Eliminating Blind Spots With Network Visibility

André Vink By: André Vink July 22, 2019

Designing a secure network infrastructure has to go hand-in-hand with network visibility.

Attacks are becoming increasingly sophisticated, networking demands are increasing at a rapid rate, and it’s almost impossible to predict how your network will be exploited. Without visibility into every packet that comes into or goes out of your organization, it doesn’t matter how advanced your security tools are—they won’t be able to protect your network.

However, successfully creating a network visibility layer can seem easier said than done. Even a slight misstep can leave you with blind spots that give attackers an easy path into your network.

If you want to protect your business, you need to eliminate blind spots with the right network visibility tools.

5 Network Visibility Blind Spots That Derail Security

You can’t secure what you can’t see. But you also can’t fix blind spots if you don’t know where to look for them in the first place.

Before trying to improve network visibility to eliminate all possible blind spots, take the time to understand what can keep your security tools from seeing every necessary packet. While a complete list of potential blind spots would be nearly endless, the following five are common areas that even the most experienced networking and security pros struggle with.

  • East-West Traffic: Your traditional perimeter-based security strategies were all about securing the North-South traffic that traveled from outside of your network, into the core of your data center, and back again. Now, cloud computing, the Internet of Things, and widespread virtualization have created an explosion of East-West traffic that never passes through those core security appliances. Without a unique network visibility strategy for the East-West traffic in your data center, you risk having blind spots that offer low-hanging fruit for attackers.
  • SPAN Port Oversubscription: In the past, you might have been able to get away with using SPAN ports to mirror copies of network traffic to your monitoring devices. But switches have a limited number of SPAN ports, leaving you to make decisions about which tools see which traffic. With so many tools vying for visibility, you’ll either oversubscribe SPAN ports or leave certain tools without access to all necessary packets. If you’re dropping packets during peak times, you’ll have blind spots that could let malicious packets through to your data center.
  • Shadow IT: Sometimes it might feel like employees are actively working against you when it comes to cybersecurity. If they’re installing software and applications that haven’t been approved by IT or accessing the network via unapproved devices, your security tools may lose sight of some activity. This is especially problematic if employees aren’t properly patching vulnerabilities and you can’t see the new weak points in your network.
  • Encrypted Traffic: IT and Network managers tend to focus their efforts on traffic that they “see” and often ignore the need to handle the traffic that can not be seen because it's encrypted. The fact that traffic is encrypted does not mean that it should be overlooked. Many network security and monitoring applications do not have visibility to encrypted traffic and cannot inspect its content. This creates dangerous gaps in corporate defenses or results in partial management and visibility of the network.
  • The Internet of Things: Trying to maintain visibility into all network traffic as the Internet of Things introduces more activity is a significant security challenge. High traffic volumes can quickly lead to oversubscription of ports if you don’t have a robust network visibility layer. And when security tools can’t analyze all packets, attackers can sneak attacks into waves of IoT activity.

The worst way to approach these blind spots is to wait until something goes wrong with your cybersecurity strategy to address them. Not recognizing blind spots until after there’s a problem, means you’re always reacting to cyber attacks instead of proactively preventing them.

To remain proactive in cybersecurity, you need a network visibility layer that can continuously keep blind spots from creeping up into your data center.

Get Pervasive Network Visibility to Eliminate Blind Spots

Eliminating blind spots that prevent cybersecurity tools from doing their job is all about creating a pervasive network visibility layer. There’s no one-size-fits-all solution to pervasive network visibility though. You have to understand that every tool has its limitations, which means that pervasive visibility requires a cohesive strategy.

To create complete coverage with network visibility tools, you need a combination of devices that will keep blind spots from forming in your organization. The three most important components are:

  • Network Taps: These external devices or virtual taps create copies of traffic, from different key critical points in your network (including East-West junctions) that can route to any and all necessary security tools. As an unobtrusive observer of network traffic, taps can be relied upon to deliver 100% visibility into packets on a link and eliminate blind spots that would hinder the effectiveness of security tools.
  • Network Packet Brokers: These are active devices that take raw data packets from tap points and send them to specific security applications. Ensuring that the right traffic gets to the right tool. It doesn’t make sense to send 100% copies of packets to every security tool. Packet brokers ensure pervasive visibility without introducing problems with oversubscription, downtime, or complex management.

Network Packet Brokers are becoming more intelligent, blurring the traditional lines between the visibility layer the network tool. With Network Intelligence built into the NPB, you can ensure that security tools get the traffic in a form that they can ingest.

  • Bypass Switches: Because many security tools must be placed in-line, you need fail-safe capabilities on your network to avoid downtime during maintenance or operational issues. Bypass switches are hardware devices that deliver failover for inline security tools, eliminating points of failure that would otherwise create blind spots in your security strategy.

Just like with your security tools, simply investing in these network visibility layer components isn’t enough. Eliminating blind spots ultimately comes down to your strategy for deploying network visibility and network intelligence, and connecting them to security solutions.

That’s where we can help. Contact us today and talk to a network visibility expert who can guide you in creating a strategy for your unique cybersecurity needs.

New call-to-action