100Gb network speeds. As networks transition to 40Gb and higher link speeds, load balancing helps maximize utilization of existing 1G/10Gb appliances without forcing datacenter IT to purchase new appliances that support 40Gb/100Gb. Datacenter staff can continue to buy 1/10Gb-based security/ monitoring appliances at a dramatically lower cost.
- Deep traffic grooming optimizes toolsets, enables CAPEX and OPEX savings. Most security appliances focus only on a specific type of traffic. NPBs can filter out the traffic that is not relevant to the appliance and map only the traffic the appliance needs to the appropriate port. This allows a higher link-to-appliance ratio and reduces storage capacity of each tool, all of which reduces costs.
- Aggregation reduces security, analysis, and compliance costs. NPBs can consolidate multiple packet stream inputs into one larger stream (i.e., five 1Gb or 10Gb links into a single 10Gb or 100Gb link), or do the reverse (i.e., a single 10Gb or 100Gb link into multiple 1Gb or 10Gb connections). Connecting many security, analysis and compliance devices to every link may appear costly but not protecting them may cost even more. Now, network engineers can look at link throughput while allowing multiple lower-speed links to remain protected by a single NPB appliance.
- Extended visibility across SDN/NFV environments provides optimal ROI. With 80% of server workloads virtualized by 2016, NPBs’ integration within SDN/NFV infrastructure provides visibility into virtual servers’ traffic to apply monitoring and security policies to it without disrupting or degrading traffic. NPBs can also seamlessly scale packet access and delivery across both physical and logical network boundaries, using tunneling protocols (VXLAN and NVGRE), both of which ensure continuous uptime for network security systems.
Look at NPBs this way: They are intelligent security visibility devices that make network traffic visible and available to the various components of a security infrastructure - and they are the ticket to making it more efficient and cost-effective.
Author - Yoram Ehrlich is VP Products at Niagara Networks, which provides high performance network visibility solutions to allow seamless administration of security solutions, performance management, and network monitoring. www.niagaranetworks.com, firstname.lastname@example.org