Networks are getting faster in order to meet increasing demand for new services and applications. IoT is connecting everything under the sun to the internet. Workers are using personal devices and private internet access to work from home. Mega-vaccination sites are creating mega-web sites with millions of potential users for vaccination appointments and follow up. Telemedicine is replacing in person doctor visits. These changes are not evolutionary. They are happening in immediate time and require immediate action.
Expansion is Just the Start
Carriers, cloud providers, enterprise networks are all increasing network speeds and bandwidth at breakneck speed. Adding fiber and new, faster switches is only the beginning. The next question to ask is, “How are we going to monitor and secure our network at 25/40/100/400Gbps. Most monitoring and security tools are not capable of opening, analyzing and reporting on every packet passing through a link at 100Gbps and beyond. Therefore, after the network upgrade, a complete cybersecurity analysis and potential upgrade must take top priority. Here are some thoughts on upgrading network security to match upgraded speeds and bandwidth.
In-Band Versus Out-of-Band
Developing a robust security architecture requires different types of specialized tools to be connected to network links. Some tools are designed to receive a copy of network traffic and report on traffic anomalies. Monitor tools like SiLK capture and analyze traffic flow information. Security Information and Event Management (SIEM) tools are designed for threat detection, analysis and reporting. Networks may have multiple types of these out-of-band security devices capturing, analyzing and reporting on network traffic. Out of band tools are generally connected to network links using a TAP that connects to the link, makes a copy of the traffic and sends it to the tool for analysis. Live traffic is not impacted by monitoring out-of-band traffic.
Another category of cybersecurity tool perform in-band, or directly in line with live traffic. Rather than capture a copy of network traffic, in-band tools analyze live traffic in real time and take immediate action if issues are detected. A few examples of in-band security tools are firewalls, Intrusion Prevention Systems, SSL Proxy devices. Because in-band tools are designed to see and act on live traffic they must be positioned directly on network links. If in-band tools are taken off line for any reason, the network link goes down. Therefore, specialized TAPs are used for connecting in-band devices that allow for by-pass of an out of service tool, thus keeping the live traffic flowing.
Many networks use a combination of out-of-band and in-band monitoring and security tools. Some reports suggest that an average enterprise network may use seven or more tools per link to monitor traffic and protect the network. Of course, it is not only cost prohibitive to directly connect seven or more tools to every link in the network. Beyond cost, each directly connected tool has a negative impact on the overall system reliability and network availability.
Best of Both Worlds
As networks become faster and more complex, the number of specialized tools used to protect against malicious attacks is growing. The solution to provide both protection and reliability is the use of intelligent ethernet TAPs for connecting both out-of-band and in-band tools to network links. As you can see from the diagram, only the TAPs actually connect to the network links. Therefore, any issues with the tools themselves, will not impact network availability.
The diagram shows an example of a complex network utilizing both types of TAPs to connect in-band and out-of-band tools. Depending on the type of TAP used and available ports, many security and monitoring tools may be safely deployed with this method. Network TAPs also provide fail-safe protection keeping traffic flowing even if power is lost to the TAP. Some intelligent ethernet TAPs, such as the SmartNA family from Network Critical also provide advanced features such as port mapping, filtering and aggregation to save CAPEX on tool purchases. By filtering unnecessary traffic, these TAPs can allow multiple links to be managed by a single tool. In the reverse, aggregation allow multiple underutilized links to be connected to a single tool. For the most complex networks, packet brokers can be used to manage tool and TAP connections at the highest speeds.
Cyber criminals have many tools to attack security vulnerabilities. Phishing, Ransomware, DDOS, malware planting and information theft are only a sampling of the threats knocking on network doors. Fortunately, network managers have a large and growing portfolio of network protection tools that allow resource availability to authorized persons while keeping the bad actors at bay. For more ideas and information about safely connecting network security tools, contact Network Critical.