Don’t Make Your Network the Weak Point in Your Security Strategy

It’s a problem that’s difficult to avoid: Limited IT security budgets and personnel leave many IT teams struggling to optimize network security monitoring. These challenges often lead to data loss and cybersecurity attacks, which are then followed by increased hardware and technology costs and additional InfoSec personnel to keep up with the overwhelming number of security alerts and breaches. Organizations spend a lot of time, effort and money deploying the latest and greatest tools without ever addressing the fundamental problem of adequate network security design.

Your business, network and security operations teams should drive security initiatives together to ensure success. Network security tools, tactics and security policies are designed to monitor, prevent and respond to unauthorized network intrusion, while also protecting digital information assets, including network traffic. You need defense from threat actors seeking to compromise your data, whether the infiltration comes from outside criminals or due to internal factors.

You need a solution that is:

• Scalable: Visibility into all data in transit, from raw packets to applications, at any network speed
• Smart: Automated, end-to-end capabilities from access, aggregation and transformation to threat detection and response
• Pervasive: One common architecture spans physical, virtual and cloud networks to eliminate blind spots and simplify management

Networks have become far more complex in recent years, as the volume and variety of data traversing them grows. Many IT teams have struggled to adapt to the new workload, while also ensuring network speeds remain high. Avoid the blind spots created by increased data traffic by deploying visibility solutions designed to tackle the problem and create a more secure and efficient environment.

Have You Done Everything Possible to Secure Your Network Infrastructure?

Today, a variety of devices, both hardware- and software-based, are frequently present in any given network, including:

• Networking hardware, such as routers, switches, LAN cards, wireless routers and cables
• Networking software or perimeter devices, such as firewalls, operating systems, network security applications, intrusion detection systems (IDS), network operations and systems, access control (NACs), anti-malware software
• Network gateway services, such as DSL, satellite, wireless protocols, IP addressing and T-1 lines

However, even with the robust tech stack outlined above, it can be difficult to fully understand how traffic flows across the network. To overcome the challenge, we must tackle it from all angles and across all layers of the OSI (Open System Interconnection) model. Network visibility is essential to ensuring that all of your traffic is authorized: If you can’t see it, you can’t protect your assets. Better network visibility means being able to improve your network and security operations, leading to less stress on your infrastructure.

The Visibility Challenge

The first step to provide visibility is collecting full-fidelity data, whether that data resides in the cloud, in containers or on-premises. Acquiring reliable data can be tricky for a number of reasons. For instance, SPAN ports are often overloaded, leading to dropped packets. In addition, SPAN ports on network switches are precious, so deployments that provide traffic mirroring and forwarding for analysis by multiple tools are preferred.

A number of standard industry tools provide reliable sources of visibility.For instance, IPFIX, which stands for IP Flow Information eXport, is an IETF standard specifically meant to make flow data available to a broad range of vendors more easily. NetFlow is frequently built into network hardware traffic devices, but it’s also available in standalone appliance form, which allows the collection and analysis of network traffic. However, NetFlow is often sampled to avoid excessive burdens on routers and switches, leaving you with incomplete views into network traffic.

The Problem with Encryption

Most network traffic today is SSL/TLS-encrypted, and most security tools are unable to find hidden threats carried by that encrypted traffic. Encrypted traffic makes it difficult to passively monitor the network ­­— to report a compromised machine or to alert security when a breach occurs, for instance. Without the ability to decrypt and analyze this traffic, you may be unable to fully understand your exposure and risk.

Many security tools can decrypt SSL/TLS-encrypted traffic. But tool-based decryption is a processor-intensive function that steals a large amount of resources from security tools. A recent study by NSS Labs, for example, found that:

“…the following was observed when measuring product performance with SSL/TLS turned off versus with SSL/TLS turned on:

• There was a 92 percent drop in the average connection rate of the tested products, connection degradation ranged from 84 percent to 99 percent
• Latency in the average application response time of the tested products increased by 672 percent; latency ranged from 99% to 2,910 percent
• There was a 60 percent drop in the average throughput of the tested products, throughput degradation ranged from 13 percent to 95 percent”

Solution: Centralize SSL/TLS Decryption

Gigamon GigaSMART^® SSL/TLS Decryption eliminates the blind spot created by encrypted traffic, enabling your organization to combat hidden threats while preserving user privacy and regulatory compliance. Powerful policies let you bypass specific types of traffic, such as financial or healthcare data to maintain data privacy. You can “decrypt once, inspect all” by sharing context with other tools, which makes for a better security stack complemented by an open, extensive and growing ecosystem.

Growing Your Business

Your data is the seeds of your business: It supports your growth, carries vital resources and helps your organization stay reliable. And if data is living seeds, then your network is the source that supports production through your supply chain. But modern cyberthreats are like parasites, doing everything possible to take from the farm that keeps your business going. The Gigamon Visibility and Analytics Fabric™ gives you the vision you need to spot these threats and help your seeds grow.

The author, Timothy Wong, is a Gigamon Community MVP.