<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2975524&amp;fmt=gif">
BLOG

Securing Data from Data Center to the Cloud

March 12, 2019

Technician walking in hallway of server room

In 2019, it’s understood that threats are everywhere, both from external sources (think hackers) and internal employees (accidental or not).  Securing the network against these threats is the biggest challenge for CISOs and network managers, as confidential information is now stored on computers, laptops, smartphones and tablets, across multiple data centers, and in public and private clouds. So how do you go about securing that data across multiple platforms?

 

Security Across Multiple Platforms Starts with Complete Visibility

In order to secure confidential data on various platforms, the push for complete network visibility, both on-prem and in the cloud, needs to be a priority for both network and security teams. This should be a joint initiative by both SecOps and NetOps, as security related incidents are two of the most common complex IT performance issues.  Without complete visibility, it is very difficult to effectively monitor and secure a network, as you might only have a window into a certain portion of the network. If the breach or performance issue is not occurring where you have pre-established visibility, it will take much longer to come to a resolution.

Read EMA's Best Practices for Building A Network Visibility Fabric!

 This issue is compounded by the fact that most networks are becoming increasingly complex, with on-prem data centers, and both public and private cloud networks all storing different types of data.  Cloud services remain the hardest platform to ensure visibility into, and thus secure, since traditional performance monitoring and security tools were not built with cloud in mind.

According to a recent EMA research report, 60% of network managers say that they will need to purchase additional monitoring tools in 2019 to use for their cloud infrastructure. With these new tools, it’s important to make sure that they don’t act in a silo; rather you want all security and performance monitoring tools to work cohesively together, building a complete 360° view of visibility to protect the network.  

That’s why Garland Technology offers solutions that enable network visibility into on-prem and hybrid cloud networks. Our best-in-class Network TAP and purpose-built packet broker solutions ensure that regardless of the complexity or location of your network, the security and performance monitoring tools that are vital to identifying and mitigating network performance issues, have access to the necessary network traffic.

Visibility will remain a common theme we keep hearing throughout the rest of 2019. After all, if you can’t see what’s going on in your network, you can’t monitor it, and you certainly can’t protect it.


[Want to learn more about building complete network visibility? Read our latest whitepaper from the analysts at EMA on Best Practices for Building a Network Visibility Fabric.]

See Everything. Secure Everything.

Contact us now to secure and optimized your network operations
Contact Us

Heartbeats Packets Inside the Bypass TAP

If the inline security tool goes off-line, the TAP will bypass the tool and automatically keep the link flowing. The Bypass TAP does this by sending heartbeat packets to the inline security tool. As long as the inline security tool is on-line, the heartbeat packets will be returned to the TAP, and the link traffic will continue to flow through the inline security tool.

If the heartbeat packets are not returned to the TAP (indicating that the inline security tool has gone off-line), the TAP will automatically 'bypass' the inline security tool and keep the link traffic flowing. The TAP also removes the heartbeat packets before sending the network traffic back onto the critical link.

While the TAP is in bypass mode, it continues to send heartbeat packets out to the inline security tool so that once the tool is back on-line, it will begin returning the heartbeat packets back to the TAP indicating that the tool is ready to go back to work. The TAP will then direct the network traffic back through the inline security tool along with the heartbeat packets placing the tool back inline.

Some of you may have noticed a flaw in the logic behind this solution!  You say, “What if the TAP should fail because it is also in-line? Then the link will also fail!” The TAP would now be considered a point of failure. That is a good catch – but in our blog on Bypass vs. Failsafe, I explained that if a TAP were to fail or lose power, it must provide failsafe protection to the link it is attached to. So our network TAP will go into Failsafe mode keeping the link flowing.

Glossary

  1. Single point of failure: a risk to an IT network if one part of the system brings down a larger part of the entire system.

  2. Heartbeat packet: a soft detection technology that monitors the health of inline appliances. Read the heartbeat packet blog here.

  3. Critical link: the connection between two or more network devices or appliances that if the connection fails then the network is disrupted.

NETWORK MANAGEMENT | THE 101 SERIES