How do you bring more security and reliability to your own network in a responsible manner? Garland Technology partnered with Flowmon to address the ongoing challenges that defy these exact questions. Together, we have identified a responsible and reliable solution that recognizes no matter how large or complex the environment is, companies may have minimal budget and personnel to dedicate to solving these network challenges. Let’s explore the key ways to achieve this added security and reliability.
Maintain Reliable Internal Protections
Your internal network is not trustworthy. The network fabric that extends from a network firewall to each of your endpoints is a dark spot that can garner malicious data. This area is full of users with insider knowledge of data, insider permissions and rights, and generally lacks protection and monitoring.
If this sounds like a recipe for a data breach, it is! Is it any surprise that hackers tend to go after high-value targets with minimal protection? As your network grows, it will reach a point where monitoring protection may not be enough, and you have to turn to active security prevention measures. According to the Risk Based Security Annual Data Breach report, 2018 showed the second-highest reported data breaches of any year on record with 6,500 total breaches, with most of these breaches coming from inside the network.
Identify Efficient Monitoring Methods That Use the Right Data
Full packet inspection can be overkill and SNMP is often not enough. These are two of the most common methods of monitoring network performance, performing network diagnostics, and evaluating network security.
When Flowmon and Garland Technology work together, we can take the entire packet and transform the data into dashboards, reports, and analytics. The Garland Network TAP and packet broker functionality create a full copy of the raw network traffic feeding Flowmon’s Probe to view the metadata of each packet.
Flowmon has 250 different data points and fields they can evaluate without having to look inside the packets themselves. Using NetFlow based data, the Probe analyzes the data and provides the same intelligence a full packet inspection system has, but with only using 1/500th of the data. The system peers at Layers 2-7 to achieve different goals with the data like:
- Performing tunnel decapsulation at Layers 2 and 3.
- Evaluating and reporting on network performance metrics like round trip time and server response time
- Looking through Layer 7 performing TLS data, DNS, DHCP, SMB, and VOIP performance as well as email.
Use Tools You Don’t Have to Worry About
All network engineers are hesitant when deploying new tools. To solve for hesitancy related to installation problems, Flowmon and Garland have designed their solution to have a plug-and-play functionality. Once the solution is installed, you will not have to babysit the execution of these tools. The solution in your data center will generate alerts and dashboards to export and analyze network performance.
When an engineer connects a Garland EdgeSafe™: Bypass TAP to an inline tool, heartbeats are able to detect soft errors. The TAP sends out specialized heartbeat packets into connected tools, which loop back around to the bypass TAP. As long as the “heartbeat” packets transmitted are received back, you will know the health of your tool is operational. If any of the heartbeat packets do not make it back to the TAP that originated the heartbeat, a soft error is sensed. When this happens, the tool is taken offline for maintenance, while traffic continues to flow through the network, or passed to a secondary tool in a high availability scenario.
Select Tools That Work Together to Protect Your Network
The last thing you want to do is negatively affect the performance of your infrastructure with your own tools. When your tools work in unison, visibility and security of the data stay the central priority.
A good example of tools working together is when you combine a solution from Garland Technology, Flowmon, and Palo Alto, using Garland’s EdgeLens® Inline Security Packet Broker to connecting to both the Flowmon probe and a Palo Alto NGFW. The Edgelens uses bypass technology to manage the lifecycle of the NGFW, while also generating a full copy of the traffic to send to the Flowmon probe. Flowmon will then create the NetFlow network metadata and provide an analysis on the dashboard. All the NetFlow generation done by Flowmon is completely out-of-band, and will not have an affect on the Palo Alto NGFW or any other inline device. A benefit to using Flowmon in this scenario is that typically, when NetFlow is done by core switches and routers, sampling can happen and key data points will be missed. There could also be a performance hit on the boxes themselves. With out-of-band, it’s completely passive.
Flowmon works in a variety of environments including on-prem and virtual environments. The cloud solution works with Azure, Google Cloud, and AWS. With Garland Prisms, the two work beautifully in virtual environments, monitoring virtual traffic with no network impact and utilizing a fraction of the data.
[Want to learn more about the Garland and Flowmon complete solution? Watch our latest on-demand webinar, Complete Network Visibility & Security for IT Operations.]