<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2975524&amp;fmt=gif">
BLOG

4 Ways to Achieve Reliable Security in an Enterprise Network

November 14, 2019

net 2

How do you bring more security and reliability to your own network in a responsible manner? Garland Technology partnered with Flowmon to address the ongoing challenges that defy these exact questions. Together, we have identified a responsible and reliable solution that recognizes no matter how large or complex the environment is, companies may have minimal budget and personnel to dedicate to solving these network challenges. Let’s explore the key ways to achieve this added security and reliability. 

Maintain Reliable Internal Protections 

Your internal network is not trustworthy. The network fabric that extends from a network firewall to each of your endpoints is a dark spot that can garner malicious data. This area is full of users with insider knowledge of data, insider permissions and rights, and generally lacks protection and monitoring.

If this sounds like a recipe for a data breach, it is! Is it any surprise that hackers tend to go after high-value targets with minimal protection?  As your network grows, it will reach a point where monitoring protection may not be enough, and you have to turn to active security prevention measures. According to the Risk Based Security Annual Data Breach report, 2018 showed the second-highest reported data breaches of any year on record with 6,500 total breaches, with most of these breaches coming from inside the network. 

Flowmon Garland Webinar for Complete Network Visibility and Security

Identify Efficient Monitoring Methods That Use the Right Data  

Full packet inspection can be overkill and SNMP is often not enough. These are two of the most common methods of monitoring network performance, performing network diagnostics, and evaluating network security. 

When Flowmon and Garland Technology work together, we can take the entire packet and transform the data into dashboards, reports, and analytics. The Garland Network TAP and packet broker functionality create a full copy of the raw network traffic feeding Flowmon’s Probe to view the metadata of each packet.

Flowmon has 250 different data points and fields they can evaluate without having to look inside the packets themselves. Using NetFlow based data, the Probe analyzes the data and provides the same intelligence a full packet inspection system has, but with only using 1/500th of the data. The system peers at Layers 2-7 to achieve different goals with the data like: 

  • Performing tunnel decapsulation at Layers 2 and 3. 
  • Evaluating and reporting on network performance metrics like round trip time and server response time
  • Looking through Layer 7 performing TLS data, DNS, DHCP,  SMB, and VOIP performance as well as email.

 

Use Tools You Don’t Have to Worry About

All network engineers are hesitant when deploying new tools. To solve for hesitancy related to installation problems, Flowmon and Garland have designed their solution to have a plug-and-play functionality. Once the solution is installed, you will not have to babysit the execution of these tools. The solution in your data center will generate alerts and dashboards to export and analyze network performance. 

When an engineer connects a Garland EdgeSafe™: Bypass TAP to an inline tool, heartbeats are able to detect soft errors. The TAP sends out specialized heartbeat packets into connected tools, which loop back around to the bypass TAP. As long as the “heartbeat” packets transmitted are received back, you will know the health of your tool is operational. If any of the heartbeat packets do not make it back to the TAP that originated the heartbeat, a soft error is sensed. When this happens, the tool is taken offline for maintenance, while traffic continues to flow through the network, or passed to a secondary tool in a high availability scenario.  

Select Tools That Work Together to Protect Your Network 

The last thing you want to do is negatively affect the performance of your infrastructure with your own tools. When your tools work in unison, visibility and security of the data stay the central priority.

A good example of tools working together is when you combine a solution from Garland Technology, Flowmon, and Palo Alto, using Garland’s EdgeLens® Inline Security Packet Broker to connecting to both the Flowmon probe and a Palo Alto NGFW. The Edgelens uses bypass technology to manage the lifecycle of the NGFW, while also generating a full copy of the traffic to send to the Flowmon probe. Flowmon will then create the NetFlow network metadata and provide an analysis on the dashboard. All the NetFlow generation done by Flowmon is completely out-of-band, and will not have an affect on the Palo Alto NGFW or any other inline device. A benefit to using Flowmon in this scenario is that typically, when NetFlow is done by core switches and routers, sampling can happen and key data points will be missed. There could also be a performance hit on the boxes themselves. With out-of-band, it’s completely passive. 

Flowmon works in a variety of environments including on-prem and virtual environments. The cloud solution works with Azure, Google Cloud, and AWS. With Garland Prisms, the two work beautifully in virtual environments, monitoring virtual traffic with no network impact and utilizing a fraction of the data.

[Want to learn more about the Garland and Flowmon complete solution? Watch our latest on-demand webinar, Complete Network Visibility & Security for IT Operations.]

See Everything. Secure Everything.

Contact us now to secure and optimized your network operations
Contact Us

Heartbeats Packets Inside the Bypass TAP

If the inline security tool goes off-line, the TAP will bypass the tool and automatically keep the link flowing. The Bypass TAP does this by sending heartbeat packets to the inline security tool. As long as the inline security tool is on-line, the heartbeat packets will be returned to the TAP, and the link traffic will continue to flow through the inline security tool.

If the heartbeat packets are not returned to the TAP (indicating that the inline security tool has gone off-line), the TAP will automatically 'bypass' the inline security tool and keep the link traffic flowing. The TAP also removes the heartbeat packets before sending the network traffic back onto the critical link.

While the TAP is in bypass mode, it continues to send heartbeat packets out to the inline security tool so that once the tool is back on-line, it will begin returning the heartbeat packets back to the TAP indicating that the tool is ready to go back to work. The TAP will then direct the network traffic back through the inline security tool along with the heartbeat packets placing the tool back inline.

Some of you may have noticed a flaw in the logic behind this solution!  You say, “What if the TAP should fail because it is also in-line? Then the link will also fail!” The TAP would now be considered a point of failure. That is a good catch – but in our blog on Bypass vs. Failsafe, I explained that if a TAP were to fail or lose power, it must provide failsafe protection to the link it is attached to. So our network TAP will go into Failsafe mode keeping the link flowing.

Glossary

  1. Single point of failure: a risk to an IT network if one part of the system brings down a larger part of the entire system.

  2. Heartbeat packet: a soft detection technology that monitors the health of inline appliances. Read the heartbeat packet blog here.

  3. Critical link: the connection between two or more network devices or appliances that if the connection fails then the network is disrupted.

NETWORK MANAGEMENT | THE 101 SERIES