<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2975524&amp;fmt=gif">

Visibility Solutions

Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.

Resources

Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.

Blog

The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners

Partners

Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.

Company

Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.

Contact

Whether you are ready to make a network TAP your foundation of visibility or just have questions, please contact us. Ask us about the Garland Difference!

Case Study: Financial Services

Simplify security stack, while providing threat prevention optimization and analysis

Expecting a PDF?

We created this case study as a web page for better mobile optimization and accessibility. If you'd still like a PDF version of this use case, you can download it here: 

The financial services industry experiences 35% of all data breaches,1 and are 300 times as likely as other companies to be targeted by a cyberattack.2 With the average cost of cybercrime per company in financial services around $18.5 million,3 financial institutions spend an average of .3% of revenue and 10% of their IT budget on cybersecurity.4

Financial services IT SecOps teams are battling this high breach volume trying to protect not only financial loss but sensitive consumer data and the company reputation. And in this battle, the SecOps teams are better at detection than prevention, as the financial services industry is more “effective in detecting (56%) and containing (53%) cyberattacks than in preventing attacks (31%).”5

Challenge

So this is why, one of the world’s largest investment companies, who specialize in mutual funds, exchange-traded funds (ETFs), financial planning and asset management came to Garland Technology looking to optimize their threat prevention strategy. 

With the proper security tools in place, this company wanted added assurance that the inline web application firewall (WAF) tools they had in place were properly preventing possible threats. 

This solution focused on their WAF, which filters, monitors, and blocks HTTP traffic. WAFs are considered different from a traditional firewall, in that a WAF is focused on filtering specific web application content, while regular firewalls serve as a safety gate between servers. WAFs inspect HTTP traffic to prevent attacks stemming from web application security flaws, such as SQL injection, cross-site scripting (XSS), file inclusion, and security misconfigurations.

Goal

Gain visibility into their security deployment, including the performance of the tool, ensuring all inline tools are optimized properly, and having the capability to trouble-shoot each device, while addressing if the tools are missing packets and threats or are straining network performance creating unneeded latency. Ultimately to ensure the WAFs are properly filtering specific web applications, anomalies, and threats.

Solution

Garland’s engineering team worked with the IT team to design a connectivity architecture that solved all of their challenges and provided value they weren’t expecting, leading them to expand this use case throughout their enterprise.

The EdgeLens® Inline Security Packet Broker transformed their network security capabilities with the “Historical Look Back” solution, which captures traffic before it goes into the web application firewall and after, sending both copies of data to performance monitoring tools, providing ultimate visibility coverage. This solution also simplified their security stack by providing the added capability to manage multiple inline and out-of-band tools from one device, while ensuring bypass resilience.

Historical Look-back

Before and After Optimization & Validation - Allowed them to analyze the WAF performance to see if it is configured properly or if it may be missing the threat, by analyzing packet data before and after the inline device to ensure optimal tool performance to validate any updates or troubleshoot why threats weren’t blocked.

Before and After

Diagram 1: Sends copies of traffic taken before and after the inline appliance to packet capture, forensics or network analyzers

This solution captures traffic before it goes into the inline tool and after -- sending both copies of data to out-of-band packet capture, storage and analysis tools. This allows teams to look deeper into traffic anomalies, as well as tool and network performance to properly validate updated or optimize configurations to ensure the device is properly blocking and filtering.

Historical Lookback EdgeLens

Diagram 2: EdgeLens easily configures the historical look back solution

Look-back Forensics - If active blocking failed to stop a threat, they now have the ability to analyze breach forensics from the collected traffic. By sending traffic to out-of-band packet capture, storage and analysis tools the traffic from your inline IPS, Firewalls and WAFs tools, you are able to look back for post breach analysis.

Historical Look-back allows you to:

Capture network traffic, without loss, at full line rate

Easily correlate events generated by PCAP data

Validate changes or updates that your tool is configured properly

Increase efficiency of inline and out-of-band tools

 Facilitate the time-critical workflow for security incident response

Enables forensic timelines of days/weeks/months

Enable root cause analysis

Extracted PCAP data may be presented as evidence in court as “chain of custody”

Enable real-time security proof-of-concept evaluations without impacting the network

Simplified Security Stack

This solution provided an easy, hardware base chaining solution, that allows you to manage multiple inline and out-of-band tools individually, between  multiple network segments from the same device, while also providing bypass resilience. If one of the tools in the chain can’t keep up, load balance to the other tools 1:1 or 1:N (one to many) tools.

The inline bypass function checked the health of their WAF devices, providing “inline lifecycle management” which allows you to easily take tools out-of-band for updates, installing patches, maintenance or troubleshooting to optimize and validate before pushing back inline. If the device is not active, they have the options to either implement a high availability (HA) solution, switch over to the secondary WAF, or skip over it and just allow the network to continue to run, without having to bring down the link.

EdgeLens-Inline-Security-Packet-Broker-load-ballance

Diagram 3: EdgeLens manages both active inline and out-of-band tools

Benefits

  • Distribute traffic before and after an inline tool (WAF, NGFW, or IPS) to out-of-band tools
  • Simplify security stack and reduced network complexity by managing multiple inline tools
  • Provide filtering, aggregation, and load balancing to inline links
  • Reduced risk of unplanned downtime
  • Network resilience - flexibility to bypass the tool and keep the network up, or to failover to a High Availability [HA] solution

 

1-2016 Data Breach Investigations Report by Verizon Enterprise
2-https://www.bcg.com/d/press/20june2019-global-wealth-report-222692
3-Cost of Cybercrime Study in Financial Services: 2019 Report by Accenture
4-https://www2.deloitte.com/us/en/insights/industry/financial-services/cybersecurity-maturity-financial-institutions-cyber-risk.html
5-https://www.prnewswire.com/news-releases/synopsys-and-ponemon-release-new-study-highlighting-software-security-practices-and-challenges-inthe-financial-services-industry-300894781.html

Contact Us Today!

Interested in adding an EdgeLens Inline Security Packet Brokers to your deployment?