Inspecting SSL Traffic

A delicate balancing act is taking place on networks globally. It is the balance between applying strong protective measures to keep data safe and unintentionally concealing new IT security vulnerabilities. And it all centers on SSL (Secure Socket Layer) encryption. Just as SSL encryption protects certain details of a transaction, it can also conceal and protect malicious cyberthreats. This means it is essential for organizations to decrypt and inspect SSL traffic, to be sure it is not being used to propagate malware.

This paper describes the current state of SSL traffic inspection and how organizations can gain full visibility into what is happening in their networks and mission-critical applications.

What You’ll Learn:

  • ​What is SSL encryption, and why should organizations take it more seriously?
  • Why is network visibility so essential is this context?
  • What are the most tangible threats, and threat indicators?
  • What performance problems exist for firewalls, antivirus, antibot and application monitoring tools?

Download the White Paper from Ixia on Inspecting SSL Traffic below to learn more



 Thanks to Ixia for this article

Ixia Special Edition Network Visibility For Dummies

Advanced cyber threats, cloud computing, and exploding traffic volume pose significant challenges if you are responsible for your organization’s network security and performance management. The concept of ‘network visibility’ is frequently introduced as the key to improvement. But what exactly is network visibility and how does it help an organization keep its defenses strong and optimize performance? This e-book, presented in the straight-forward style of the For Dummies series, describes the concept from the ground up. Download this guide to learn how to use a visibility foundation to access all the relevant traffic moving through your organization and deliver the information you need to protect and maximize customer experience.

Download your free copy of Ixia’s Special Edition of Network Visibility for Dummies E-Book below

Thanks to Ixia for this article and content.



Ixia Has Your Secret Weapon Against SSL Threats

It has finally happened: thanks to advances in encryption, legacy security and monitoring tools are now useless when it comes to SSL. Read this white paper from Ixia, to learn how this negatively impacts visibility into network applications, such as e-mail, e-commerce, online banking, and data storage. Or even worse, how advanced malware increasingly uses SSL sessions to hide, confident that security tools will neither inspect nor block its traffic.

  • ​Consider the following challenges:
  • Visibility into ephemeral key traffic
  • Coping with CPU-intensive encryption and decryption tasks
  • Chaining and handling multiple security tools
  • Meeting the demands of regulatory compliance

The very technology that made our applications secure is now a significant threat vector. The good news is, there is an effective solution for all of these problems. Learn how to eliminate SSL related threats in this white paper.

Thanks to Ixia for this article

Private Cloud: The ABCs of Network Visibility

Cloud computing has become the de facto foundation for digital business. As more and more enterprises move critical workloads to private and public clouds, they will face new challenges ensuring security, reliability, and performance of these workloads. If you are responsible for IT security, data center operations, or application performance, make sure you can see what’s happening in the cloud. This is the first of two blogs on the topic of cloud visibility and focuses on private cloud.

VISIBILITY CHALLENGES

If you wondering why cloud visibility is important, consider the following visibility-related concerns that can occur in private cloud environments.

1. Security blind spots. Traditional security monitoring relies on intercepting traffic as it flows through physical network devices. In virtualized data centers and private clouds, this model breaks down because many packets move between virtual machines (VMs) or application instances and never cross a physical “wire” where they can be tapped for inspection. Because of these blind spots, virtual systems can be tempting targets for malicious breaches.

2. Tools not seeing all relevant data. The point of visibility is not merely to see cloud data, but to export that data to powerful analytics and reporting tools. Tools that receive only a limited view of traffic will have a harder time analyzing performance issues or resolving latency issues, especially as cloud traffic increases. Without access to data from cloud traffic, valuable clues to performance issues may not be identified, which can delay problem resolution or impact the user experience.

3. Security during data generation. Some organizations may use port mirroring in their virtualization platform to access traffic moving between virtual machines. However, this practice can create security issues in highly-regulated environments. Security policies need to be consistently applied, even as application instances move within the cloud environment.

4. Complexity of data collection. With multiple data center and cloud environments, gathering all the relevant data needed by security and monitoring tools becomes complex and time-consuming. Solutions that make it easy to collect traffic from cloud and non-cloud sources can lead to immediate operational savings.

5. Cost of monitoring in the data center. The total cost of a private cloud will rise with the volume of traffic that needs to be transported back to the data center for monitoring. The ability to filter cloud traffic at its source can minimize backhaul and the workload on your monitoring tools.

CLOUD VISIBILITY USE CASES

Given these issues, better visibility can provide valuable benefits to an organization, particularly in:

Security and compliance: Keeping your defenses strong in the cloud, as you do in the data center, requires end-to-end visibility for adequate monitoring and control. Packets that are not inspected represent unnecessary risk to the organization and can harbor malware or other attacks. Regulatory compliance may also require proof that you have secured data as it moves between virtual instances.

Performance analytics: As with security, analysis is dependent on having the necessary data—before, during, and after cloud migration. Your monitoring tools must receive the right inputs to produce accurate insights and to quickly detect and isolate performance problems.

Troubleshooting: If an application that runs in your virtual data center experiences an unusual slow-down, how will you pinpoint the source of the problem? Packet data combined with application-layer intelligence can help you isolate traffic associated with specific combinations of application, user, device, and geolocation, to reduce your mean-time-to-resolution.

In each of these areas, you need the ability to see all of the traffic moving between virtual resources. Without full visibility to what’s happening in your clouds, you increase your risk for data breaches, delays in problem resolution, and loss of productivity or customer satisfaction.

VISIBILITY SOLUTIONS

 So, if cloud visibility is essential to security and application performance, what can you do to address the blind spots that naturally occur? Here are a few things to look for:

Virtual Taps 

Tapping is the process of accessing virtual or cloud packets in order to send them to security and performance monitoring tools. In traditional environments, a physical tap accesses traffic flowing through a physical network switch. In cloud environments, a virtual tap is deployed as a virtual instance in the hypervisor and:

  • ​Accesses all traffic passing between VMs or application instances
  • Provides basic (Layer 2-4) filtering of virtual traffic

For maximum flexibility, you should choose virtual taps like those in Ixia CloudLens Private that support all the leading hypervisors, including OpenStack KVM, VMware ESXi/NSX, and Microsoft Hyper-V and are virtual switch agnostic.

Virtual Packet Processors 

Packet processing is used for more advanced manipulation of packets, to trim the data down to only what is necessary, for maximum tool efficiency. Look for solutions that provide data aggregation, deduplication, NetFlow generation, and SSL decryption. Ixia CloudLens Private packet processing can also do more granular filtering using application intelligence to identify traffic by application, user, device, or geolocation. You can do advanced packet processing using a physical packet broker by transmitting your cloud data back to the data center. Teams that already have physical packet brokers in place, or are new to monitoring cloud traffic, may choose this approach. Another approach is to perform advanced packet processing right in the cloud. Only Ixia offers this all-cloud solution. With this option, you can send trimmed data directly to cloud-based security or analysis tools, eliminating the need for backhaul to the data center. This can be an attractive option for organizations with extremely high traffic volume.



Common Management Interface

Deploying cloud is complicated enough without having to worry about how to get an integrated view across physical and virtual traffic. Ixia’s CloudLens solution provides a comprehensive graphical view of all your network traffic, from all sources. With the power of application intelligence, the Ixia dashboard can tell you where all your traffic is coming from, which applications and locations are the most active, and which operating systems and devices are on the network—valuable information for performance management.

SUMMARY

 As you move more workloads to private cloud environments, be sure to consider a visibility solution that will let you access and visualize your cloud traffic. Don’t let blind spots in your network result in security breaches, application bottlenecks, or dissatisfied users.

Thanks to Ixia and author Lora O’Haver for this article.

Ixia’s new hyperscale visibility with cost effective pricing

Vision Edge 100 & Vision Edge 40


Ixia Vision Edge 40

Vision Edge 40

​Expanding your hyperscale data center? Adding microscale data centers to provide a better experience for end users? Be sure to see everything, in every cluster—whether it is a part of your core infrastructure or a remote site—with the latest in Ixia’s Vision Portfolio of network packet brokers (NPBs). Ixia has expanded the company’s growing visibility portfolio of NPBs with Vision Edge 40 (10/40G platform) and Vision Edge 100 (100G platform). 

These new cost-effective and scalable solutions help IT teams supporting hyperscale and microscale data centers, resolve application performance bottlenecks, trouble shoot problems, and improve data center automation, as well as better utilize network analysis and security tools. Ixia’s Vision portfolio of NPBs provides intelligent, sophisticated, and programmable network flow optimization, delivering comprehensive visibility and security coverage. The new Vision Edge 40 and Vision Edge 100 offer real-time visibility, insight, and security into high density hyperscale and microscale data centers, even as they expand. Each is capable of inline and out-of-band deployments, and delivers control, coverage, and performance to protect and improve crucial networking, data center, and cloud business assets. 


Ixia Vision Edge 100

Vision Edge 100

​Key Points of Vision Edge 40 and Vision Edge 100:

  • Extend visibility and security coverage everywhere it is needed 
  • Quickly resolve application performance issues, troubleshoot problems, and improve data center automation 
  • Better utilize expensive network analysis and security tools to improve understanding hyperscale and microscale data center networks

Vision Edge 40 and Vision Edge 100 offer the following customer benefits:

  • Ease-of use 
  • Point-and-click web-interface offers an intuitive network-to-tools layout, enabling users to easily translate to real-life physical configurations
  • 3-stages of filtering: ingress, dynamic, and egress; naturally providing a built-in capability for AND/OR logic, and simplifying configuration of complex Boolean filtering rules 

Performance

  • ​Top of the rack aggregation supported at the required throughput eliminates blind spots
  • Multi-speed capability, can be used for initial deployments and scaled for the required throughput 

Visibility Intelligence 

  • Dynamic filter compiler auto-resolves overlapping filter rules to help eliminate errors
  • Aggregation, replication, load balancing, and source port labeling helps ensure tools get the right data at the right speed

“IT management will appreciate the flexibility and agility of Vision Edge 40 and Vision Edge 100,” says Recep Ozdag, VP of Product Management at Ixia. “They can build a data-center at any size, and leverage a standalone NPB that does everything they need right out of the box, while also having the best balance of features and value, which is crucial for managing an efficient and cost effective IT operation.”


Learn more about Ixia, and Vision Edge 40 and Vision Edge 100 today

Thanks to Ixia and AMPDigest.com for this article and information.