Fact Sheets

Encrypted Traffic Visibility - 10 Things to Ask Your Vendor

NETSCOUT Fact Sheets

Issue link: https://read.uberflip.com/i/1324969

Contents of this Issue


Page 0 of 1

PA C K E T F L O W S W I T C H l FREQUENTLY A SKED QUES TIONS l This checklist will help you formulate requirements when designing a packet broker network for encrypted traffic visibility and security monitoring. Because comprehensive visibility requires more than a single hardware or software product, we recommend you establish a set of criteria to clarify requirements for your security monitoring solution and to avoid any blind spots. In order to ensure what you are considering meets your requirements, consider these questions: 1. Describe Your Solution for Passive and Active Inline Deployment. Security solutions operate in passive (ex. IDS) out-of-band or active (ex. IPS, WAF) inline mode. Look for a solution supporting both configurations and is capable of performing both positive and negative health checks. Also consider what is required to make security system changes, or to install additional devices. Ensure that this can be done without taking the production network offline. 2. How Do You Ensure Your Architecture Does Not Slow the Production Network and Monitoring Tools? Consider how network performance changes as security monitoring tools are added to the network. Look for a solution that does application level performance checks, so you can ensure that monitoring tools don't introduce unacceptable latency. The solution should also allow to set latency to trigger an action, such as routing around the tool or failing over to a redundant tool, to ensure that security does not become a bottleneck or a single point of failure. 3. Does Your Solution Support 1G, 10G, 40G and 100G Networks? With digital transformation, enterprise networks are quickly migrating to 40G and 100G networks. Ensure the solution can support varying network speeds and traffic patterns without degrading network and security monitoring tool performance. 4. Describe Your Solutions Performance and Scalability? SSL/TLS encryption and decryption require high computing resources. Most solutions do not scale well and become cost prohibitive for enterprise-wide security monitoring, resulting in security blind spots. Look for a solution that operates at line rate, required connections per second with broad set of cypher suites with linear scaling architecture. 5. How Do You Ensure Privacy and Policy Management? SSL/TLS is used primarily to ensure end-to-end security between two end points. Decryption must not compromise the privacy expectations from secure connections. Look for a solution that provides easy-to-use policy management and configuration to ensure security posture is maintained between the end points. Look for the ability to select what traffic is decrypted or bypassed and that no personal data is visible to security monitoring tools in clear text. 6. Does Your Solution Support All Protocols and Applications? SSL/TLS is predominantly used by HTTPS but there are many other protocols such as SMTP, FTP, SIPS and custom applications leverage SSL/TLS for secure communications. These applications could also operate on any TCP port. Ask your provider to ensure their solution can automatically identify and decrypt traffic across all protocols and applications. 7. Does Your Solution Support All SSL/TLS Versions and Cipher Suites? There are several versions of TLS with TLS 1.1 and 1.2 being used widely. TLS 1.3 has been recently introduced for greater security; many organizations are migrating to it. Additionally, there are many cipher suites available for encryption and enterprises select a subset of cipher suites to implement in their systems. Look for a solution that has a broader cipher suite and TLS 1.0-1.3 and SSL 3.0 support. Encrypted Traffic Visibility 10 Things to Ask Your Vendor

Articles in this issue

Links on this page

view archives of Fact Sheets - Encrypted Traffic Visibility - 10 Things to Ask Your Vendor