By Alastair Hartrup, CEO, Network Critical
Networks continue to be under persistent attack. As a matter of fact, according to CyberEdge’s 2019 Cyberthreat Defense Report, the percentage of organizations breached in the past year increased to 78 percent year-over-year. Worse, 32 percent of businesses reported being breached more than 6 times in the last 12 months, up from 27 percent in the previous year.
These attacks take many forms including phishing, ransomware, trojans, DDoS and other destructive malware. And, the motivations for these attacks are as disparate as the threats themselves. Bad actors are perpetrating attacks for financial gain, political influence, competitive advantage and sometimes just to rage against the system. Whatever the motivation, hacking is a significant problem that’s impacting productivity and costing organizations billions of dollars every year. Despite all of this troubling news, progress is being made to combat network attacks.
The growth in criminal attacks on networks is paralleled by significant growth and technological advances in the cybersecurity appliance industry. There are many specialized network tools that help reduce the threat landscape by identifying and blocking attacks. For example, Data Loss Protection solutions, Next Generation Firewalls, and Unified Threat Management Appliances, Network Analytics platforms, ID and Encryption appliances, and more. In addition, AI and machine learning technologies are making advances in processing millions of security events, new predictive analysis technologies are identifying known threats, and advanced network monitoring appliances are providing traffic flow visibility and analysis.
But ensuring visibility is becoming more challenging as networks move away from centralized architectures. Cloud, hybrid-cloud and remotely hosted applications are driving new types of business activity. Interconnection between users and the remotely hosted information they seek requires multiple links to the internet, corporate intranets, data centers, and cloud carriers. It’s no longer economically feasible to attach every security appliance directly to every single network link.
Furthermore, when multiple appliances are directly connected to a link it impacts the reliability and availability of the network. Each appliance represents a potential failure point. If the appliance has to be taken offline for maintenance or updates, the link needs to be taken down as well. For example, one unit with a reliability factor of .999 on a link will be down for about 8 hours per year. However, when three units with a .999 reliability factor are deployed on the same link, the overall reliability impact on the link degrades to .997, or about 26 hours per year. As more specialty appliances are added, the overall reliability continues to degrade. Managing these maintenance windows can become a real nightmare.
Network TAPs (Test Access Point) play a vital role in solving these availability and reliability issues. As devices that connect network security and monitoring appliances to network links safely and securely, TAPs receive the network traffic flow. A mirror copy of the traffic is then passed on to an appliance that is also connected to ports on the TAP. While the mirror traffic is passed to the appliance, live network traffic continues to pass back into the network without significant delay. TAPs also provide network fail-safe technology that keeps network traffic flowing even if the power to the TAP or connected appliance is lost. Therefore, multiple security appliances can safely be connected to links using TAPs, without impacting the reliability or availability of the live network.
TAPs can be deployed out-of-band or in-line. Monitoring appliances generally use an out-of-band mode which, as noted above, sends a mirror copy of the data to the appliance for analysis, but does not interact with live data. Deploying TAPs in-line means that live data travels from the TAP through the appliance and then back into the live network. This method allows security appliances to interact in real time with live data, allowing the appliance to immediately isolate and block malware before damage is done to the network. In-line TAPs automatically bypass an appliance if it’s taken offline for any reason. This feature keeps live traffic flowing even if an appliance is down, which simplifies maintenance windows and troubleshooting.
There are also intelligent TAPs on the market that offer aggregation, filtering, and port mapping. These features provide additional economic efficiencies allowing flexibility in determining traffic flows to the appliances. By aggregating underutilized links, appliances can support multiple links, providing CAPEX savings. Filtering irrelevant traffic also lessens the traffic burden on appliances allowing more efficient operation and faster response times to threats. Port mapping provides a simple method of directing traffic from the TAP to the appliance and back into the network.
When developing a network protection strategy, it’s important to deploy the right monitoring tools and security appliances. Properly including network TAPs in the architecture plan from the beginning is critical to that success. Appliance connectivity with TAPs will allow maximum protection and budget discipline without compromising network reliability or availability.
About the Author
Alastair Hartrup is the CEO and founder of Network Critical, a company that provides industry-leading network TAPs and Packet Brokers, which help organizations increase visibility across dynamic and complex networks. He founded Network Critical in 1997, and today more than 5,000 companies worldwide rely on its technology to help power the network and security monitoring tools needed to control changing infrastructure.