how to select a security visibility solution
TRANSCRIPT
How to Select a Security Visibility SolutionAre you asking the right questions?
June 2016
AGENDA HIGHLIGHTS
• Why security visibility?• The case for packet flow switching• How to formulate your requirements• Key requirements for inline security • Case study and takeaways
Ksenia CoffmanProduct Marketing ManagerNETSCOUT
SPEAKERS:
2©2016 NETSCOUT
3
SECURITY ATTACK TRENDS
Source: Arbor Networks (2016): Worldwide Infrastructure Security Report, vol. XI
©2016 NETSCOUT
EVOLVING NEEDS
©2016 NETSCOUT ° CONFIDENTIAL & PROPRIETARY 4
The need to optimize packet flow
Complex security scenarios
Active, passive and hybrid security
Archiving and spooling
New and more security tools
Security threats: Bigger, faster, more complex
State of network security threats
Are we better off than two years ago?
SECURITY WITHOUT VISIBILITY
• Individual silos of security and single points of failure• Complex configuration and change management
6©2016 NETSCOUT
Why Security Visibility: The Case for Packet Flow Switching
8
WHAT IS A PACKET FLOW SWITCH?Network Centralized Tools
Application Performance Management
Network Performance Management
Customer Experience Management
Security
From the Network To the Tools
An Appliance to Optimize Packet Flow
©2016 NETSCOUT
MATRIX SWITCHES
• Entry-level packet broker: NPB software + COTS• Does not scale for advanced capabilities and performance
Application Performance Management
Network Performance Management
Customer Experience Management
Security
Packets Not Reaching Tools
ADVANCED FUNCTIONALITY MISSING
9
Network Centralized Tools
SOFTWARE BASED MONITORING SWITCH
• The software based monitoring switch adds compute capabilities to matrix-switches• Lack hardware acceleration behind every port • Difficult and costly to scale
1010
PERFORMANCE DEGRADES
Application Performance Management
Network Performance Management
Customer Experience Management
Security
Network Centralized Tools
TRUE PACKET FLOW SWITCHINGNetwork Centralized ToolsPFS
Security
NGFW
IDS
IPS
Network Centralized Tools
Application Performance Management
Network Performance Management
Customer Experience Management
Security
SLICING: Remove unnecessary payload
SlicingPFS
Filtering
Replication
Slicing Stripping
Speed Conversion Aggregation Load Balance
De-Duplication©2016 NETSCOUT
Network Centralized Tools
Application Performance Management
Network Performance Management
Customer Experience Management
Security
STRIPPING: Enable processing of encapsulated packets
StrippingPFS
Filtering
Replication
Slicing Stripping
Speed Conversion Aggregation Load Balance
De-Duplication©2016 NETSCOUT
Key Questions to Ask About a Security Visibility Solution
WHAT ABOUT PERFORMANCE?
Traffic grows Performance degrades
CAN YOU HANDLE TRAFFIC GROWTH?
Traffic Grows
13
Tools overrun, limited load balancing
DO YOU SUPPORT INLINE SECURITY?
Inline tools Single Points of Failure
14©2016 NETSCOUT
WHAT ABOUT HEALTH CHECKS & TRIGGERS?
• Both positive and negative health checks are required
• Conditional triggers are key
• Each security system in the tool chain should have a different trigger
17©2016 NETSCOUT
CAN YOUR SYSTEM SUPPORT TOOL CHAINING?
Inline Monitor
Inline Network
Aggregated Traffic
2 4 6
71
3 5
Inline Tool Chain
NGFW LB Group1 Web
8
NGFW Web Gateway IPS
IPS
IN IN IN
18
IM IM IM IM IM IM
©2016 NETSCOUT
Case study
21
CASE STUDY: Large Private Cloud
• Unified packet plane achieves complete visibility
PACKET FLOW SWITCHING FOR SECURITY VISIBILITYNetwork Security Systems
Security
NGFW
IDS
IPS
PFS 2204
PFS 4204
Unified Packet Plane
TriggersNetwork bypass Health Check Tool chainingActive inline
Filtering
Replication
Slicing Stripping
Speed Conversion Aggregation Load Balance
De-Duplication
ENT ERPR I S E . N E T SCOUT. COM
THE RIGHT SECURITY VISIBILITY SOLUTION:
• Helps retain investment in existing security systems
• Simplifies adds, tests and changes
• Supports both performance assurance and cybersecurity
Additional Resources
EN TE RPR I S E . N E T SCOUT. COM
• Listen to the live webinar here• Enterprise Networks: No Tool Left Behind