Jason Landry, Senior Solutions Marketing Manager, Ixia, said, “The key to successful inline security monitoring is to enable traffic inspection and detection without affecting network and application availability. If one of your security tools becomes congested or fails, you still want to be able to keep traffic moving, continue monitoring, and prevent a network or application outage. This is more difficult if you deploy inline security appliances behind the firewall in a serial configuration, because the clogged appliance stops all traffic. You can overcome this with redundant network paths but they are expensive and can lead to wastage.
“The goal of a security fabric is to provide security tools with the specific type of traffic they are designed to monitor, regardless of where that traffic is in the network, with complete resiliency. This increases the effectiveness of analytics and security tools, and optimises their data access. A security fabric intuitively and intelligently routes and load-balances the right data to the right tools, every time.”
A security fabric should include a bypass switch, which sends traffic back and forth to inline security tools located off the network, and network packet brokers that send traffic to specific tools for inspection and monitoring.
Ixia has identified six desirable features of a high-performing security fabric that protects network availability and increases the inspection of traffic entering and leaving the network:
- Network resilience: availability and responsiveness
A resilient network includes an external bypass switch, which lets administrators maintain and fix tools without disrupting traffic flow or security monitoring. The switch itself should enable nanosecond heartbeat packets, which detect issues and redirect traffic at the rate of one packet per nanosecond, and can self-heal for fast and automatic recovery. And it should enable traffic flow monitoring that can be integrated into existing management tools to streamline network management.
- Tool visibility and efficiency
Tools need to aggregate traffic from multiple links and provide complete visibility to improve inspection and detection. A security fabric will help prevent tools from becoming oversubscribed, slowing performance. This reduces the workload on tools, enabling more efficient processing and lengthening their service life. Tools should also be efficient, with intuitive, drag-and-drop controls rather than complex configuration interfaces.
- Security resiliency and high availability
Modular security fabric lets organisations incrementally increase resilience over time to achieve very high uptime for security monitoring. Deploying an extended security fabric with redundant network packet brokers (NPBs) eliminates the packet broker as a single point of failure. This is known as active-active configuration, and is essential for environments that require full failover.
- Context-aware data processing
Security fabric solutions offer application intelligence, which lets organisations develop rich data on the behaviour and location of users and applications, to identify hidden apps running on the network, mitigate security threats from rogue apps and users, and improve network performance based on app data.
- Security intelligence processing
Threat intelligence solutions should include a continuously-updated database of proven malicious IP addresses, hijacked IP addresses, unregistered IP addresses, botnet controllers, and phishing destinations. It should also include a rap sheet every time an action is taken to help administrators understand and learn from the risks to their network.
- Maximum return on security budget
A security fabric minimises new tool purchases and avoids the cost of fully-redundant paths through tool sharing, tool upgrade flexibility, and pay-as-you-grow options.
Jason Landry said, “Monitoring requires processing an exploding amount of data. Your security infrastructure must be strong enough to protect your assets and data, while being efficient enough to not impact network or application response time. It should also let you monitor traffic everywhere in your network and offer context-aware intelligence to optimise tool performance, and self-healing resiliency to completely recover from any tool failure.”