How pervasive traffic visibility can boost network security
- By Dennis Reilly
- Feb 24, 2015
The increase of data security breaches throughout government is not attributable to a lack of effort, tools or the desire to prevent them. Federal agencies and departments work diligently to comply fully with all cybersecurity mandates using a combination of monitoring, analytics and performance management tools. However, even the best tools are only as effective as the data they can see.
To be more efficient and effective, management tools need pervasive traffic visibility. With pervasive traffic visibility, government agencies will be much better equipped to meet cybersecurity mandates, avoid downtime, maximize investments and ensure that their networks are ready for future growth and subsequent challenges.
Pervasive traffic visibility can be achieved through an intermediate layer – typically called a monitoring fabric or visibility fabric – of hardware and software that sits between the network infrastructure of switches and routers and an agency’s network monitoring tools. A robust monitoring fabric will intelligently filter, correlate, normalize and deliver the appropriate traffic to the agency’s security, monitoring and management systems. Its flexible and elastic design will allow an agency to deploy the number of ports needed to meet current requirements. It leads to less downtime and a greater ability to react quickly to rapidly evolving environments – especially agile and sophisticated cybersecurity threats – allowing for streamlined management and improved agency performance.
This visibility is important because many government networks protect classified or privileged information with packet masking, which effectively hides information from view by writing over hex strings in the payload, guarding against internal threats and concealing secret data. And IT managers still must ensure that data traversing from the access layer to the data center is visible to all devices.
Furthermore, Gartner reported that in 2017 it expects that more than half of the network attacks targeting enterprises will use encrypted traffic to bypass controls, up from less than 5 percent today. With hackers hiding threats in SSL sessions that were once considered safe, uncovering attacks hiding in emerging threat sources is becoming an essential component of enterprise security.
As such, finding the right solution to protect government networks can be a challenge as many visibility offerings today are legacy-based, provide limited traffic visibility with few filtering capabilities, are difficult and costly to scale and manage and often require change orders or network downtime in order to adapt to the evolving network.
Pervasive and dynamic network visibility solutions address the monitoring challenges facing today’s government agencies by helping to:
- Bridge islands of physical, virtual and eventually software-defined networking (SDN) worlds with end-to-end visibility for tools across campus, cloud and service provider.
- Modify traffic out-of-band and add tools without impacting the production network.
- Control traffic to avoid oversubscription and ensure that the tools used to manage, analyze and secure the network receive the critical information they require.
- Reduce expenses by centralizing tools and simplifying management with a policy engine that enables parallel monitoring policies to serve multiple departments simultaneously.
Government agencies have the unparalleled challenge of protecting information as a matter of national security. Threats to government networks have increased exponentially, and there is no indication that this trend will slow. IT network and security teams at the federal, state and local levels are responsible for responding rapidly to incidents, keeping systems operational, monitoring for malicious material and information and maintaining confidentiality.
As such, the call for smarter and more effective network solutions is only getting stronger. With pervasive traffic visibility, federal managers have a powerful enabler that can ensure a sound IT security operation with lower costs and fewer resources.
Dennis Reilly is Vice President Federal at Gigamon.