Cyber attacks have become more persistent and sophisticated, leaving security professionals tasked with bolstering the network’s edge with a layer of complex security devices; each responsible for detecting, stopping, and analyzing specific types of threats.
With such complex networks and highly sophisticated attacks becoming the norm, companies no longer rely on a single tool to protect their network. Instead they rely on a combination of inline and out-of-band tools to handle firewall monitoring, bandwidth monitoring, protocol analysis, data leak prevention, traffic trending probes, packet analysis, and intrusion detection and prevention.
Intrusion Detection Service - Deployed out-of-band, an IDS detects malicious traffic on the network through either signature-based or anomaly-based techniques, logs the events, and alerts network administrators about the intrusion.
Intrusion Prevention Service - Deployed inline, an IPS is a proactive form of network defense; providing real-time inspection of each packet. Any suspicious or malicious packets are then dropped from the live network stream. There are more advanced methods of detection with an IPS over an IDS, including the addition of policy-based and protocol analysis-based methods.
SIEM - Deployed out-of-band, SIEMs collect data that is generated from network tools’ event logs based on the traffic flowing through the tool and how it reacted. For devices that can’t generate event logs, the packet decoder on the SIEM can evaluate packet headers, identify errors, and create logs from locations logs are missing.
Next-Gen Firewall - Deployed inline, NGFWs have additional features beyond a traditional firewall, such as IPS, Anti-virus, and URL filtering capabilities.
Data Loss Prevention - Deployed inline, DLP is a solution consisting of hardware and/or software appliances designed to make sure that the files accessed by only those authorized. DLP can generate reports on what data is being used, drop connections if sensitive files are being shared incorrectly, and some can even actively remove sensitive information from the document in real time.
Web Application Firewall - While a firewall protects the network a WAF will protect servers running web applications by applying rules to HTTP traffic to protect against attacks like cross-site scripting and SQL injections.
SSL Decryption - SSL encrypts packets so that sensitive information cannot be gathered as it travels over the network or internet, protecting information like passwords, credit card information, bank account information, etc. In order for security tools to do their job, they need access to traffic in an unencrypted state.
These tools all need access to data in order to do their job effectively and that’s the role Garland Technology plays in defending a network from a malicious threat. Unlike SPAN ports, Bypass TAPs provide complete network visibility by passing all live wire data to active, inline security tools, while monitoring the device’s health. If your security tool goes off-line for any reason, the bypass TAP automatically switches to bypass mode, keeping your network link up while you resolve the issue.
We’re experts at security here at Garland Technology. In fact, my co-founder and Garland's CTO, Jerry Dillard, invented the original Bypass TAP, which led to our EdgeSafe™ Bypass TAP and EdgeLens® Inline Security Packet Broker. The failsafe technology that is part of every bypass product guarantees 100% network uptime, and lets your security tools see every bit, byte, and packet.®
[Interested in learning more? Download our whitepaper: What your network is missing? 7 Tools to TAP today!]