Page 30 - Cyber Defense eMagazine for September 2020
P. 30

Upside:  NetFlow,  now  a  de  facto  industry  standard,  is  supported  by  platforms  from  several  leading
            network equipment providers, so it is built into most core routers and switches.

            Downside: NetFlow is known to affect the performance of the devices where it is enabled, such as routers
            and switches. This can have a detrimental impact on network performance, which can be a problem for
            companies trying to keep up with growing volumes of data and demand for higher network speeds.


            Implementing a dedicated monitoring network

            With this method, organizations aggregate network traffic to one location via tap and span ports or inline
            proxies and monitor the traffic.

            Upside: This provides a dedicated function for continuous visibility to the overall  performance of the
            network and allows organizations to observe all traffic traveling, as well as monitor every connected
            device and their performance metrics. It is typically simple to manage and operate.


            Downside: Scaling of this method is problematic. Increasing internal bandwidth can quickly overwhelm
            the aggregator, causing loss of monitoring or dropped packets, and there can be network performance
            issues.

            Deploying an internal firewall


            Using this tactic, companies leverage their legacy firewalls to segment and monitor the network and then
            look at the connection logs.


            Upside: Many organizations can use older firewalls that they had decommissioned when they updated
            their  infrastructure  with  Web  application  firewalls.  They’ve  already  made  the  investment  in  these
            products, so there’s no new purchase cost. They can redeploy the equipment internally to meet their
            needs.

            Downside: This deployment does result in extra infrastructure to maintain and new rules sets to manage.
            There are scaling issues with logging and analysis. Companies must also deal with the same issues as
            they do when pulling data from a lot of locations on the network.


            Using an internal intrusion detection and prevention system (IDPS)

            IDPS  is  a  network  security  tool  that  monitors  network  and  system  activities  and  detects  possible
            intrusions. Organizations can deploy IDPS inside their networks and monitor east-west traffic.







            Cyber Defense eMagazine – September 2020 Edition                                                                                                                                                                                                         30
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.
   25   26   27   28   29   30   31   32   33   34   35