How shocking would it be to learn that a dangerous intruder has been hiding inside your home for six months?
To make matters worse, you only find out after your neighbor tells you. What? That’s not only scary and more than just a little creepy; it’s hard even to imagine.
Yet, that is precisely what happens in many security breaches. The Ponemon Institute’s 2020 Cost of a Data Breach Report shows that it takes organizations on average 206 days to identify a breach and another 73 days to contain it. Unfortunately, many companies find out about a security breach from someone outside the organization, such as a customer, partner, or law enforcement.
Malware, viruses, and trojans can sneak into your network and go undetected by your security tools. Cybercriminals know that many enterprises cannot effectively monitor and inspect all SSL traffic, especially at scale as traffic increases. They’re banking on it, and too often, they win that bet. When security tools identify potential threats in the network, it’s not uncommon for IT and SecOps teams to experience ‘alert fatigue’ - something experienced by more than 80% of IT staff. Sumo Logic research reports that 56% of companies with more than 10,000 employees receive more than 1,000 security alerts every day, and 93% say they cannot address all alerts the same day. Cybercriminals are also aware of alert fatigue and count on IT to ignore many security alerts.
So, what can you do?
Solving the problem with inline security
Effective security monitoring requires end-to-end visibility into traffic across all network links, including virtual and encrypted traffic - without dropping data packets. Today, you have more traffic to monitor than ever. Globalization, the IoT, cloud, virtualization and mobile devices are forcing companies to extend their network edge, often to places that are hard to monitor, which can cause vulnerable, blind spots. The larger and more complex your network, the better chance you’ll experience network blind spots. Like a dark alley, these blind spots provide a place for threats to go unnoticed until it’s too late.
The best way to address risks and eliminate dangerous blind spots is to create an inline security architecture to immediately inspect and stop bad traffic before it ever enters your production network.
A robust visibility solution is the foundation of your security architecture since you need to quickly inspect the massive amount of data crossing your network to identify and filter packets for further analysis.
A network packet broker (NPB) is a critical component of an inline security architecture. The NPB is a device that optimizes traffic flow between a network tap or SPAN port and your network monitoring and security tools. A NPB sits between bypass switches and inline security appliances and adds another valuable layer of data visibility to your security architecture.
All packet brokers are not the same, so choosing the right one for optimal performance and security is essential. NPBs utilizing field-programmable gate array (FPGA) hardware accelerate the packet processing capabilities of the NPB and deliver full line-rate performance with a single module. Many NPBs require additional modules to achieve this performance level, increasing the total cost of ownership (TCO).
It is also essential to choose an NPB that provides intelligent visibility and contextual awareness. Advanced capabilities include aggregation, deduplication, load balancing, data masking, packet trimming, geolocation and tagging. With an increasing number of threats entering networks through encrypted data packets, also choose a NPB that can decrypt and quickly inspect all SSL/TLS traffic. Packet brokers can offload decryption from your security tools which reduces investment in high-value resources. An NPB should also be able to run all advanced capabilities simultaneously. Some NPBs force you to pick and choose features you can use on a single module which leads to investment in more hardware to fully utilize the capability of the NPB.
Think of a NPB as a go-between that helps your security appliances connect seamlessly and safely to ensure that they do not cause network failures. NPBs reduce the load on your tools, remove blind spots and help improve mean time to repair (MTTR) with faster troubleshooting.
While an inline security architecture may not defend against all threats, it will provide a clear vision and secure data access. Data is the lifeblood of your network, and sending the wrong data to your tools or, worse, missing data entirely because of dropped packets can leave you feeling safe and protected when you are not.