Search form

Upcoming Webinars

Eradicate service outages and performance issues from your network with OpManager
April 23, 2024
Master Class: Optimizing CX through 4 Pillars of Internet Resilience
May 01, 2024

On-Demand Webinars

Avoid Observability Failure: Hybrid Enterprises Must Complement APM with Internet Performance Monitoring
Observability Trends: Key Considerations for Modern Observability
Navigating Today's I&O Landscape: Leveraging Cloud, Hyper-Convergence and Observability
Master Class: Monitoring from Your Users' Perspective
2024 Tech Trends: 10 Predictions for Tomorrow's IT Evolution
The SRE Report 2024: What the Charts Don't Tell You
2024 Security Trends: How Generative AI Is Changing the Threat Landscape
Getting the Most Out of Elastic Observability & New Features
Tales from the trenches: Security leaders share insights on protecting higher education
The Impact of AIOps and GAI on Modern Observability
Countering Internet Complexity with AI-Powered Internet Performance Monitoring
Maximizing Customer Lifetime Value: Transforming Ecommerce with AI-Powered Search
AI Meets Search: Powering a New Generation of Insights
Behind the Scenes: Rocket Lawyer's Secret Sauce for Uninterrupted Digital Legal Services
3 Tips to Supercharge Your Application Tracing
What's New at Catchpoint! Fall 2023 Product Launch Event
Demo of Internet Sonar: From Disruption to Instant Detection
Harnessing the Power of Generative AI in Retail
Expert Insights: Navigating Outages Like a Pro
What's New in Application Monitoring: Maximizing Operational Efficiency with Enhanced Performance Insights
Preventing Outages: Implement an Internet Performance Monitoring Plan
Don't Get Lost in the Cloud
SOLD IN 6 SECONDS: Formulas to Fast & Friction-Free E-commerce
Supercharge Your IT Resources
Automate and Save Time
Maximize Shareholder Value with Internet Resilience
Building & Monitoring Lighting Fast, Cloud Native Payment Experiences
Getting the Most Out of Elastic Observability & New Features
Preventing Outages: Map Your Internet Stack
May 2023 Product Launch: Learn about Catchpoint's New Capabilities

All Webinars...

Analyst Reports

Modern Enterprises Must Boost Observability with Internet Performance Monitoring
GigaOm CxO Decision Brief: Internet Resilience, May 2023
2023 Gartner Critical Capabilities for APM and Observability
Forrester Opportunity Snapshot: Increase Revenue with Internet Performance Monitoring

All Analyst Reports...

White Papers

Synthetic monitoring 101: A comprehensive guide to synthetic monitoring
Beyond deployment: The ongoing challenges in application performance monitoring implementation
How Is IPAM Simplifying Modern Networking?
The Elastic Generative AI Report
The 2024 Observability Landscape — a survey of observability decision-makers
Database Monitoring for Beginners: 6 Steps to Get You Started
6 Best Practices for Application Performance Monitoring
Visibility, Scalability, Security: Why IPAM Is the Cornerstone of Robust Data Centers
The SRE Report 2024
Real-Time Server Traffic Monitoring: Benefits, Best Practices and NetFlow Analyzer
Key Considerations When Choosing the Right Application Performance Monitoring Tool for Your Business
Apache Cassandra Monitoring: Challenges and Solutions
2024 State of IT Operations Report: Journey to Agility
Streamlining Configuration Management: Unleashing the Power of OpManager's Module
OpenShift Monitoring: Five Crucial Elements to Look Out for
Apache Tomcat Monitoring Made Easy with Applications Manager
End-User Experience Monitoring: Its Meaning, Importance, and Best Practices
5 Steps to Improve Website Performance
Learn the Importance of Network Backup Tool
IT Budgeting Amid a Challenging Macroeconomic Climate
Network Configuration Manager as an Add-On to OpManager
State of ITOM in 2023
The 2023 State of IT Operations Report
Going Beyond Plain Virtualization Monitoring
Preventing Outages in 2023: What We Learned from Recent Failures
Integrated Performance Management for Physical, Virtual & Cloud Infrastructure
Best Ways to Map Impact of Application Performance Issues on Business Goals
Hybrid Cloud Monitoring: Fundamental Driver of Efficiency in Hybrid Clouds
Quick Tips: Network and Application Infrastructure Checklist for the “Work From Home” Admin
Application Management Solutions for Enterprises

All White Papers...

Visibility is Security
May 16, 2018

Keith Bromley
Ixia

Share this

While security experts may disagree on exactly how to secure a network, one thing they all agree on is that you cannot defend against what you cannot see. In other words, network visibility IS network security.

Visibility needs to be the starting the point. After that, you can implement whatever appliances, processes, and configurations you need to finish off the security architecture. By adopting this strategy, IT will acquire an even better insight and understanding of the network and application performance to maximize security defenses and breach remediation.

One easy way to gain this insight is to implement a visibility architecture that utilizes application intelligence. This type of architecture delivers the critical intelligence needed to boost network security protection and create more efficiencies.

For instance, early detection of breaches using application data reduces the loss of personally identifiable information (PII) and reduces breach costs. Specifically, application level information can be used to expose indicators of compromise, provide geolocation of attack vectors, and combat secure sockets layer (SSL) encrypted threats.

You might be asking, what is a visibility architecture?

A visibility architecture is nothing more than an end-to-end infrastructure which enables physical and virtual network, application, and security visibility. This includes taps, bypass switches, packet brokers, security and monitoring tools, and application-level solutions.

Let's look at a couple use cases to see the real benefits.

Use Case #1 – Application filtering for security and monitoring tools

A core benefit of application intelligence is the ability to use application data filtering to improve security and monitoring tool efficiencies. Delivering the right information is critical because as we all know, garbage in results in garbage out.

For instance, by screening application data before it is sent to an intrusion detection system (IDS), information that typically does not require screening (e.g. voice and video) can be routed downstream and bypass IDS inspection. Eliminating inspection of this low-risk data can make your IDS solution up to 35% more efficient.

Use Case #2 – Exposing Indicators of Compromise (IOC)

The main purpose of investigating indicators of compromise for security attacks is so that you can discover and remediate breaches faster. Security breaches almost always leave behind some indication of the intrusion, whether it is malware, suspicious activity, some sign of other exploit, or the IP addresses of the malware controller.

Despite this, according to the 2016 Verizon Data Breach Investigation Report, most victimized companies don't discover security breaches themselves. Approximately 75% have to be informed by law enforcement and 3rd parties (customers, suppliers, business partners, etc.) that they have been breached. In other words, the company had no idea the breach had happened.

To make matters worse, the average time for the breach detection was 168 days, according to the 2016 Trustwave Global Security Report.

To thwart these security attacks, you need the ability to detect application signatures and monitor your network so that you know what is, and what is not, happening on your network. This allows you to see rogue applications running on your network along with visible footprints that hackers leave as they travel through your systems and networks. The key is to look at a macroscopic, or application view, of the network for IOC.

For instance, suppose there is a foreign actor in Eastern Europe (or other area of the world) that has gained access to your network. Using application data and geo-location information, you would easily be able to see that someone in Eastern Europe is transferring files off of the network from an FTP server in Dallas, Texas back to an address in Eastern Europe. Is this an issue? It depends upon whether you have authorized users in that location or not. If not, it's probably a problem.

Due to application intelligence, you now know that the activity is happening. The rest is up to you to decide if this is an indicator of compromise for your network or not.

Keith Bromley is Senior Manager, Solutions Marketing at Ixia Solutions Group, a Keysight Technologies business
Share this

Related Links

www.ixiacom.com

Hot Topics

Cybersecurity
Monitoring

The Latest

AI, Security, and Sustainability Are Major Drivers for IT Modernization
April 25, 2024

The use of hybrid multicloud models is forecasted to double over the next one to three years as IT decision makers are facing new pressures to modernize IT infrastructures because of drivers like AI, security, and sustainability, according to the Enterprise Cloud Index (ECI) report from Nutanix ...

The Past, Present and Future of DEX
April 24, 2024

Over the last 20 years Digital Employee Experience has become a necessity for companies committed to digital transformation and improving IT experiences. In fact, by 2025, more than 50% of IT organizations will use digital employee experience to prioritize and measure digital initiative success ...

Cloud Barriers Impact the Bottom Line
April 23, 2024

While most companies are now deploying cloud-based technologies, the 2024 Secure Cloud Networking Field Report from Aviatrix found that there is a silent struggle to maximize value from those investments. Many of the challenges organizations have faced over the past several years have evolved, but continue today ...

Full-Stack Observability in 2024 and the Importance of End-to-End Visibility for IT Teams
April 22, 2024

In our latest research, Cisco's The App Attention Index 2023: Beware the Application Generation, 62% of consumers report their expectations for digital experiences are far higher than they were two years ago, and 64% state they are less forgiving of poor digital services than they were just 12 months ago ...

MEAN TIME TO INSIGHT Podcast - Episode 5: Network Source of Truth
April 19, 2024

In MEAN TIME TO INSIGHT Episode 5, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA discusses the network source of truth ...

Rapid Tech Expansion Creates Chaos for the Majority of Businesses
April 18, 2024

A vast majority (89%) of organizations have rapidly expanded their technology in the past few years and three quarters (76%) say it's brought with it increased "chaos" that they have to manage, according to Situation Report 2024: Managing Technology Chaos from Software AG ...

IT Trend: Growing Need for Automation
April 17, 2024

In 2024 the number one challenge facing IT teams is a lack of skilled workers, and many are turning to automation as an answer, according to IT Trends: 2024 Industry Report ...

Cloud-Native Technologies Produce Explosion of Data Beyond Human Ability to Manage
April 16, 2024

Organizations are continuing to embrace multicloud environments and cloud-native architectures to enable rapid transformation and deliver secure innovation. However, despite the speed, scale, and agility enabled by these modern cloud ecosystems, organizations are struggling to manage the explosion of data they create, according to The state of observability 2024: Overcoming complexity through AI-driven analytics and automation strategies, a report from Dynatrace ...

Challenges and Trends in Observability Adoption 2024
April 15, 2024

Organizations recognize the value of observability, but only 10% of them are actually practicing full observability of their applications and infrastructure. This is among the key findings from the recently completed Logz.io 2024 Observability Pulse Survey and Report ...

Calling for a New Era of Digital Observability: The Imperative for Comprehensive Internet Performance Monitoring
April 11, 2024

Businesses must adopt a comprehensive Internet Performance Monitoring (IPM) strategy, says Enterprise Management Associates (EMA), a leading IT analyst research firm. This strategy is crucial to bridge the significant observability gap within today's complex IT infrastructures. The recommendation is particularly timely, given that 99% of enterprises are expanding their use of the Internet as a primary connectivity conduit while facing challenges due to the inefficiency of multiple, disjointed monitoring tools, according to Modern Enterprises Must Boost Observability with Internet Performance Monitoring, a new report from EMA and Catchpoint ...