Total Network Visibility: The Key To Securing Your Infrastructure


The Riverbed SteelCentral suite is a huge data collection engine. Riverbed tools can collect telemetry data for about anything that happens on your network, from the endpoint to the packet level. Your network engineers and IT staff may already take advantage of that visibility to spot bottlenecks and improve performance — and it stands to reason that your security pros will benefit from the same set of information.

"It doesn’t really make sense to collect flow data for performance and then buy a different tool to collect flow data for security," says Vincent Berk, VP and Chief Security Architect at Riverbed. "Nobody wants to spend money twice. Riverbed wants to enable both."

Many security operators are already diving deep into SteelCentral data for digital forensics and incident response — but the new SteelCentral NetProfiler Advanced Security Module takes these capabilities to the next level. Taking advantage of the visibility that the SteelCentral suite offers, and working with other Riverbed tools, Advanced Security Module can enhance your security in several ways:

  • Offering real-time alerts when positive indicators of compromise, like malicious botnet control channels, are detected
  • Flagging anomalous behavior, like detecting DDoS attacks or stealthy data exfiltrations
  • Providing the tools and data you need for cyber hunting, helping you find insidious threats burrowed deep inside your network

And of course, you get the tight integration between tools that you've come to expect from SteelCentral. Let's see how it works.

Sounding the alarm

The most basic layer of tech security begins with fighting prolific viruses and common hacking attacks — the stuff that is both loud and seen everywhere. Advanced Security Module delivers when it comes to fighting these attacks, correlating blacklisted communications with your environment and alerting you on positive matches so you can begin a standard triage process. And event details are available for further research on threats. At any time, you can add new threats to your blacklist as you run across them in your security landscape.

Figure 1. A sampling of alerts detected by Advanced Security Module

And these alerts help you unlock the power of other SteelCentral tools to fight cyberattacks. "With one click, I can go into SteelCentral Aternity to find out what data I have on a host that raised an alarm," says Berk. "Who logged into that host?  Where is it physically located in my network? Do I need to call the user to bring the laptop in for further inspection?"

Spotting strange doings

But the most dangerous hackers are the ones who know how to stay hidden and won't trigger simple alerts. To track them down, Advanced Security Module is always on the lookout for more subtle anomalous behaviors. Say an attacker has gained access to your network and is trying to exfiltrate stolen data. Even if they're being sneaky and doing it little by little, Advanced Security Module can still recognize this as something out of the ordinary.

Figure 2. Advanced Security Module report on an exfiltration in progress

Here again, the breadth of the SteelCentral suite can help you quickly quash this incursion. "Maybe you want to capture some of these packets," says Berk. "You can go in through SteelCentral AppResponse and download them to look at them in SteelCentral Packet Analyzer Plus to see if they look legitimate. And you can investigate the flows or other endpoint data to see who else is affected by this anomalous pattern."

Release the hounds

More and more security pros are engaging in proactive cyber hunting, where they apply forensic investigative processes to their infrastructure to seek out compromises even if they haven't been alerted to problems in advance. For instance, if you've got a suspicion about your database, you're going to collect everything you can know about it — packets, flows, day-to-day patterns, top IP addresses it communicates with — trying to tease out if someone got in who shouldn’t be there.  It starts with a basic assumption that a compromise has taken place on a network asset, and works forward to prove or disprove that assumption.  

"Organizations are increasingly adopting cyber hunting, and the most powerful tools that you can give a cyber hunter are telemetry tools — exactly what we provide with SteelCentral," says Berk.   

NetProfiler Advanced Security Module also provides access to threat feeds, analyst-generated information about potential threats that may or may not mean your network has been compromised. Alerts provide you with resources to learn more and the links to investigate potential vulnerabilities in your environment that will help guide your cyber hunting. They're also a great way to stay up to date on interesting and changing patterns of traffic on the Internet that, whether they're malicious or benign, the operator should be aware of.

Figure 3. Threat feeds keep you up to date on the latest cyber menaces

"When you're using the SteelCentral tool suite and empower it with Advanced Security Module, you catch problems by looking at all the measurement points," says Berk. "You look at the host, you look at the packets, you look at the flows. You are taking a comprehensive view of the entire environment from many different vantage points, and you will start to make out details that cannot be found with point solutions alone."

Get Advanced Security Module, and get it tuned up

To learn more about Advanced Security Module, check out the product page on Riverbed's website. And if you choose to deploy Advanced Security Module, Riverbed will help you tune and customize it for your network's needs. "We’re providing you with a high precision, high tech piece of weaponry," says Berk. Riverbed is committed to helping you get the most out of it.