Management BYOD Infrastructure IoT Storage Security Privacy

Current Filter: >>>>>>

PREVIOUS

   Current Article ID:5662

NEXT



Visibility: software defined

Editorial Type: Opinion     Date: 07-2015    Views: 1600   





Johnnie Konstantas, director of security solutions at Gigamon, makes the case for a single view of network traffic in the context of improved security

Cyber security is undergoing a transformation precipitated by extensive and evolving threat complexity. The scale and magnitude of data breaches points at diminishing security technology effectiveness and it is sending both security vendors and architects back to the drawing board, encouraging them to examine the deployment options and mitigation strategies.

Where previously security tools at the perimeter of a network, including firewalls, Intrusion Prevention Systems (IPS) and DDoS appliances were sufficient, today the attack vectors are much too complex for defences deployed only at network ingress. Advanced Persistent Threats (APTs) employ a variety of tactics to infiltrate networks, making any one of an organisation's internet connected devices a potential breach launch pad.

What's more, the mobility of users, devices and applications, enhanced by virtualisation and cloud adoption, means that traffic patterns are no longer predictable and a static means for controlling them is no longer relevant. What's needed then is a cyber-security strategy supported by an architecture that reaches all the places that threats can manifest, and that continuously monitors those touch points in order to defend dynamically, all in tight and efficient lock step with emerging threats.

A pervasive security strategy starts with complete visibility into the network traffic that traverses physical, virtual and cloud environments. Network traffic is the conduit to both critical business operations and the malicious acts that threaten its continuity and performance. Consequently, visibility into this traffic is the essential starting point to any defence whether it is identifying malware, detecting malicious behaviour, spotting misconfigured or vulnerable targets, or conducting forensic analysis.

In older network designs, traffic visibility was achieved by distributing single purpose hardware appliances, but nowadays we can achieve this this much more scalably and with greater scale through a visibility fabric (VF). A VF's distributed architecture can aggregate traffic views from terrestrial networks and clouds without impacting performance or availability. Security devices or modules simply connect to the visibility fabric at whatever interface speeds they require and they receive a high fidelity, security application-relevant traffic stream from anywhere in the network.

Complete visibility to traffic via a VF certainly helps bolster threat detection but it is not the only security benefit of a VF. Shortening the time it takes to respond and mitigate exposure is also very important given how likely breaches are in the current threat ridden climate. A visibility fabric lets the various IT applications and appliances that receive traffic from it to dynamically respond to security events by automatically programming that visibility fabric, in turn saving the time it would take for a human administrator to intervene. One use case is the security information and event management application (SIEM) that detects anomalous behaviour and tells the VF to reroute the offending traffic flow for further inspection. This type of automation is accomplished using software driven intelligence for modifying, correlating and transforming traffic from various sources.

Like its constituent Software Defined Networking (SDN), Software Defined Visibility (SDV), together with a visibility fabric, forms the foundation for delivering traffic to security applications when and where they need it. SDV functions as a kind of substrate or layer that gives networking and security administrators the ability to take security applications on and offline at will, testing them, scaling them and deploying them as strategy dictates - and not maintenance windows.

SDV, combined with a visibility fabric, not only ensures that every packet of network traffic is visible, it maximises the probability that the security implications of that packet will be uncovered. Any business can bolster its security architecture with the efficiency and strategic direction that software defined visibility can provide. Essentially the more you can see, the more you can secure. NC

Like this article? Click here to get the Newsletter and Magazine Free!

Email The Editor!         OR         Forward ArticleGo Top


PREVIOUS

                    


NEXT