<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2975524&amp;fmt=gif">
BLOG

10 Cybersecurity Visibility Best Practices

December 17, 2020

Cybersecurity

2020 was challenging in many ways, from a rapid influx of remote working, the maturity of 5G computing, IoT/OT infrastructure, Edge and Cloud environments to the threats that come with them. According to AT&T Cybersecurity Insights™ Report 2021, “83.2% of respondents believe attacks on web-based applications will be a challenge” in 2021. And 47% agree, “5G poses an elevated security threat partly because there are more vectors through which adversaries can attack.”

Security teams are tasked with not only implementing a growing combination of tools and analytics to identify and protect a widening threat vector, but incorporating industry best practices to better guide their deployment philosophies. We put together a breakdown of this year's top cybersecurity visibility best practices to keep in mind while architecting your 2021 deployments.

1. IDS vs IPS Go-to Tools for Modern Security Stacks

When companies are building their IT security strategies to combat security threats, two of the most important network security tools used to detect and actively block threats into the network are Intrusion Detection System (IDS) and Intrusion Prevention System (IPS).

Learn how IDS and IPS works, what the differences are, and just as important how to deploy and manage them.

2. 7 Threat Hunting Best Practices to Keep Your Network Secure

Threat hunting is the act of looking for signs of cybersecurity attacks to prevent them before they occur or do too much damage. It's a proactive strategy that protects your organization's IT assets and data through continuous monitoring and analysis. Threat hunting often involves thinking like an attacker and spotting weak points before they're compromised. 

Learn more on threat hunting best practices to keep your network secure.

3. How to Defend Against DDoS Attacks and Network Downtime

DDoS attacks work by sending large amounts of fake traffic to a web application or service. If the DDoS attack is large enough, then the target can’t handle the volume of junk data, and the website, service, or application crashes.

Learn how some companies deploy DDoS Detection & Mitigation tools that combine multi-vector distributed denial-of-service defenses, utilizing threat intelligence to recognize, filter and block malicious traffic.

4. What is SSL and TLS and How it Works in Today’s Security

Due to the significant growth in encrypted traffic it’s easy to see why decryption is critical to securing today’s enterprise networks. With growing blind spots forming in encrypted traffic, SSL/TLS sessions are increasingly used to conceal malware, hide command-and-control traffic and cloak the exfiltration of stolen data, inadvertently camouflaging malicious traffic. Effectively exploiting the very technology used to make user data and privacy more secure.

Learn about SSL and TLS, and how they work in today’s security.

>> Download Now: Learn how to improve your threat detection and prevention tool deployment [Free Whitepaper]


5.The 101 Series: Out-of-Band vs Inline Network Security

Designing a modern cybersecurity strategy is no easy feat, as it must protect all components of a complex network, while having a limited effect on performance. As expected, we get a lot of questions about the differences between an inline and out-of-band security deployment and whether or not network TAPs or Bypass TAPs are needed.

Learn how today’s security strategies incorporate both scenarios, with a suite of active blocking and passive monitoring tools.

6. Firewall Primer: Best Practices for Avoiding Downtime

Firewalls prevent unauthorized access to your network, protecting your data from being compromised and is considered a bedrock of IT security stacks along with Intrusion Prevention System (IPS) and Security Information and Event Management (SIEM).

Review which firewall you may need to deploy and best practices for managing availability of inline firewalls.

7. Why Cybersecurity Relies on Redundancy to Ensure Network Availability

We’ve talked about the 3 keys to network resiliency being bypass technology, failsafe technology, and network redundancy.


The concept of network redundancy is accomplished through what is referred to as High availability (HA) deployments. HA network designs incorporate redundant components for critical power, cooling, compute, network, security and storage infrastructure with the goal of eliminating any single point of failure that could compromise the network.

Let’s dig deeper and review what network redundancy is, when it is needed and how to deploy High Availability (HA) solutions in your network.

8. How Historical Look-back is Revolutionizing Network Forensics and Inline Deployment

With the sophistication of cybersecurity threats growing, the tools deployed to counter these risks are a combination of out-of-band and inline security solutions that include Intrusion Prevention Systems (IPS), Firewalls, DDoS (Distributed Denial of Service) protection and network forensics and analyzers.


Learn how Garland Technology has pioneered a solution addressing the challenge of a growing security stack, by deploying a method we call “Historical Look-back.” This adds packet capture, storage capabilities and forensics to your inline deployment without using SPAN or additional access points, providing the next evolution of network security. 

9. Adapting to New Security Demands at the Edge

As if traditional data center security wasn’t challenging enough, edge computing introduces two key factors that emphasize your vulnerabilities—decentralized data and device volume.

The core of edge computing is the idea that you can shift processing power to the outer edges of your network where data is generated. While that’s great for application speed, it naturally removes data from the safety of your central security systems. And that challenge is only compounded by the fact that more and more devices are being added to the edge of your network.

Learn how to adapt to new security demands at the Edge.

10. Monitor and Maintaining Your Zero Trust Environment

Cybercrime on local and state governments is continuing to rise, as cybercriminals understand the government possesses lots of data and information that are vital and highly classified. The government has adopted a Zero Trust (ZT) strategy, which shifts focus toward individual access and away from protecting wide segments of the network, away from a perimeter-based only cybersecurity approach.

The AT&T Cybersecurity Insights™ Report 2021 says “93.9% of respondents indicate they are researching, implementing, or have completed a Zero Trust initiative.”

Learn how to monitor and maintain your Zero Trust environment.


With this growing number of security tools the new reality is that IT teams are looking for ways to simplify their security stack. Garland’s EdgeLens allows teams to manage both inline and out-of-band tools including Firewalls, DDoS, IDS, IPS, SIEM and more from one device, providing the reliability of bypass TAPs ensuring network uptime, with the advanced features of a packet broker allowing you to optimize traffic for analysis.

Looking to add inline or out-of-band security monitoring solutions, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do.

IT security garland Technology tool deployment

See Everything. Secure Everything.

Contact us now to secure and optimized your network operations
Contact Us

Heartbeats Packets Inside the Bypass TAP

If the inline security tool goes off-line, the TAP will bypass the tool and automatically keep the link flowing. The Bypass TAP does this by sending heartbeat packets to the inline security tool. As long as the inline security tool is on-line, the heartbeat packets will be returned to the TAP, and the link traffic will continue to flow through the inline security tool.

If the heartbeat packets are not returned to the TAP (indicating that the inline security tool has gone off-line), the TAP will automatically 'bypass' the inline security tool and keep the link traffic flowing. The TAP also removes the heartbeat packets before sending the network traffic back onto the critical link.

While the TAP is in bypass mode, it continues to send heartbeat packets out to the inline security tool so that once the tool is back on-line, it will begin returning the heartbeat packets back to the TAP indicating that the tool is ready to go back to work. The TAP will then direct the network traffic back through the inline security tool along with the heartbeat packets placing the tool back inline.

Some of you may have noticed a flaw in the logic behind this solution!  You say, “What if the TAP should fail because it is also in-line? Then the link will also fail!” The TAP would now be considered a point of failure. That is a good catch – but in our blog on Bypass vs. Failsafe, I explained that if a TAP were to fail or lose power, it must provide failsafe protection to the link it is attached to. So our network TAP will go into Failsafe mode keeping the link flowing.

Glossary

  1. Single point of failure: a risk to an IT network if one part of the system brings down a larger part of the entire system.

  2. Heartbeat packet: a soft detection technology that monitors the health of inline appliances. Read the heartbeat packet blog here.

  3. Critical link: the connection between two or more network devices or appliances that if the connection fails then the network is disrupted.

NETWORK MANAGEMENT | THE 101 SERIES