You can’t monitor what you can’t see — best practices for security monitoring

Most local and state governments have made significant investments in network security technologies and tools over the past decade. And given the greatly increased awareness of vulnerabilities, media coverage of attacks with financial impact, hacktivism, and the consumerization of IT, investments in security technology have become high priority. Today, the most common approach to network security is to focus on policy, training, tools and technologies to protect the network.

However, today’s IT organizations need a dynamic approach to defending the network — one that uses awareness and automation to provide visibility and context while constantly adapting to new threats, new vulnerabilities, and everyday network changes. These new solutions are powerful; however, they are only as good as the network data they receive for analysis. Thankfully, a new technology can help — the network-monitoring switch.

The network-monitoring switch is an innovation in network management and monitoring that allows security technologies to get the right data at the right time. It provides visibility to the entire network, rather than a myopic and potentially distorted view of a subset of the network. Network-monitoring switches provide complete network visibility by aggregating, filtering, and replicating traffic so all security tools (such as intrusion detection systems, malware analyzers, forensic recorders and web monitors) get the data they need. As such, it is imperative that local and state governments use comprehensive visibility solutions — a network-monitoring switch combined with a security tool — for advanced threat protection. Network security administrators should ensure their solution meets the following criteria:

• Real-time Contextual Awareness — The solution should be able to see and correlate extensive amounts of event data related to IT environments — applications, users, devices, operating systems, vulnerabilities, services, processes, network behaviors, files and threats;

• Intelligent Security Automation — Automated event impact assessment, IPS policy tuning, policy management, network behavior analysis and user identification will be important to significantly lower the total cost of ownership and enhance the ability to keep pace with changing environments;

• Performance and Scalability — Appliances must incorporate a low-latency, single-pass design for unprecedented performance and scalability; and lastly,

• Granular Access Control — Information from the collective network, which could amount to a “keys to the kingdom” scenario, is important for an integrated approach to secure access to network data. By integrating into the existing network security management infrastructure, users can access the control panel and see which resources they can view or modify.

Network-monitoring switches empower security professionals working in governments to get the data they need to their security analysis tools to meet security requirements. This provides critical network visibility, and timely and accurate network data needed to perform analysis, plus a host of additional benefits. If you have any questions about the solutions available, please email me at [email protected].

John Delfeld is director of strategic business development at Calabasas, Calif.-based Ixia. The company offers products that test, assess and optimize networks and data centers to accelerate and secure application delivery. It provides converged IP network validation and network visibility solutions.