Performance! Visibility! Security?
Network security. These words are enough to strike fear into the most cold-hearted CSOs. A network compromise can bring down systems, managers, executives, and even entire companies. Securing the data on your corporate network is not only one of the most important things a company can do, but also one of the hardest.
There are lots of tools that are dedicated to providing network security: vulnerability scanners, intrusion detection and prevention, firewalls, and much more. Every company has its own ideas and approaches to the best ways to achieve the unachievable: the total securing of the corporate network.
As part of your decision on how to secure the network, it is important to recognize that there is no one tool that is going to provide your entire solution. A firewall will help keep people outside your network from getting in, but does nothing to help once someone is on the inside. An intrusion device will help identify when someone intrudes, but does nothing to secure the perimeter. The trick is to have an entire arsenal of tools that can be used to identify issues and then investigate and thus rectify them.One tool you may already have in your arsenal but may not have thought about using for security monitoring is your Network Performance Monitoring (NPM) tool. The pure NPM solution does not act as a firewall or identify intrusions. However, it can be leveraged to ensure you know what is happening on your network, that no one is doing things they should not, and, in the worst-case scenario of an intrusion or other violation, you can determine what happened and then identify proper mitigation factors.
A solution like the Riverbed® SteelCentral™ NetProfiler allows you to monitor your network and report and alert on access violations, prove or disprove access concerns, identify areas where issues occur, and help remediate the issues.
Using NetProfiler’s advanced reporting, you can easily generate reports showing what hosts have accessed what other hosts, at what times, and what it was they did. These reports can include information such as how much data was transmitted between the hosts using what application and network ports and protocols, as well as allow for easy drill-down into the packets that make up the violation for more detailed analysis.
Figure 1: NetProfiler can show which hosts communicated with what other hosts.
This kind of information can be used to prove that someone accessed a system they should not have or the opposite – that the secure systems have not been violated in any way. The total number of connections, amount of data transferred, and applications used to transfer that data can be critical in determining if a violation is simply a misconfiguration or accidental access issue or if something more nefarious is going on.
Figure 2: NetProfiler can provide a graphical diagram showing how hosts or groups communicated and include performance information for the connections between devices.
NetProfiler’s User Defined Policies allow the administrator to identify specific areas of the network consisting of one or more hosts that need to have access monitored. Policies can be configured to watch for access to the selected areas from hosts not included in a white list (or all hosts) and alert if traffic between those hosts meets or exceeds specific criteria (or exists at all). The ability to be proactively alerted when questionable traffic occurs can be invaluable when trying to secure a network.
Figure 3: NetProfiler User Defined Policies allow you to monitor and manage specific portions of your network.
Network security is not about having a totally secure network – there is no such thing. Instead it is about using the tools you have to provide the best level of security you can. Whether you are using a dedicated security tool or a broad range solution the more visibility you have into what is happening on your network the more secure your network will be.
• SANS Critical Security Controls: SteelCentral Has You Covered
• Better Visibility Enables Better Security with SteelCentral NetProfiler
• Peace Through Performance: How Riverbed Can Enhance IT’s Security Posture