Every security architect is facing the same problem today—pack more in-line security appliances into the stack on a limited budget.
However, the challenge goes deeper than simply adding DDoS protection to your existing intrusion prevention system (IPS).
Business applications are moving to the cloud and security architects must prepare for a new reality where their appliances exist at the edge of the network. With an increasingly complex network edge comes the need to chain multiple in-line security appliances between the same two network elements.
If this wasn’t difficult enough, security budgets must contend with inevitably increasing network speeds. As network speeds increase, security architects need a more budget-friendly way to connect devices at the edge—with the EdgeLens® packet broker, you can address complex edge management needs without overspending.
Security teams and networking staff have been at odds with each other since the early days of the firewall itself. Today, price differences between networking equipment and security appliances make the typical miscommunication a costly challenge for security architects.
Consider a Cisco shop currently running 1G fiber at the edge of the network. Because 10G switches and routers are so affordable, the engineering team might make the shift to 10G without ever informing the security staff. Unfortunately, upgrading security appliances is far less affordable.
Pricing obviously varies depending on the vendor and type of appliance, but you can expect 10G security appliances to cost upwards of 10 times more than the 1G appliances you currently have in place. And with 2, 3 or even 4 active in-line appliances on just one link at the edge of the network, even the largest enterprises aren’t likely to have the budget for a mid-year 10G upgrade.
The key to adapting to a 10G shift mid-year despite having a limited budget is to make the most of your current appliances and load balance at the edge.
The following is an example of how you can use load balancing to connect your 1G Imperva SecureSphere Web Application Firewalls (WAFs) on a 10G link:
Here, you see an EdgeLens packet broker with 12 ports. Traffic comes in from the 10G link between a router and a switch and is copied to two out-of-band solutions, a forensics application and Wireshark. The traffic is then load balanced across 4 separate SecureSphere WAFs.
This use case helps ease budget concerns because instead of getting rid of your old 1G WAFs entirely, you can simply buy 2 or 3 new 1G solutions and actively monitor 10G links without actually spending tens of thousands of dollars on an actual 10G device. The savings on the hardware itself can help any security team—but the money you save on annual licensing fees by purchasing 1G solutions instead of 10G solutions can pay for the new hardware in just a couple of years.
The EdgeLens load balancing use case is also important for networks that have shifted to 10G, but don’t actually utilize all of that bandwidth at the edge. If your link is only utilizing 6G of traffic, you can simply connect 1G in-line appliances through the EdgeLens until you match the 6G utilization.
The main challenge for any security architect, first and foremost, is to defend the enterprise network against growing cyber threats. However, budgets are tight and ensuring the network is secure requires strategic management of the network’s edge.
[If you want to learn more about how to secure today’s hybrid networks that function at the edge, download our free white paper, Managing the Edge of the Network—A New Necessity for Security Architects.]