Security and service assurance engineers sometimes seem to speak a different language. They look at the computer and network systems they are responsible for from different perspectives. The monitoring fabrics for each function are often completely separate. These dual packet monitoring systems create a “Tower of Babel” scenario, whereas security and security assurance engineers cannot understand each other even when they need to look at the same data.
When a security event happens, security engineers may have a challenge asking for information from network engineers, because their systems use different terminology. And when these teams do connect, network engineers will talk about network visibility from a different perspective, making it difficult to provide effective support to the security team. Even when the both organizations have access to complete and relevant data, it is common to fail to connect the dots resulting in delayed validation of threats and subsequent response.
Security problems can often create network anomalies that can be detected by the service assurance teams monitoring traffic. When the visibility layer is unified, network security professionals can get early indicators of security concerns from the evidence of performance degradation seen by the service assurance engineers.
NETSCOUT solves the visibility problem with its Packet Flow Operating System (PFOS™), the software layer that turns a network switch into a packet broker. PFOS now includes security workflows—removing this roadblock. NETSCOUT uses the same operating system across its packet flow switch portfolio, powering the open compute packet brokers as well as its high-density chassis models that offer advanced functions, such as deduplication and masking. PFOS adapts and delivers functionality according to the platform. When security and IT teams use the same PFOS software running on the same hardware, they can collaborate easier since they can “speak the same language.”
Under a unified visibility architecture, security and security assurance teams get a holistic view of the network which will also increase the accuracy of problem detection. Lower false positives and negatives during the troubleshooting process increase the efficiency of both teams.
Now that PFOS combines both security and service assurance visibility, there is no need to build out independent overlay monitoring networks. The same hardware and software can be used for both tasks. And if you’ve already invested in a large-scale service assurance packet monitoring network, your investment is safe. All that’s needed is to add bypass taps for servers that need inline traffic access and set up the security workflows with PFOS.
Unified visibility is “smarter visibility.” You get:
- Better collaboration between security and service assurance operations
- Faster and more accurate detection of both security and service assurance issues
- Faster and better response time for issues
- The ability to integrate service assurance alerts and triggers in the future to initiate security measures
- Lower costs (capex & opex) for combined functions
Our partners agree:
“What we find especially attractive about the NETSCOUT approach is that it supports all packet brokering capabilities and applications on open compute-based switches – including inline security. Unifying security and network visibility onto a single platform means substantial capex reduction for our clients. Their teams can also collaborate better thanks to the unified architecture and common operating system.”
—Phil Higgins, chief executive officer, Brookcourt Solutions
When it comes to packet visibility, running separate infrastructure for security and service assurance is not only expensive. It’s inefficient since critical correlation data could be missed. Don’t get stuck in the past. Join the packet broker evolution and see what software makes possible. Visit our learning portal to find out more.
~Written by Peter Vinsel, CTO, Packet Flow Systems Business Unit, NETSCOUT