Enabling Non-disruptive, Resilient Threat Monitoring
Enterprise data centers are experiencing tremendous growth in network traffic, as consumption of applications and content continues to rise rapidly in the information era. In addition, the widespread adoption of server virtualization is changing the direction of data center network traffic flows from the North/South flow of client-server applications to the East/West of server-to-server traffic. These dynamics require the data center network to accommodate greater bandwidth at the core layer where the need for connectivity at 100 Gigabit Ethernet is growing rapidly.
Upgrading data center core networks to 100 Gigabit Ethernet technology creates multiple potential hiding places for covert attacks. Additionally, it generates a learning curve for network administrators. Upgrading data center core networks also produces blind spots ripe for exploitation, which is a huge issue for the rapidly evolving IT data centers.
As core networks evolve from 10/40Gb to 100Gb, there is a critical need to ensure high-performance threat monitoring with support for aggregation and processing of high-speed network traffic to different performance, application, and security monitoring tools that may be unable to process traffic at these higher speeds.
If your core network is in the process of being upgraded to 100 Gigabit Ethernet, it’s critical to future-proof security monitoring tools for eventual network upgrade by deploying a comprehensive threat monitoring infrastructure that can seamlessly and with full resilience accommodate 1G, 10G and 40G ethernet port speeds for non-disruptive support for today’s and tomorrow’s security systems.
To put it simply, how can Security Operations (SecOps) teams continue to optimize the time it takes to identify, analyze and respond to security threats while tackling the challenges of growth in network speeds and traffic volumes, and the need to leverage investment in existing monitoring tools?
This blog series will review how Network Packet Brokers can provide a unique future-proof solution for supporting non-disruptive and resilient network security in data centers migrating to 100 Gb core networking.
Migration Challenge: Scaling Network Security to Meet 100Gb
Organizations have already heavily invested in 10/40Gb-capable tools, such as Firewalls, IPS/IDS, Data Loss Prevention, SSL/TLS decryption, and Malware systems, which are at the core of their security processes. The ability to monitor, protect, and record network traffic on high-speed 100 Gigabit Ethernet segments is critical, but true 100Gb-capable security and network monitoring tools simply don't exist. Even when security tools begin to support 100Gb interfaces, moving to new tools and systems requires a very expensive investments in ethernet technology and various networking technologies.
The critical challenge is how to extend the reach of 10/40Gb-enabled tools into 100Gb networks. Next-Generation Network Packet Brokers (NPB), such as Niagara’s 2847, address this challenge by ingesting 100Gb traffic and load balancing it out over multiple 10/40Gb ports. This means existing 10/40Gb tools gain visibility into the traffic carried inside 100Gb links, the useful life of those tools is extended, and the overall return on investment (ROI) is improved (Figure 1).
Figure 1. Niagara 2847 NPB extends reach of 10/40Gb-capable tools into 100 Gigabit Ethernet networks
NPBs also provide fail-safe resilience for threat monitoring through integrated inline bypass support for 100Gb as well as lower-speed 1/10/40Gb to deliver high availability and resiliency to inline network security appliances. If an inline appliance fails in any way, the Network Packet Broker directly connects both ingress and egress network ports, thus “bypassing” the failed security appliance and maintaining high availability of the network.
Beyond support for 100Gb links, the integrated bypass capability in NPBs may provide a number of additional high-availability advantages when compared to the built-in bypass functionality provided by inline 10/40Gb-capable security appliances.
Network Packet Brokers typically have a better Mean Time Between Failure (MTBF) and Mean Time to Repair (MTTR) than inline security solutions. Also, multiple NPBs can typically be set-up in flexible configurations for an additional layer of high availability.
Compared to built-in network bypass functionality in security appliances, Network Packet Brokers commonly utilize a highly-accurate “heartbeat” for ensuring the integrity of the data flow is maintained even if the inline security solution is down for maintenance or is resetting, and for automatically restoring bypass operation once the solution is back online.
In the next part of this blog series, we’ll look at 100 Gigabit Ethernet migration-related security challenges as they relate to maintaining resilient security in face of dramatically higher traffic volumes and enabling optimum connectivity for increasingly specialized security solutions. Stay tuned!