Tribune by Keith Bromley, Senior Solutions Marketing Manager at Ixia - In terms of regulatory compliance for PCI-DSS and HIPAA, the deployment of inline security tools is not essential but is imperative for a security architecture by which tries to maximize its defenses.
Here are the top five actions IT professionals can take to improve their organization's online security architecture: Website architect job description
Insert external bypass switches between the network and security tools to improve network availability and reliability.
Bypass switches are generally a good starting point for improving the security and reliability of a network. While direct deployment of online security tools can create an improved defense, they can lead to point failures. Internal bypass in the tool can minimize this risk. However, it could create another interruption in service, if the device were to be removed later.
An external bypass switch has the advantage of its internal counterpart, with the difference that it eliminates the problems of direct deployments of inline tools by offering automatic and on-demand switching capabilities with barely perceptible impact (milliseconds) on the network. Because the switch always remains in the network, it can be placed in bypass mode on demand, to allow adding, removing or upgrading security and monitoring devices as needed
Deploy threat intelligence gateways to network entry / exit to reduce false positive security alerts
Threat intelligence gateways are a good second strategy because they eliminate traffic from and to the wrong IP addressesknown. Even with firewalls, IPS, and a wide range of security tools in place, businesses still lack clues and suffer from major vulnerabilities every day. Why ? Because the volume of alerts generated represents a huge processing burden for the security team, as well as for the infrastructure itself. A threat intelligence gateway helps to automatically filter traffic entering a network that needs to be analyzed. Some companies have seen a 30% or more reduction in false IPS alerts by removing known bad traffic, allowing network security teams to focus on the remaining potential threats.
Download SSL decryption from existing security devices (firewall, WAF, etc.) to network packet brokers (NPB) or devices specially designed to reduce latency and increase the efficiency of security tools.
Although many security tools (firewalls, WAF, IPS, etc.) include the ability to decrypt traffic so that incoming data can be analyzed for security purposes, they also have an impact on CPU performance and can considerably slow down (up to 80%) the processing capacity of a security application. This is because the processors of these devices perform other tasks such as analyzing data packets to detect security threats, such as inter-site scripting (XSS), SQL injection, programs hidden malware and security threats. SSL decryption can be a huge job, reducing the effectiveness of security tools and increasing costs if network data is to be inspected.
One solution is to use a network packet broker to perform the data decryption itself or to unload the function on a separate decryption device. Once the data has been decrypted, the NPB can transmit it to one or more security tools for analysis.
Perform a tool chain for suspicious data, in order to improve the inspection process.
Another tactic to consider is chain of tools in series. This method improves the inspection of data by using predefined sequences for their analysis. They are routed to multiple security tools for additional inspections and resolution. This ensures that actions take place in the correct order and are not overlooked. Security and surveillance tools can be linked together through software provisioning within an NPB to control the flow of data across selected services. This effectively automates the inspection process to make it more efficient and better follow up on alerts.
Insert NPBs to improve the availability of security devices using n + 1 or high availability technology.
Bitdefender
The fifth way to strengthen a security architecture is to improve the availability of devices by inserting an NPB that promotes long-term survival. A good NPB will have two options:
The first, which is called n + 1, is deployed in a load sharing configuration. This is the situation where we have an additional safety device in the event of a failure of one of the main ones (IPS, WAF, etc.). However, instead of being on standby and ready to go off if necessary, the device operates at the same time as the others and shares the load normally. If one device fails, then the total load can be handled by the other devices. Once the faulty tool is back online, the remaining tools return to a load sharing configuration.
While this can be done without the NBP, it is often a complicated process with load balancers and other efforts. An NPB is programmed to manage the load balancing as well as the messages on the correct functioning of a tool (when it has failed and when it is available), so as to ensure a “self-healing” architecture Profitable.
A more robust, but also more expensive, option is to implement high availability. It is an n + n option in which there is a set of completely redundant equipment. Despite the cost, it might be the best option, depending on the needs of the business.
Using these five use cases can significantly improve an online security architecture, including the reliability of the solution, as well as the ability to detect and prevent / limit security threats.
Here are the top five actions IT professionals can take to improve their organization's online security architecture: Website architect job description
Insert external bypass switches between the network and security tools to improve network availability and reliability.
Bypass switches are generally a good starting point for improving the security and reliability of a network. While direct deployment of online security tools can create an improved defense, they can lead to point failures. Internal bypass in the tool can minimize this risk. However, it could create another interruption in service, if the device were to be removed later.
An external bypass switch has the advantage of its internal counterpart, with the difference that it eliminates the problems of direct deployments of inline tools by offering automatic and on-demand switching capabilities with barely perceptible impact (milliseconds) on the network. Because the switch always remains in the network, it can be placed in bypass mode on demand, to allow adding, removing or upgrading security and monitoring devices as needed
Deploy threat intelligence gateways to network entry / exit to reduce false positive security alerts
Threat intelligence gateways are a good second strategy because they eliminate traffic from and to the wrong IP addressesknown. Even with firewalls, IPS, and a wide range of security tools in place, businesses still lack clues and suffer from major vulnerabilities every day. Why ? Because the volume of alerts generated represents a huge processing burden for the security team, as well as for the infrastructure itself. A threat intelligence gateway helps to automatically filter traffic entering a network that needs to be analyzed. Some companies have seen a 30% or more reduction in false IPS alerts by removing known bad traffic, allowing network security teams to focus on the remaining potential threats.
Download SSL decryption from existing security devices (firewall, WAF, etc.) to network packet brokers (NPB) or devices specially designed to reduce latency and increase the efficiency of security tools.
Although many security tools (firewalls, WAF, IPS, etc.) include the ability to decrypt traffic so that incoming data can be analyzed for security purposes, they also have an impact on CPU performance and can considerably slow down (up to 80%) the processing capacity of a security application. This is because the processors of these devices perform other tasks such as analyzing data packets to detect security threats, such as inter-site scripting (XSS), SQL injection, programs hidden malware and security threats. SSL decryption can be a huge job, reducing the effectiveness of security tools and increasing costs if network data is to be inspected.
One solution is to use a network packet broker to perform the data decryption itself or to unload the function on a separate decryption device. Once the data has been decrypted, the NPB can transmit it to one or more security tools for analysis.
Perform a tool chain for suspicious data, in order to improve the inspection process.
Another tactic to consider is chain of tools in series. This method improves the inspection of data by using predefined sequences for their analysis. They are routed to multiple security tools for additional inspections and resolution. This ensures that actions take place in the correct order and are not overlooked. Security and surveillance tools can be linked together through software provisioning within an NPB to control the flow of data across selected services. This effectively automates the inspection process to make it more efficient and better follow up on alerts.
Insert NPBs to improve the availability of security devices using n + 1 or high availability technology.
Bitdefender
The fifth way to strengthen a security architecture is to improve the availability of devices by inserting an NPB that promotes long-term survival. A good NPB will have two options:
The first, which is called n + 1, is deployed in a load sharing configuration. This is the situation where we have an additional safety device in the event of a failure of one of the main ones (IPS, WAF, etc.). However, instead of being on standby and ready to go off if necessary, the device operates at the same time as the others and shares the load normally. If one device fails, then the total load can be handled by the other devices. Once the faulty tool is back online, the remaining tools return to a load sharing configuration.
While this can be done without the NBP, it is often a complicated process with load balancers and other efforts. An NPB is programmed to manage the load balancing as well as the messages on the correct functioning of a tool (when it has failed and when it is available), so as to ensure a “self-healing” architecture Profitable.
A more robust, but also more expensive, option is to implement high availability. It is an n + n option in which there is a set of completely redundant equipment. Despite the cost, it might be the best option, depending on the needs of the business.
Using these five use cases can significantly improve an online security architecture, including the reliability of the solution, as well as the ability to detect and prevent / limit security threats.
No comments:
Post a Comment