Are You Missing 60% or More of Your Security Threats? (Keith Bromley)
Updated: Feb 21
You Can’t Afford to Miss ANY Data
Data is the fuel source for any security architecture. Unfortunately, some network packet broker (NPB) solutions drop packets. The wrong data, or missing data, often results in the wrong conclusion which creates the following:
· deletion of the wrong data
· missed malware
· wasted time and effort
· or the application of the wrong security fix
These outcomes create the unnecessary risk that a cyber attacker will be successful.
The Source of the Problem
There are two fundamental sources of missing data — lack of an inline visibility architecture and use of poorly designed equipment.
Lack of a Visibility Architecture
Are you wasting time on worthless defensive cyber security operations? Inline security solutions are one of the ways that enterprises can deploy high impact security solutions to address security threats. However, the "solution" is more than just adding an inline security appliance, like an intrusion prevention system (IPS) or a web application firewall (WAF). It requires complete data visibility, which allows examination of ALL data for suspect network traffic.
An inline visibility architecture consists of an external bypass switch and an NPB. While an inline security architecture will not create a foolproof defense against all these threats, it provides the crucial data access that security operations (SecOps) teams need to combat real-world threats.
Out of band visibility architectures are an additional strategy that allow key pieces of security data to be captured downstream and passed on to data loss prevention (DLP) and intrusion detection system (IDS) solutions for an equally important detailed threat analysis.
Poorly Designed Network Packet Brokers
While there are several vendors for NPB solutions, NPBs are not created equal. Some prominent vendors create NPBs that drop packets and have feature blocking architectures. In fact, because of those designs, you could be missing 60% or more of the security threats entering your network. What’s worse is that you won’t even know it — as those solutions don’t indicate that anything is wrong the entire time they are dropping that critical security data.
The Right Security Solution to Fortify Your Network
Keysight Technologies has the solution to this problem. Our taps, bypass switches and NPBs provide the visibility and confidence you need that you are seeing EVERYTHING in your network. Keysight’s advantage is due to the Keysight architecture which uses FPGA’s to process the data instead of a CPU running software. The CPU/software combination has inherent issues since every line of code steals bandwidth. FPGA’s are faster because they work at line rate — and faster is better.
What happens if you connect up a security appliance like an IDS to a Keysight packet broker and other NPBs? The answer is a visible difference. Some of those other NPBs dropped critical security data that led to the IPS missing 5 out of 8 attacks. This means those security solutions missed 62% of the security threats. The Keysight NPB passed all of the correct data on resulting in the IDS catching all 8 out 8 attacks. So, would you rather have a 38% success rate or a 100% success rate in detecting security threats?
Keysight NPBs, bypass switches, and other security solutions offer enterprises the following benefits:
· Zero packet loss for data transfers to your inline security tools.
· Increased network reliability with better fail-over techniques.
· Improved security appliance survivability with a self-healing architecture.
· Integrated secure sockets layer (SSL) decryption to expose hidden security threats.
· Reduced security architecture complexity.
· Ability to deploy measures to capture indicators of compromise (IOC).
· A threat intelligence gateway that can stop incoming and outgoing security threats.
Reach out to me (Keith Bromley) and I, along with my team, can show you how to fortify your network against multiple threat vectors. Alternatively, you can see for yourself how Keysight’s solutions can significantly enhance your company’s security architecture!