Page 12 - CDM-Cyber-Warnings-March-2014
P. 12
to existing tools. This reduces tool costs and eliminates unnecessary connections while maintaining the failsafe characteristics of a passive tap. Even with all the publicity of data heists and cyber-attacks, there are many businesses across the globe that lack the ability to detect security breaches to their networks within minutes. Some organizations leave the intrusion access point open for days, allowing masses of data to leak out. Ask yourself, even in a two-minute breach, how much valuable information could be lost, stolen, or altered at your company? There is a regular stream of examples to draw from. Equifax is the oldest of the three largest American credit agencies. Equifax gathers and keeps data on more than 400 million credit holders around the world. Chances are, if you are over the age of 18, Equifax has you – and all the data a hacker needs to create serious harm – on file. So it was a big deal when Equifax acknowledged it had been hacked. This sends a clear message to businesses, governments and institutions of all sizes: If it can happen to a company as security conscious as Equifax – then every enterprise is similarly vulnerable. It is vital to maintain 100-percent visibility of all entry and exit points in a data network. As with a home security system, it does little good to put a detection device on the front door but not secure the windows, garage and back doors, and the outside door to the basement, or to leave the home security system turned off. The Case for Advanced Monitoring Services As data centers grow to accommodate Big Data, they will raise their bandwidth past 10G to 40G or even 100G. Advance monitoring features are key to network security, and can help your network manage explosive traffic growth. Network monitoring services such as data rate conversion, filtering, packet deduplication, packet slicing and load balancing can be leveraged to manage big data before it reaches the network monitoring and security tools. This allows the tools to process and analyze the right data, in real time and ease the load on critical tools – all without dropping critical packets. The aggregation process also effectively enables you to make the most of your existing 1G tools even as the network grows to 10G / 40G capacity. With terabytes of data traversing business networks daily, engineers need a new technique that defines filters in three stages to provide virtually unlimited flexibility in filtering and ease the load on monitoring tools. Advanced packet filtering enables maximum flexibility and control of data from multiple sources heading to multiple destinations. Packet slicing provides numerous security benefits including the removal of sensitive customer data such as credit card numbers, social security numbers and account information embedded within packets destined for monitoring tools. It can also discard packet payload information sent to IDS tools to reduce overall data volume, increase IDS tool performance, enhance network visibility and save scarce budget resources. " # % " $ " # ! !
