Thursday, March 10, 2016

What European Soccer Can Teach Us About Defending the Network

Real Madrid, the star of European soccer, is one of the best teams in the world and as such, attracts top talent from all over the planet. The team won the most coveted club trophy, the Champions League, ten times. However, the road to glory has been a bumpy one and, within their failures, there are lessons for network security professionals.

Real Madrid won its 9th Champions League trophy in 2002 largely thanks to its defensive midfielder Claude Makelele. He left the team the following year and Real Madrid, unable to acquire an adequate replacement, didn’t win the trophy again until 2014 after they finally found the world-class replacement in Xabi Alonso.

Why were Real Madrid’s defensive midfielders so critical to the team’s success and why are they relevant to defending the network? The defensive midfielder’s job is to break up the other team’s attacks, win the ball back and pass it to his offensive players so they can score. They have the skills and the right perspective on the field to provide visibility to the whole team. Coincidentally, visibility is one of the defining features of a mature security posture and key to enhancing cybersecurity capabilities.

Combining a comprehensive traffic delivery strategy with advanced security capabilities creates a pervasive defense system against a broad range of attacks.

A mature cyber-security approach takes into account both the internal enterprise network and the external world of threats; they are dynamic environments that are always evolving. Therefore, protection requires a dynamic security architecture built-in – not added after the fact. It advocates for combinations of security solutions. Some of the most common mixes are:

  • Active inline network analysis
  • Passive, out of band network forensics
  •  Active payload analysis

For this architecture to be effective, it needs to have access to all traffic that moves through the network, and it should be flexible enough so that changes can be made at a moment’s notice. Even today, most network changes are done during a maintenance window, when the volume of traffic is low and the threat of disrupting the business is small. However, imagine a world where, as a network administrator or security professional, you are able to have visibility into all network traffic, and enhance and modify your security infrastructure without any disruptions to the business. This is the promise that unified visibility, enabled by the VSS Network Packet Brokers (NPBs), can deliver on for an organization.

The NPBs aggregate traffic from various network links creating a Unified Visibility Plane. It allows organizations to collect relevant traffic from many locations at speeds from 1Gbps to 100Gbps and deliver it to a centralized security architecture that inspects and analyzes the traffic, generating alerts and possibly blocking traffic in real time. Additionally, it allows the network operator to construct a chain of security devices which inspect network traffic in sequence. Only the traffic of interest is sent to each security device. 

Imagine being able to deploy inline, active, real-time security inspection without any risks to the network performance (no more worries about being fired because of a network outage!). Imagine being able to constantly exercise the application stack of a security system so you know it is working as expected. Go beyond simple pings telling you if the security system’s port is up or down – they are insufficient in a world of real-time traffic inspection.

Network and security professionals have been fighting an uneven match with cyber-criminals. While the “bad guys” can change weapons in a matter of minutes, you, in most cases, have to wait for maintenance windows to upgrade your architecture. This results in a belated modification, and, perhaps worse, an irrelevant one. What makes this battle a more even one is a mature cyber-security posture based on pervasive visibility.

The VSS ActiveProtection Suite and the Unified Visibility Plane deliver these benefits, and more. Now network administrators, like soccer coaches, can adjust their arsenal in real time without having to worry about disrupting the flow of the game or the business operations of the company. Just like Real Madrid’s all-star midfielders, a Unified Visibility Plane provides visibility to all traffic and allows security systems to do what they do best: inspect and block potentially malicious traffic while other systems search for threats inside the network. 

Not a bad world to live in, don’t you think?

Learn how VSS can help you be the best midfielder on your security team. Support multiple layers of defense without risk to network performance or network uptime with our inline tool-chaining capability. See the on-demand demo.

No comments:

Post a Comment

Thank you for reading and for your comments. For product or solution inquiries, please visit