What Network Packet Brokers Have to Do With Security Infrastructure

Yigal Amram By: Yigal Amram August 20, 2018
Networks keep increasing in size and demand on their resources, and although technology is advancing and doing its best to keep up (or even to try to catch up), managing the actual network security has become more complex, and not necessarily less costly.

Enterprise networks and service providers mandate their IT and network experts to keep ahead of the game, and the solution usually adopted is to endlessly introduce new inspection and monitoring tools. This, however, weighs down an already complex system with yet more configuration and fine-tuning work and management complexities.
IT could, for example, replace low-speed devices with higher-speed devices. Alternatively, IT could adopt an all-inclusive new network monitoring infrastructure that allows migration to a higher network speed, and also increase the effectiveness of the monitoring security tools. In either case, however, they’ll incur additional costs.


Yet another network security breach - What can you do?

Verizon’s 2018 Data Breach Investigations Report (DBIR) indicated that in 2017, more than 53,000 security incidents were reported and 2,216 breaches confirmed. The number of actual attacks remains unknown but undoubtedly is considerably higher.

There is no silver bullet for network security, nor a one-time magic purchase: no single security product will solve all your (potential) problems. An all-encompassing network visibility security solution is required. It will help uncover hidden network issues and inadequacies, identify hiccups and outages, and improve network security. It will also address potential compliance issues.

The following essential functionalities are required in a comprehensive solution: 

  • high efficiency with flexible access to the network
  • monitoring (including filtering, packet grooming, etc.)
  • advanced monitoring functions (application intelligence, NetFlow support)
  • monitoring tools connectivity.

Cost-effective, efficient, secure architecture-based infrastructure

Today’s networks deploy three to five network tools per network point (link) or group of points. They run numerous applications for security, compliance, analytics, and more. During upgrades, these tools are taken offline, and traffic filtering and even traffic flow halts. Moreover, the security and analysis tools are most often specialized, and they sometimes discard 90%+ percent of the traffic received, to get to the specific traffic they can process.

Now, imagine if each tool were fed only the IP traffic it was able to process and all its bandwidth and processing power was directed only toward their specialized applications, without dropping unwanted packets.

What if, in encrypted traffic, these security tools (which analyze just the first 100 bytes of each packet) were not fed a large 1,500-byte packet?

The Network Packet Broker (NPB) solution

It takes time and money to continuously re-examine the network architectures that deliver IP packets to the analytics tools, and to buy these tools indefinitely is also a financial investment that most enterprises are unwilling to make.

What they need, is a “secret weapon”: a specialized Ethernet switch that in addition to copying packets can also strip, groom, and place IP traffic automatically with the right security. It should be able to take terabits of traffic in 100Gb, 40Gb, and 10Gb increments and feed the right data to the right tool in 1Gb or 10Gb increments, with continuous levels of resilience.

This special tool is none other than a Network Packet Broker (NPB).

Here’s what it can do:

  • Provides visibility into network links without degrading availability
  • Allows migration of network speeds of up to 100Gbps
  • Reduces the time to diagnose problems, while ensuring that CAPEX and OPEX costs remain stable as network sizes and speeds increase
  • Lowers CAPEX and OPEX costs with early deployment, as part of strategic planning
  • Better utilizes monitoring/security infrastructure, simplifies operations, and increases ROI


NPBs will even improve your ROI

Network Packet Brokers’ many features assist enterprises and service providers to maximize their return on investment in network security and monitoring tools.

Here’s how:

  • Load balancing future-proofs 1/10Gb security/monitoring tools when upgrading to 40/100Gb network speeds. As networks upgrade to 40Gb (and higher) link speeds, load balancing helps maximize utilization of existing 1G/10Gb appliances without forcing the data center IT to purchase new appliances that support 40Gb/100Gb. Datacenter staff can continue to buy 1/10Gb-based security/ monitoring appliances at a dramatically lower cost.
  • Deep traffic grooming optimizes toolsets, enables CAPEX and OPEX savings. Most security appliances focus only on a specific type of traffic. NPBs can filter out the traffic that is not relevant to the appliance and map only the traffic the appliance needs to the appropriate port. This allows a higher link-to-appliance ratio and reduces storage capacity of each tool, all of which reduces costs.
  • Aggregation reduces security, analysis, and compliance costs. NPBs can consolidate multiple packet stream inputs into one larger stream (i.e., five 1Gb or 10Gb links into a single 10Gb or 100Gb link), or do the reverse (i.e., a single 10Gb or 100Gb link into multiple 1Gb or 10Gb connections). Connecting many security, analysis and compliance devices to every link may seem costly, but not protecting them may cost even more. Now, network engineers can look at link throughput while allowing multiple lower-speed links to remain protected by a single NPB device.
  • Extended visibility across SDN/NFV environments provides optimal ROI. With 80% of server workloads virtualized by 2016, NPBs’ integration within SDN/NFV infrastructure provides visibility into the virtual servers’ traffic, to apply monitoring and security policies to it without disrupting or degrading traffic. NPBs can also seamlessly scale packet access and delivery across both physical and logical network boundaries, using tunneling protocols (VXLAN and NVGRE), both of which ensure continuous uptime for network security systems.

    Network Packet Brokers are intelligent security visibility devices that make network traffic visible and available to the various elements of the security infrastructure and will make them more efficient and cost-effective.