It is a brave new world for enterprise networks. Smart devices are getting smarter, and edge computing is emerging as a viable way to reduce latency and improve performance. But a rapidly expanding attack surface is raising a scary question: is edge computing threatening user experience and making your network less secure?
NEW TECHNOLOGIES, NEW THREATS
Is edge computing the key to better user experiences or a risky gamble? Are Internet of Things (IoT) devices enterprise enablers or vulnerable footholds for attackers to exploit?
Those are just a couple of the questions network architects ask themselves every day. SD-WAN, IoT, and 5G are pushing the cloud past its limits. As businesses demand faster response times and higher performance, edge computing has emerged as an ideal solution. Everywhere you look, devices, appliances, and branch locations are processing more and more data locally.
But as we trust IoT with more business-critical transactions, are we increasing our vulnerability in the process?
Network perimeters are vanishing, and so are the traditional defenses that once secured them. But your security and performance monitoring tools are still only as good as the data you feed them. Too much noise or too little data can seriously impact their ability to correlate events, identify breaches, and safeguard your end users’ experience.
Unfortunately, capturing that data is more difficult than ever — and edge computing is only making it harder. After all, when data flows no longer pass through your centralized visibility tools, blind spots are bound to occur.
Now that’s the bad news. But it doesn’t need to be that way. The right solution can boost your security and performance monitoring by extending visibility to the edge of your network — protecting your assets, applications, credibility, and bottom line all at once.
Here are four key considerations to help you start:
1. ELIMINATE BLIND SPOTS BY CAPTURING PACKET DATA
When it comes to security, every second counts. In fact, according to a recent study from Ponemon and IBM, companies that can detect and contain a data breach within 30 days save, on average, more than $1 million.
You need to get in front of attackers. That means eliminating vulnerable blind spots by capturing traffic from your network edge — traffic that your centralized security tools would otherwise be unable to see. But not just any data will do. Log files are easy to capture, but they never tell you the whole story. By contrast, packet data is the gold standard, and most tools require it to properly detect and diagnose security threats.
WHAT WE RECOMMEND: BOOST SECURITY BY DEPLOYING A FLEET OF NETWORK PACKET BROKERS
Edge computing makes it harder to capture packet data, but it is by no means impossible. Since your centralized security and performance monitoring tools are no longer receiving data directly, you need to bring the data to them. By installing network packet brokers (NPBs) across the edge of your network, you can gather critical packet data and send it back to your centralized tools for analysis.
Not all NPBs are created equal. Some are prone to dropping packets, while others experience latency when utilizing multiple filters or features. Check out Ixia’s full suite of NPBs to discover what sets us apart — and how we deliver high performance under high pressure.
2. MANAGE COST AND SCALE
Traditional network tools are expensive appliances designed to reside in centralized locations such as corporate data centers. However, since edge computing relies on localized data processing, that approach will not work. You need to collect packet data across the entirety of your network’s edge. That means deploying NPBs at all your branch offices.
Unfortunately, most tools are simply too large and costly for that. Sacrificing coverage is the last thing you want. You need a solution that is inexpensive enough to purchase at scale and small enough to deploy at the smallest locations.
WHAT WE RECOMMEND: MAKE SURE YOUR NPBS ARE COMPACT AND COST EFFECTIVE
You cannot secure what you cannot see. That’s why it is so critical that your NPBs are purpose-built for edge computing. Specialized tools like these are affordable enough to scale and integrate seamlessly with your centralized data center infrastructure enabling you to remotely access metadata and packets from branch sites and remote locations.
Edge-optimized NPBs are few and far between. But they are worth seeking out. Configuring and modifying a fleet of devices via individual command lines is not only a colossal waste of time — it is an easy way to make mistakes. However, devices like Ixia’s Vision Edge series (Vision E100, Vision E40, Vision E10S, and Vision E1S) can be deployed and modified quickly with an easy-to-use interface that saves time and minimizes errors.
3. DO NOT SETTLE FOR BARE-BONES FEATURES AND FUNCTIONALITY
A cost-effective solution does not have to mean compromising on features. In fact, settling for the bare minimum can cost you even more.
Take load balancing, for example. Your security and performance monitoring tools may rely on packet data, but an uninterrupted stream of information can be like drinking from a fire hose. While most tools feature some load balancing, too much data can easily overwhelm them — causing latency issues, missed events, and false positives.
WHAT WE RECOMMEND: REMOTE ADMINISTRATION AND SMART DATA PROCESSING ARE NON-NEGOTIABLE
The right features make all the difference. Things such as centralized management consoles can seem insignificant at first. But think about it: do you want to deploy a significant number of devices that do not support efficient provisioning or remote administration? After all, individually configuring and controlling each device wastes a considerable amount of precious time and effort.
At the same time, you need the ability to capture, filter, and deduplicate data at the source. That way, you can save your tools’ bandwidth for more expensive and elastic needs, such as machine learning and artificial intelligence.
Ixia’s edge-optimized NPBs (Vision E100, Vision E40, Vision E10S, and Vision E1S) make it easy to get maximum performance with minimal effort. All come standard with our industry-leading visibility intelligence (including NetStack advanced filtering). They also include an intuitive drag-and-drop interface that makes remote administration a cinch — even at scale.
4. TAKE CONTROL OF USER EXPERIENCE WITH ACTIVE MONITORING
Edge computing is supposed to reduce latency and improve user experience. But what happens when things go wrong? Performance monitoring tools that utilize packet data are great for identifying outages and course correcting, but those tools will not help you prevent such problems from occurring. If you want to get ahead of problems and safeguard user experiences at the edge, you need a different approach altogether.
In contrast to normal performance monitoring, active monitoring (also known as “synthetic monitoring”) tools simulate traffic by sending synthetic packet data to various endpoints across your network. You get the best of both worlds: you can monitor user experience in real time while proactively probing for issues that would otherwise only reveal themselves under live traffic loads.
WHAT WE RECOMMEND: INSTALL ACTIVE MONITORING ENDPOINTS AT EVERY BRANCH LOCATION
In today’s enterprise, a quality user experience is non-negotiable. Connectivity is the heartbeat of business. Employees and customers alike depend on peak performance. With such unforgiving expectations, an active monitoring strategy is imperative. By deploying hardware- and software-based endpoints at all your branch sites and remote locations, you can make sure no performance problem goes undetected.
Vision Edge 1S, Ixia’s newest edge-optimized NPB, doubles as an endpoint for our Hawkeye active monitoring platform. By combining active monitoring capabilities with a traditional NPB, you get an integrated solution that improves security and network performance — all at once.
FUTURE-PROOF YOUR NETWORK’S EDGE WITH PACKET-LEVEL VISIBILITY BEFORE IT IS TOO LATE
We are in the midst of a sea change for enterprise networks. Like it or not, the cloud is not enough anymore. And despite potential security and performance concerns, edge computing and IoT are not going anywhere.
So what does this mean for you? It means it is time to future-proof your network. A rapidly expanding edge means managing a significantly larger attack surface and a host of potential performance problems — but that that does not necessarily mean you are fighting a losing battle.
Security and user experience are far too important to leave to chance. Provided you take the right steps in establishing complete packet-level visibility and performance monitoring, you can protect your network for years to come. From your data center to the farthest reaches of your network’s edge, you can rest easy knowing your data is safe, secure, and under control.
ABOUT KEYSIGHT TECHNOLOGIES
Keysight Technologies, Inc. (NYSE: KEYS) is a leading technology company that helps enterprises, service providers, and governments accelerate innovation to connect and secure the world. Keysight’s solutions optimize networks and bring electronic products to market faster and at a lower cost with offerings from design simulation, to prototype validation, to manufacturing test, to optimization in networks and cloud environments. Customers span the worldwide communications ecosystem, aerospace and defense, automotive, energy, semiconductor and general electronics end markets. Keysight generated revenues of $3.2B in fiscal year 2017. In April 2017, Keysight acquired Ixia, a leader in network test, visibility, and security.