<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2975524&amp;fmt=gif">
BLOG

Cost of Flawed Network Infrastructure Design Rising in 2015

April 8, 2015

The cost of designing your network infrastructure with imperfections has been steep over the last few years. Without complete network visibility – stemming from specific design flaws – most organizations are failing to competently secure their networks.

These weaknesses have led to a systemic problem regarding security breaches and data loss. Despite the already eye-opening costs of network security issues, in 2015, those cost are growing to unprecedented levels.

Security threats have become more and more frequent. In fact, detected security breaches increased by 66% from 2013 to 2014. That staggering number has been the crux of impending change in the landscape of network security and the consequences of flawed network infrastructure design.

As a network engineer, your costs are no longer strictly financial.

Legislation Increasing the Cost of Network Security Issues

As the person in charge of an organization’s network security, you face an increasingly challenging landscape, but also more costly ones.

 While the events of the past few years were reason enough to rethink your network infrastructure design, 2015 is the year in which the United States is going to scream for change.

To date, 47 states have enacted legislation that further raises the cost of network security issues, and even a single security breach. If attackers capture personally identifiable information, you’ll soon be required to notify each individual affected by your lapse in network security.

The accountability of a data breach also falls directly on network engineers. All 50 states are likely to have legislation in place by the end of the year.

In addition to these pending network security compliance laws, many federal agencies are going to have the ability to levy fines for the loss of personal, health and other information. These agencies include the FCC, HHS and FTC.

So, what do all of these coming changes mean?

It means you must address the greatest and most prevalent flaw in network infrastructure design: the use of SPAN ports.

You Can’t Gain 100% Network Visibility with SPAN

The SPAN port is the root cause of network visibility issues, and thus, the cause of most network security issues.

You simply can’t rely on SPAN to give you complete insight into the activity in and outside of your network. What then is the key to sound network infrastructure design? What must you rely on? A network TAP.

TAPs provide a complete picture of your network activity. They give you immediate and complete visibility into your network. Also, unlike the SPAN port, the network TAP is unable to be physically hacked. It has no IP address. A TAP provides a network security perimeter that detects security threats not only from the outside, but also from inside your network.

Despite the benefits of network TAPs, many choose SPAN ports for their cost (more on that in our next blog). But, what few consider is the financial toll of a security breach. Consider this: The average cost of a network TAP is less than 1% of the average cost of a security breach.

If you fear asking for a slight bump in your budget to pay for TAPs, you’re thinking shortsightedly. You’re not choosing between network TAPs and SPAN – you’re choosing between a conversation about budget and the reason your network was hacked and data lost.

To learn why using a TAP is your only viable way to get full and real time network access, download the free whitepaper on TAP vs. SPAN

New Call-to-action

See Everything. Secure Everything.

Contact us now to secure and optimized your network operations
Contact Us

Heartbeats Packets Inside the Bypass TAP

If the inline security tool goes off-line, the TAP will bypass the tool and automatically keep the link flowing. The Bypass TAP does this by sending heartbeat packets to the inline security tool. As long as the inline security tool is on-line, the heartbeat packets will be returned to the TAP, and the link traffic will continue to flow through the inline security tool.

If the heartbeat packets are not returned to the TAP (indicating that the inline security tool has gone off-line), the TAP will automatically 'bypass' the inline security tool and keep the link traffic flowing. The TAP also removes the heartbeat packets before sending the network traffic back onto the critical link.

While the TAP is in bypass mode, it continues to send heartbeat packets out to the inline security tool so that once the tool is back on-line, it will begin returning the heartbeat packets back to the TAP indicating that the tool is ready to go back to work. The TAP will then direct the network traffic back through the inline security tool along with the heartbeat packets placing the tool back inline.

Some of you may have noticed a flaw in the logic behind this solution!  You say, “What if the TAP should fail because it is also in-line? Then the link will also fail!” The TAP would now be considered a point of failure. That is a good catch – but in our blog on Bypass vs. Failsafe, I explained that if a TAP were to fail or lose power, it must provide failsafe protection to the link it is attached to. So our network TAP will go into Failsafe mode keeping the link flowing.

Glossary

  1. Single point of failure: a risk to an IT network if one part of the system brings down a larger part of the entire system.

  2. Heartbeat packet: a soft detection technology that monitors the health of inline appliances. Read the heartbeat packet blog here.

  3. Critical link: the connection between two or more network devices or appliances that if the connection fails then the network is disrupted.

NETWORK MANAGEMENT | THE 101 SERIES