Security appliances have never been as important in the business world as they are now. Cyber crime is increasing at an alarming rate and CISOs at companies of all sizes are rushing to implement the latest and greatest security solutions. One of the biggest stumbling blocks they inevitably run into mid-project is the network connection piece.
When a CISO runs into your office and demands to know why the brand new intrusion detection system isn’t in place yet, what are you going to say?
Typically, security teams wait until the last minute before they realize they need a network architect to provide them with access to the traffic flows. To help mitigate delays and ensure they can properly feed the next device, network architects need to get more proactive about providing security teams with the connectivity they need to quickly and easily deploy new security appliances.
To enable scalability for your security programs, you need to consider visibility from the start. That means ensuring that new and existing security appliances have access to every bit, byte and packet from key points in the network. More importantly, you need to ensure that those devices will be able to handle the increased traffic levels that they will undoubtedly see in the future. Let’s take a look at what that means from a network architects perspective.
Failure of SPAN Ports
Using SPAN ports to connect security appliances is always a bad idea. They are an ineffective means of connectivity—especially if you’re trying to ensure program scalability. Almost every network is dealing with rising traffic volumes, be it from increased use of mobility solutions, HD video or high-bandwidth applications. This has serious implications for security programs that access the traffic flows via SPAN ports because they drop packets when loads increase and they have to deprioritize their “copy and send data” functions.
If your security appliances aren’t seeing 100% of network traffic, they are essentially useless. Not only that, but any given switch has a limited number of SPAN ports, so as you try to plug more appliances in, you must choose which appliances have to be unplugged to accommodate the new solution. With cyber security threats becoming so dangerous, you don’t want your architecture to force anyone to make this choice.
Network TAPs are the only way to ensure security appliances have 100% network traffic visibility at all times, regardless of scale. Because they are purpose-built boxes, their only function is to copy network traffic and relay it to connected appliances. The only question is—how are you going to design your network to support this visibility?
Considering In-Band and Out-of-Band Security Appliances
When rethinking your network design for scalability, you must consider the needs of both in-band vs. out-of-band security appliances.
In-band security appliances are placed directly in the flow of your network traffic to identify suspicious communications and actively remove them from passing into the company’s networking environment. Appliances in this category include firewalls, next-gen firewalls, intrusion prevention systems (IPSs) and more. While these appliances offer great security and functionality, they can often introduce performance bottlenecks or points-of-failure in the network when implemented incorrectly. A bypass network TAP ensures that these devices have full visibility and that there is no disruption in traffic flows once they have been altered.
Out-of-band appliances, on the other hand, sit outside of the flow of traffic. Think of these as your long-term visibility tools, collecting and storing network data for further analysis at any point in the future. These appliances include various forensic tools, intrusion detection systems (IDSs), advanced threat detection and more. Use passive network TAPs with load balancing capabilities to ensure that these devices capture 100% of the data.
To be effective, these security devices need data from multiple points in the network to fully understand the nature of the problem (before and after a firewall; before and after web servers; throughout the data center; etc.) Placing network TAPs in multiple places and aggregating traffic flows for each application is the easiest way to provide your company with end-to-end visibility into your infrastructure as a whole.
Set Yourself Up for Success from the Start
To ensure the scalability of any security strategy, you need to build visibility into the network design from the ground up. In practice that means providing access points throughout the network—access points that deliver 100% of the traffic data to each device. Installing network TAPs with multiple ports provides the flexibility you need to support any security appliance your company wants to deploy. Now, when your CISO comes bursting into your office asking about the new next-gen firewall deployment, you can have it up and running in no time.
If you want to learn more about architecting a network that make security scaling easy, download the Planned Visibility: Network Architecture Tips for Supporting Security and Monitoring Solutions from the Start white paper. Discover where to deploy the network TAPs for the ultimate scalable network security system.
