How Can I Reduce Network Security Risk – Part 2
Step 2 of reducing network security risk is about finding intrusions on your network and quickly remediating those issues. The faster you find the problem, the safer you are. This is extremely important as the Ponemon Institute finds every year that it takes way too long to identify breaches on the network. For example, the 2021 Ponemon Institute Cost of A Data Breach report found that it took businesses an average of 287 days to identify and contain a data breach. This is over 2/3 of a year – which is plenty of time for a bad actor to find what they want and then exfiltrate that data.
While part 1 of the plan is to prevent as many intrusions as possible, SOMETHING is going to unfortunately make it past your defenses. Call it Murphy's law, call it Chaos Theory, call it whatever you want but something unpleasant is going to happen – whether you know it or not. This is when you need threat hunting activities.
However, for any threat hunting tool to be effective, it needs to see ALL of the data. Seeing part(s) of the data isn't good enough. The tool needs everything, or it will miss intrusions. This is why you need to deploy taps at critical points across your network and then aggregate and filter that content so that your security tools (IDS, DLP, SIEM, etc.) get exactly the right data at the right time so that they properly flag any anomalies or suspicious activities. The tap and packet broker combination give you the visibility you need so that your security tools are as successful as possible.
At the same time, you also need lossless visibility. You don't want to add just any packet broker. Depending upon their design, some packet brokers drop packets – i.e. they "lose" data. You could be missing up to 60% of your security threats and not even know it.
One fundamental reason is the way data is processed. A popular method is to use a CPU to process higher end data features, like deduplication. However, the CPU can become overloaded and drop packets, or miss certain types of data packets. This is where you need a packet broker that uses FPGA chips to process the data at line rate. This design decision becomes even more important as network speeds transition from 10GB to 40 and 100GB. Data loss at these speeds becomes a serious architecture vulnerability.
Rest assured, KEYSIGHT taps, bypass switches and NPBs provide the visibility and confidence you need that you are seeing EVERYTHING in your network - every bit, byte and packet. Once you have this level of visibility, threat hunting tools and security information and event management (SIEM) systems can proactively look for indicators of compromise (IOC).
- |
- +1 赞 0
- 收藏
- 评论 0
本文由董慧转载自Keysight,原文标题为:How Can I Reduce Network Security Risk – Part 2,本站所有转载文章系出于传递更多信息之目的,且明确注明来源,不希望被转载的媒体或个人可与我们联系,我们将立即进行删除处理。
相关研发服务和供应服务
相关推荐
Keysight‘s Taps, Bypass Switches, And NPBs Can Help Find Your Security Vulnerability Before Hackers
Keysight Technologies has taps, bypass switches, and NPBs provide the visibility and confidence you need that you are seeing EVERYTHING in your network. They can find your security vulnerability before hackers find it for you.
Keysight‘s TAPS and NPBs Meet NERC CIP Standards For Threat Visibility&Detection for Critical Infrastructure
The NERC Critical Infrastructure Protection (CIP) standards include regulatory elements that make collecting and archiving network traffic more important. This article introduces NERC CIP standards for threat visibility&detection for critical infrastructure.
Keysight Unveils Industrial Visibility Solutions for Electric Utility Market to Meet Monitoring Requirements Worldwide
Keysight announced a new series of Industrial Visibility solutions, which include a network packet broker and taps that enable electric utilities to meet North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) monitoring requirements.
What Can You Do to Strengthen Your Network?
This blog suggested a simple 3-point plan that can strengthen your network, Keysight offers many solutions that could be beneficial.
Total Visibility Anywhere网络分路器提供SPAN端口所不能提供的详细信息
描述- 网络TAPs提供SPAN端口无法提供的详细信息。据国际数据公司(IDC)预测,到2025年,将有416亿个连接的物联网设备产生79.4ZB的数据,年复合增长率(CAGR)为28.7%。随着复杂性的增加,可见性需求也随之提高。TAPs与SPAN的比较显示,TAPs不会改变或修改数据,不会中断数据流,也不会对交换机造成压力,同时提供可扩展性。而SPAN可能导致数据丢失和交换机资源减少,且不可扩展。TAPs通过允许查看100%的网络流量,提供有效的可见性。
Flex Tough Taps:Keysight工业解决方案数据表
型号- RK-TPAT-8TAP-T,TPT-MM-LC-OM1-70-4-T,955-0176,TPT-MM-LC-OM5-70-4-T,955-0175,TPAT-CU3-T
Keysight Technologies(是德科技) UCM3070 Boundary Scan Module for the Keysight(是德科技) Utility Card
描述- UCM3070是一款针对Keysight Technologies, Inc. Utility Card设计的边界扫描控制器,适用于Keysight *Medalist* i3070系列5在电路测试(ICT)系统。该控制器基于GOEPEL SCANBOOSTER架构,具有两个独立的电压和阻抗可编程测试访问端口(TAPs)、2 x 4并行接口端口(PIPs)用于快速I/O信号、两个模拟I/O通道、USB2.0高速接口,无需额外外部电源。它还提供信号适配功能和DLL,允许通过BT-Basic软件进行控制。
型号- UCM3070
TAPS快速参考指南
描述- 本资料为网络测试设备Ixia的快速参考指南,主要介绍了网络测试中的网络分路器(Taps)和旁路开关(Bypass Switches)。网络分路器提供对网络流量的永久访问,而旁路开关则在工具故障时提供安全保护,自动重定向网络流量。资料详细列出了不同型号的分路器和旁路开关的规格、性能参数和订购信息,并提供了相关链接以便用户获取更多信息。
型号- 705-0014-001,IBPDUO-1X10-LR,TP-100-LR-85-60,IBP-8000,DUO-PWRAC,TPX-10-SR-50-60,TPVHD-100-LR-85-50,TP-PSM4-85-70-MTP,TP-1-SX-50-50,TPPCH-100-LR-85-70,TP-1-SX-50-90,IBP100G-DCPS,IBPVHD-CH-DC,RK-FLEX-ID-24,TPPCH-10-SR-50-70,DBM-250,TPVHD-10-SR-50-50,TPX-40-SR-50-50-MTP,IBPVHD-PWR-DC,MIBP100G-LR4,IBPDUO-1X10-SR,705-0012-0001,705-0012-001,DBM-100,RK-8V2-BPL,DUO10G-VHD-FAN-ASSY,TPVHD-100-LR-85-60,DBM-300,TPX-10-SR-50-50,I2BP-40G-SR-50-Q,TPX-40-SR-50-70-MTP,TP-1-SX-50-80,IBP100G-CH-AC,TP-100-LR-85-70,TPVHD-10-SR-50-60,TPX-40-SR-50-50-BD,IBPVHD-PWR-AC,RK-FLEX-24,IM-21-BYP,TPX-10-SR-50-80,TPPCH-100-LR-85-50,IBPDUO-2X10-SR,TP-1-SX-50-70,TPVHD-100-LR-85-70,IBP100G-CH-DC,LIC-IM-21-AR,TPPCH-10-SR-50-50,TPX-100-SR-50-50-MTP,TP-100-LR-85-80,TPVHD-10-SR-50-70,IBP-8000-DC,IBPDUO-2X10-LR,RK-8V2,TP-100-LR-85-50,TP-40-SR-50-70-MR4,RK-FLEX-8,IBP100G-ACPS,TPS-100-LR-85-50,TPX-10-SR-50-70,MIBP100G-SR4,TP-1-SX-50-60,IM-21-BATT,DBM-200,MTP-SM-Y- CBL,IBP100G-FAN-ASSY,TP-100-LR-85-90,IBPVHD-CHONLY-AC,TPX-100-SR-50-70-MTP,IBPVHD-CH-AC
Ixia Flex Taps技术概述
型号- TP-PACK-24-SM70,RK-FLEX-24,TP-PACK-24-SM50,TP-PACK-16-MM70,TP-100-LR-85-60,TP-PACK-16-SM70,TP-1-SX-62-80,TP-PACK-16-SM50,TPX-10-SR-50-80,TPX-10-SR-50-60,OS1,TP-1-SX-50-70,TP-1-SX-50-50,OS2,OM1,TP-1-SX-50-90,OM3,OM2,OM4,TPX-100-SR-50-50-MTP,TPX-40-SR-50-50-MTP,TP-1-SX-62-60,TP-100-LR-85-80,TP-100-LR-85-50,TP-1-SX-62-70,TP-1-SX-62-90,TPX-10-SR-50-70,TPX-10-SR-50-50,TP-1-SX-50-60,TPX-40-SR-50-70-MTP,TP-1-SX-50-80,TP-PACK-24-MM50,TP-PACK-24-MM70,TP-100-LR-85-90,TP-1-SX-62-50,TPX-40-SR-50-50-BD,TP-PACK-16-MM50,TP-100-LR-85-70,TPX-100-SR-50-70-MTP
光纤分接头常见问题
描述- 本资料主要针对Ixia Flex Taps的常见问题进行解答,包括连接方式、兼容性、安装和性能等方面。内容涵盖MTP连接器类型、Y电缆的使用、模块安装、BiDi链路、100G接口连接、波长支持、MTP电缆极性要求、非对称速度支持、聚合/再生Taps的 Inline和SPAN端口区别、铜Taps的零延迟特性等。
Keysight(是德科技)网络可视化产品选型指南
目录- Network Visibility Products Introduction Network Packet Brokers Bypass Switche Network Taps Cloud Visibility Visibility Central Management
型号- VISION EDGE OS,VISION 400,VISION EDGE 1S,VISION EDGE 10S,VISION EDGE 100,IBYPASS 100G,VISION 7816,VISION EDGE 40,VISION X,VISION ONE,VISION E400S,IBYPASS VHD,IBYPASS DUO,TRADEVISION,IBYPASS 4 COPPER
现货市场
服务
提供是德(Keysight),罗德(R&S)测试测量仪器租赁服务,包括网络分析仪、无线通讯综测仪、信号发生器、频谱分析仪、信号分析仪、电源等仪器租赁服务;租赁费用按月计算,租赁价格按仪器配置而定。
提交需求>
朗能泛亚提供是德(Keysight),罗德(R&S)等品牌的测试测量仪器维修服务,包括网络分析仪、无线通讯综测仪、信号发生器、频谱分析仪、信号分析仪、电源等仪器维修,支持一台仪器即可维修。
提交需求>
授权代理品牌:集成电路
授权代理品牌:分立元件
授权代理品牌:接插件及结构件
授权代理品牌:部件、组件及配件
授权代理品牌:电源及模块
授权代理品牌:电子材料
授权代理品牌:仪器仪表及测试配组件
授权代理品牌:电工工具及材料
授权代理品牌:机械电子元件
授权代理品牌:加工与定制
我要提问
登录 | 立即注册
提交评论