Historically, cyber threats came from outside the boundary of the network, which allowed IT teams to ensure security by building walls at the points traffic entered and departed. However, new technology such as cloud computing and Bring Your Own Device (BYOD) mean that it can no longer be assumed the interior is secure and trustworthy. The fact is that the security of a networked environment can be compromised through innocent and unknowing user activity, for example, a virus can gain access to an internal desktop through unprotected and unmonitored browsing, as well as through more sinister intentional security breaches from remote access points. In addition, as organisations begin to upgrade from 1GbE to 10GbE and beyond networks, legacy security tools are struggling to keep up – often becoming oversubscribed and risking the loss of essential, potentially lethal information.
The urgency to be able to effectively monitor what is happening inside the bounds of the network is rapidly growing. An ongoing and effective security strategy requires extensive, reliable and scalable visibility of network traffic in order to, not only prevent security breaches, but also actively react to potential threats before they can do any lasting damage.
The required visibility can be gained through flow mapping technology – a highly intelligent and customisable approach to traffic filtering. The technology allows network managers to dictate which traffic should be sent where and how it is processed once it arrives at its location through the creation of ‘map-rules’. Network owners are able to create thousands of individual rules to send only the most relevant information to the correct tool. Traffic can be drawn from a multitude of locations across the environment and directed to a centralised group of security tools, without concern for the number of connection points available. This ensures that each tool is only seeing the information that it is best equipped to deal with, making every one as efficient as possible.
Furthermore, it is possible for administrators to override individual rules so all traffic is sent to a particular security tool, irrespective of any other rules in place. This ensures the tool is able to see all unfiltered traffic as required, reducing the risk of vulnerabilities going unnoticed. For example, if administrators are concerned about traffic originating from an individual IP address, they can alter the rules to forward all data to one environment for monitoring and diagnosis. In addition, all traffic is available for selection and forwarding, without the need to make any changes to the production network. This means there is no risk of the entire network going down when responding to threats and attacks, allowing the security team to rapidly change the direction of suspicious traffic without any impact on the network’s performance or reliability.
Flow mapping technology can also alleviate the security risks associated with upgrading from 1GbE to higher network speeds. By using multi-rule sequential pre-filters, traffic can be load balanced across multiple 1GbE tools, with each tool monitoring a specific, pre-defined security aspect. This ensures that 100 percent of the network traffic continues to be monitored and secured, without the need for purchasing costly new tools.
In addition to making networks more efficient, flow mapping allows organisations to remove any security holes in order to prevent breaches, while also providing the ability to quickly react to potential threats. As networks are more vulnerable than ever thanks to new technology increasing the number of access points and a huge rise in the volume and speed of traffic, flow mapping can give organisations the peace of mind that they are protected – no matter where a threat comes from.
Please click here to download your free Gigamon whitepapers.