Back in the early days of the 90's, before cybercrime really took off, no one really anticipated a need for a network to run more than two security appliances at the same time. That was then.
Here and now, cyber-threats are extremely serious business, and networks are larger than ever. IT Security teams have a growing number of inline and out-of-band tools within their security stack.
Meet the solution of today: Tool Chaining.
Not only are there more links to contend with—in this case, physical connections between a switch and a router—but there are far more security tools in the mix. In our other blog, (Four Roadblocks to Deploying a Full Stack of Inliine Security Appliances), we discussed the potential drawbacks that occur when too many appliances get in the way of network functionality.
>> Download now: Learn how to improve your IT security with better threat detection and prevention tool deployment.
Chaining, (aka daisy chaining) as it is called by network administrators, is a fundamental strategy that looks to secure the network edge. It is the solution for problems that arise when more than two in-line security appliances need to see the same data. Many security devices are wired into unified chains (taking the form of either a line or a circle). A network packet broker (NPB) system uses these unified chains to maximize network visibility. Not only does this visibility enhance the security of a network, it also allows administrators to catch the telltale signs of an impending network outage, and rectify them before anything comes unglued.
The Chaining Process with EdgeLens
Chaining isn't just a means to efficiency—it's necessary given our hardware device climate, in which the inherent limitations of SPAN port solutions have led to increased usage of a network TAP port alternative. Let's talk about what chaining looks like in practice:
- All security appliances are connected to each other, and to a network packet broker (NBP), such as Garland's EdgeLens creating a unified visibility plane.
- The NBP is the only appliance that actually sits in-line. When traffic enters the network, the NPB sends data packets through the in-line security appliance chain.
- The traffic data passes through the chain, while being analyzed by each appliance in its turn. After the data is cleared, the NBP copies and stores it for forensic analysis at a later date, should that be necessary.
- Full visibility allows administrators to monitor data packets both before and after they pass through the security stack, allowing them to troubleshoot network issues without negatively affecting traffic. In addition, archiving the traffic data.
Supporting Chaining Strategies with Garland Technology
We don't just have the knowledge to help network professionals evade the perils and pitfalls of in-line security appliance deployment—Garland Technologies also has the hardware to back up our expertise. The EdgeLens® hybrid bypass TAP is a formidable enterprise security solution for administrators overseeing numerous in-line security appliances. Matching bypass TAP capabilities with intelligent packet brokering, EdgeLens will play a leading role within chained security stacks, emphasizing visibility and real-time monitoring both inline and out-of-band.
The network edge can seem like a dangerous place sometimes—but with Garland's winning approach to chaining, administrators will have unparalleled visibility into emergent threats.
Looking to add inline chaining solutions, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do.
