Garland Technology ensures complete packet visibility by delivering a full platform of network TAP (test access point), inline bypass and packet broker products.
Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.
Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.
The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners
Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.
Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.
Whether you are ready to make a network TAP your foundation of visibility or just have questions, please contact us. Ask us about the Garland Difference!
Enterprises are in the early stages of migrating to the Cloud. As they migrate, the initial cybersecurity focus tends to be on compliance and reducing the potential attack surface. As the migration evolves, the focus may expand to securing Identity and Access Management (IAM) policies, Simple Storage Service (S3) buckets and so on.
What tends to get lost in cloud migrations is visibility. Visibility is the key to cybersecurity and must be accounted for in cloud migrations. The network visibility concept is the same whether you have a virtual or on-prem deployment. There is only a single source of truth of what's going on inside your network — and that single source is your packets. And every security strategy and tool used to protect your organization, must be architected with that ‘source of truth’ in mind.
Let’s review threat hunting concepts, best practices to ensure your threat surface is well guarded, and the challenges of visibility in Cloud Environments.
There's a lot of misconception about the Cloud being secure, and I think that misconception comes from the fact that you don't touch a lot of those components in the Cloud. Many customers may come into the Cloud thinking that they don't need to apply certain security practices, because they assume it's already secure. We need to consistently educate people on the fact that it is a shared responsibility model.
A Cloud provider has to secure the physical element of the network, who is provided access into their data centers, servers and switches. As a Cloud consumer, you have to look at what you are deploying, what are you using and what are you configuring.
You have to think about access to your devices, whether it's public facing web servers, database servers, what ports and protocols you allow. Also, you have to focus on security all around from software patching and authentication to protocol access and port access.
Especially when access is open to the public, it leaves the window open for threats masquerading in the traffic. So it's very important to understand what you're responsible for and being in the Cloud doesn't absolve you from any security practices.
The goal of an effective hacker is not to come in and wave a flag that they’ve conquered your network. A hacker’s goal is to infiltrate your network and sit around and watch what's taking place. To gather data without you knowing. And most successful hackers will have been in your network for some time, days, weeks, or months without you knowing.
Two of the tools used in cloud environments to combat this are ‘Incident Response’ and ‘Threat Hunting’ or Network Detection and Response (NDR) solutions.
Incident response is a reactive cyber security procedure that helps identify, investigate and respond to potential incidents that tries to minimize impact and ensures as rapid of recovery as possible. When an incident triggers a set alert, you're looking through the data to discover what happened, and is it still happening.
Threat hunting is a proactive approach where you start from a hypothesis and determine what possible vulnerabilities do I have in my environment. Then collecting data from the network and datasets to validate or invalidate that hypothesis.
For both Incident Response and Threat Hunting, data is the fuel needed to drive the solution. If you need to do any form of reasoning with Threat Hunting, you need a lot of very high density, high signal to noise ratio data. Having the ability to access data efficiently and having the advanced query capabilities and log management to be able to correlate this data for anomalous detection is very important. And a good InfoSec team will use this data to figure out whether something is malicious, or if something is just non-complaint in that environment and then be able to take any action if needed.
Successful Threat Hunting and Incident Response in cloud environments require proper visibility and IT Teams need to understand exactly what they are responsible for securing. And part of the responsibility model that tends to get overlooked is providing visibility to the various security solutions.
Every Cloud provider has hundreds of services, and it gets complicated fast. A cloud provider may provide visibility in the form of in-depth log-ins available, but the challenge is the scale, aggregation and deeper insight. An example, some providers have you turn on functions like logging manually. A SecOps engineer may have to ensure logging functions are always on, and that attackers can’t maliciously turn them off. This becomes a scale problem. The other problem is aggregation of logs, as some of these services are sending their logs to an Azure security center.
This applies to the many different services within the platform. Data ‘normalization’ is important because you want to have your traffic in a structure that your organization is used to viewing. You can't have a different structure here, a different structure there. It slows down your efficiency. It slows down your ability to be proactive when the data is not normalized.
And unfortunately all Cloud environments face varying challenges to achieve packet visibility, as applications are becoming smaller, more lightweight, they're containerized and flexible. Most public Cloud providers either have some form of limited native vTAP visibility options like AWS, or no option at all, as Azure currently does not.
We hear stories from our partners all the time, with customers trying to ‘MacGyver’ their cloud visibility solutions, using packet captures and hosts in TCP dump and Net Mont, or other combinations. None of this is an ideal solution. They inevitably run into network blindspots, and that’s typically when they bring Garland in.
Modern Cloud visibility solutions like Garland Prisms provide access to VM based traffic. It provides visibility into East West container and Kubernetes base traffic and gives the flexibility that allows teams to bridge that hole that they may have in Azure or AWS to deploy Network Detection and Response (NDR) solutions in various cloud environments. Effectively normalizing data so the single source of truth is architected in, providing you security strategy and tools visibility, scalability and aggregation needed to protect your organization.
Threat Hunting and Incident Response is the future of modern cloud security strategies. In order for these strategies to be successful, packet visibility in both the on-prem and the cloud remains the single source or truth of what is going on inside your network.
Looking to add visibility to your cloud deployment, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do!
Neil is a Systems Engineer at Garland Technology focusing on customer challenges with network visibility such as resilience, interoperability, and integration into data center topology. Wilkins is a seasoned network professional with 30 years of experience globally within the computing industry, in product marketing and technical support, for both the commercial and public sectors