Network Attacks on the Rise
Networks are under persistent attack. Here are a few key points from the annual CyberEdge Groups Cyberthreat Defense Report 2019: “No organization is immune from attack. The percentage of organizations breached in the past year increased to 78% year-over-year. Worse, 32% of businesses reported being breached 6+ times in the last 12 months, up from 27% in the previous year.”
Network attacks take many forms such as phishing, ransomware, trojans, DDoS and other destructive malware. Motivations for these attacks are as disparate as the threats. Bad actors are perpetrating attacks for financial gain, political influence, competitive advantage and sometimes rage against the system. Whatever the motivation, hacking is a significant problem impacting productivity and costing organizations billions of dollars every year. Despite all this troubling news, there is progress being made to combat network attacks.
Many Specialized Security Tools Being Deployed
The growth in criminal attacks on networks is paralleled by significant growth and technological advances in the cyber security appliance industry. There are many specialized network tools that help reduce the threat landscape, identify and block attacks. Data Loss Protection appliances connect to links and block attempts to download information of a predetermined profile such as a Social Security number or employee identification number. Advanced Next Generation Firewalls provide Intrusion Detection blocking known and some unknown threats before they can access network resources. Network Analytics platforms create models, test and identify security vulnerabilities. Secure ID appliances provide two factor authentication for network users. Encryption appliances keep data safe from prying eyes. AI and machine learning technologies are making advances processing millions of security events, filtering out false positives and creating actionable reports for quick action by security professionals. New predictive analysis technologies identify known threats as well as likely unknown threats comparing normal traffic patterns against certain anomalies. Advanced network monitoring appliances provide traffic flow visibility and analysis.
Deployment Risks of Multiple Appliances
Networks are moving away from centralized architectures. Cloud, hybrid-cloud and remotely hosted applications are driving business activity. Interconnection between users and the remotely hosted information they seek requires multiple links to the internet, corporate intranets, data centers and cloud carriers. It is not economically feasible to attach every security appliance directly to every single network link. Further, multiple appliances that are directly connected to a link will impact the reliability and availability of the network. Each appliance represents a potential failure point. Managing maintenance windows becomes more difficult as more appliances are deployed. This is because each time any appliance is taken off line for maintenance or update, the link needs to be taken down.
For each device that is installed serially on a link the overall link reliability and thus, availability, is degraded. For example, one unit with a reliability factor of .999 on a link will be down about 8 hours per year. However, when three units with a .999 reliability factor are deployed on the same link, the overall reliability impact on the link degrades to .997 or about 26 hours per year. As more specialty appliance are added, the overall reliability continues to degrade.
Critical Role of TAPs
TAPs are independent devices that connect network security and monitoring appliances to network links safely and securely. Network traffic flows into the TAP. A mirror copy of the traffic is then passed on to an appliance that is also connected to ports on the TAP. While the mirror traffic is passed to the appliance, live network traffic continues to pass back into the network without significant delay. TAPs also provide network fail-safe technology which will keep network traffic flowing even if power to the TAP or connected appliance is lost. Therefore, multiple security appliances can safely be connected to links using TAPs without impacting reliability or availability of the live network.
TAPs can be deployed out-of-band or in-line. Monitoring appliances generally use out-of-band mode which, as noted above, sends a mirror copy of the data to the appliance for analysis but does not interact with live data. Deploying TAPs in-line means that live data travels from the TAP through the appliance and then back into the live network. This method allows security appliances to interact real time with live data allowing the appliance to immediately isolate and block malware before damage is done to the network. In-line TAPs automatically by-pass an appliance if it is taken off line for any reason. This feature keeps live traffic flowing even if an appliance is down simplifying maintenance windows and troubleshooting.
Advanced features that are found in intelligent TAPs offer aggregation, filtering and port mapping. These features also provide economic efficiencies allowing flexibility in determining traffic flows to the appliances. By aggregating underutilized links, appliances can support multiple links providing CAPEX savings. Filtering unneeded traffic also lessens the traffic burden on appliances allowing more efficient operation and faster response times to threats. Port mapping provides a simple method of directing traffic from the TAP to the appliance and back into the network.
When developing a network protection strategy, it is important to deploy the right monitoring and security appliances. It is critical, however, to include TAPs in the architecture plan from the beginning. Appliance connectivity with TAPs will allow maximum protection and budget discipline without compromising network reliability or availability.