Ixia, a Keysight Business, a leading technology company that helps enterprises, service providers and governments accelerate innovation to connect and secure the world, and FireEye, the intelligence-led security company, today announce a technical collaboration to give joint customers the ability to monitor all traffic passing through their network.
Large government, finance and healthcare entities face strict regulations for network security. These regulations lead many to select turnkey private cloud platforms as an alternative to public clouds.
Intended to reduce risk, the use of private cloud platforms can ultimately compromise intelligence and operations because public cloud providers may not supply data needed by their analysis solutions – namely, packet data.
Turnkey Private Clouds: Unique Benefits With Unique Challenges
While cloud computing offers significant benefits, some organizations are prohibited from connecting their computing infrastructure to the Internet or must adhere to strict security guidelines. A secure private cloud offers the best of both worlds: the flexibility and cost efficiency of cloud, with the isolation and separation required for compliance.
Major public cloud service providers are stepping up to meet the needs of organizations that cannot adopt public cloud offerings. Pre-built private cloud platforms such as Microsoft Azure Stack deliver similar features and are easy to deploy and scale, but remain completely isolated from the internet. Customers still need to keep deployments updated but doing so does not require dedicated cloud architects or developers.
Setting up clouds to host applications in a centralized environment promotes stronger, easier security, but services may not give administrators access to the underlying infrastructure components, such as the hypervisor layer. This limitation means security teams do not have access to the virtual traffic in their own private cloud, a visibility gap with serious implications for security.
Complete Hybrid Network Security
In one recent deployment scenario, a joint customer planned to send traffic to a private cloud for monitoring by best-of-breed solutions including FireEye Network Security and FireEye Network Forensics to provide network and endpoint threat detection and security forensics. FireEye solutions use deep packet inspection (DPI) to understand the context of communications moving through the network and to identify “indicators of compromise” that provide evidence of a network attack or data exfiltration.
The FireEye solution includes:
- Multi-Vector Virtual Execution (MVX) cloud security engine: The FireEye dynamic analysis engine inspects suspicious network traffic to identify attacks that evade traditional signature- and policy-based defenses. The MVX engine stops advanced malicious attacks, confirms zero-day attacks, and creates real-time protections.
- FireEye Network Security appliances: FireEye Network Security appliances include MVX, as well as an integrated intrusion prevention system (IPS) and zero-day and signature-less malware attack detection.
- FireEye Network Forensics appliances: These appliances enable continuous high-speed packet capture and querying to pinpoint data and speed investigations. Rich attack context and insights gained while responding to real-world threats delivers everything security teams need to detect, triage, and minimize the impact of attacks.
Packet Data is a Must
Ixia’s hybrid network visibility solutions provide the packet-level detail critical to analysis using physical and virtual taps (vTaps) and intelligent processing by Vision network packet brokers (NPBs). CloudLens vTap Sensors are used to access packets in the Azure Stack platform, along with CloudLens vTaps accessing virtual traffic within in the on-premises infrastructure.
In addition to packet access, the Ixia visibility platform uses a powerful processing and filtering engine inside its NPBs to strip away unnecessary data and isolate the packets that require security inspection. Pre-processing significantly reduces the load on monitoring tools and can reduce the need to add capacity. Ixia’s NPBs can also decrypt secure packets for faster processing, eliminating the need for a separate decryption device.
In this case, the joint customer also chose to aggregate packets at the network edge to improve performance using the Ixia Vision Edge NPBs. In the data center, Vision ONE packet brokers ensure filtered, pre-processed traffic is delivered to security solutions without disruption. With Vision ONE’s drag-and-drop interface, administrators can easily direct traffic to multiple monitoring solutions simultaneously to accelerate threat identification and resolution.
To learn more about the benefits of this joint solution, please visit the FireEye Market.