Six steps to improve network visibility

Early 20th century legendary baseball pitcher Walter Johnson once said, “You can’t hit what you can’t see.” It’s the same thing in IT security: You can’t stop what you can’t see.

Which is why visibility is so essential to network security. Unfortunately a lot of traffic is opaque to network and security teams, giving fits to the CISO. It isn’t a problem if good security is followed, but in a blog this week Johnnie Konstantas, who heads Gigamon’s security solutions marketing and business development, asks a few pertinent questions to see if infosec pros need to improve visibility.

The obvious question is whether the network is monitored 24/7 and analyzed daily for anomalous traffic patterns. But she says it’s also important to ask if  the use of virtual machines limited to non-critical workloads, is vMotion turned off, if users restricted from connecting to the network with self-sourced devices, (and if yes are they restricted to guest network segments regardless of security profile), if the use of social media to send attachments and files is restricted and if all SSL traffic is decrypted and inspect it for the presence of malware.

My guess is few CISOs except financial institutions and certain government departments can say yes to all of them. Leaving aside the fact that Gigamon sells visibility and analytics solutions, no one doubts that being able to see more deeply into network traffic is a great way to improve security. Konstantas offers these six tips for improving it:

1. TAP all critical links. Don’t rely on SPAN ports because of sampling and missed packets

2. Connect all TAPs to a visibility fabric. This will aggregate traffic and metadata

3. Connect inline tools to inline fabric ports. Adding fault tolerance for IPSes and firewalls prevents the fail closed problem.

4. Connect all out of band security tools. Now all analytics and detection tools will see every network packet and its metadata without contending with its peers.

5. Use traffic manipulation and grooming. Steering the right traffic to security tools can alleviate the computational burden associated with unwanted traffic inspection

6. Add non-security tools to the visibility fabric. Performance management tools can also have the benefit of complete network traffic views for faster troubleshooting.

Visibility is one of the best ways to increase the odds of finding malware that’s on a network now, and lower the odds of new attacks being successful.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now