It was a dark and stormy night. The CIO is in a deep sleep. The phone rings. It is just a dream. The ringing persists. The mind can not extinguish the ringtone. As consciousness gathers, the nagging realization is that this is not a dream. It is not a dream. Upon fumbling for the phone the subject groggily answers, “Who is this?” The voice on the phone sounds familiar. It is the night shift NOC manager. Her words are startling, “We have a problem!”
This is the CIO's nightmare. The problem is that often it is not just a bad dream. At the 2023 World Economic Forum in Davos, Switzerland, Sadie Creese, a Professor of Cyber Security at the University of Oxford said, “There is a gathering cyber storm. This storm is brewing and it’s really hard to anticipate just how bad that will be.” An expanding attack surface from growth in IoT devices, criminals attacking smaller organizations, geopolitical conflict, and Malware-as-a-Service are a few reasons that experts predict dramatic growth of network attacks in 2023.
Being aware of the traffic that traverses network links is foundational to being able to identify unauthorized and unwelcome traffic. Many tools capture and report on network activity. These tools are safely connected using TAPs that provide a mirror image of traffic to monitoring tools for diagnostics and reports. Passive monitoring, however, can not block malware attempting to penetrate the system.
V-Line or Bypass Switches are a type of TAP that monitors live traffic inline, in real-time. This differs from passive monitoring. Security tools connected to bypass switches are connected directly to the line of traffic. In other words, live traffic passes through the bypass switch, through the tool, back to the bypass switch, and then back into the network. The traffic seen by the connected tools is live traffic, not a mirror copy of live traffic. This allows the tools to block, modify or delete traffic that does not pass its policy requirements. So, rather than identifying and reporting on malware, tools connected inline through bypass switches can stop attacks before malware is implanted in the network.
There is a good reason why we connect inline security tools to links through a bypass switch. If these tools were connected directly to links passing live traffic, the link would go down if anything happened that took the tool offline. Connecting inline tools through a bypass switch protects live network traffic in the event of a problem with the tool.
Heartbeat is the critical tool of a bypass switch. The bypass switch sends a periodic heartbeat to the tool. The tool, if everything is operational. returns the heartbeat. As long as this handshake continues, everything remains normal operation. If for any reason, the bypass switch does not receive a heartbeat signal from the tool, the bypass switch will send live traffic directly back into the network rather than passing it through the tool. This heartbeat feature allows wide use of inline security tools without sacrificing network reliability or availability. If this sounds a little confusing, there is a more detailed description with diagrams of the traffic flow through the Network Critical V-Line Bypass TAP here: https://www.networkcritical.com/bypass-taps
When considering connecting security tools with a bypass switch, the heartbeat is critical to keeping live traffic flowing through the network. However, if the security tool stops sending a heartbeat to the bypass switch and the security tool is bypassed, the network is temporarily unprotected. Once the tool is back online, security enforcement is returned.
While this period of time is short and random, many network managers do not want to risk any time when the network is open to attack. Network Critical has devised a bypass architecture to solve both the #security and availability issue with the V-Line Bypass TAP. Using redundant tools and redundant ports on a V-Line Bypass TAP, the security tools can be set up in an active/standby mode. The link traffic will flow through the V-Line Bypass TAP to two identical security tools. One tool will be designated as the active tool. That tool will be reading and processing active network traffic. According to the pre set policy, the tool will allow authorized traffic and block potential malware. Traffic will also pass through the standby tool but no action will be taken by that tool as long as the active tool is online. If the active tool fails to return a heartbeat from the V-Line Bypass TAP, that tool is bypassed and the standby tool automatically takes control of live traffic until the heartbeat is re-established by the active tool.
This redundant tool architecture is fully automatic requiring no human intervention. Network security is never compromised because when one tool goes offline, the secondary tool protects live traffic and maintains network reliability and availability.
Sacrificing availability for security or security for availability is not a choice that needs to be made. Network managers can have both. For more information on the V-Line Bypass TAP or to talk to a network security expert, go to www.networkcritical.com/contact-us.
