From end point to data centre to cloud, Wavenet delivers security in physical, virtual or containerised environments to protect your applications and data.
Irrespective of environment, the same challenges exist for Network, Security and Operations teams. Being able to see what’s going on (visibility), adapt quickly and consistently to changes or threats (control) and deliver business intelligence (management) may seem like an impossible task.
The speed of change in most networks – coupled with often conflicting demands from within the business – leads to confusion. Or worse – stagnation.
Physical Environments
Physical environments are pretty easy to understand. They are hardware based and tangible – you can see and touch all the devices involved.
Devices are generally fixed in function – a server, a switch, a router or a firewall say. You know what they do and it doesn’t change (much).
Applications normally run on a dedicated server (or mainframe) often managed by a specialist individual or team.
Whilst physical environments are generally static where devices and applications are concerned, network level moves and changes require very careful planning to be successful first time. Similarly, updates and re-configurations are labour-intensive and prone to human error.
Irrespective of environment, the same challenges exist for Network, Security and Operations teams. Being able to see what’s going on (visibility), adapt quickly and consistently to changes or threats (control) and deliver business intelligence (management) may seem like an impossible task.The speed of change in most networks – coupled with often conflicting demands from within the business – leads to confusion. Or worse – stagnation.
Visibility – The Visibility layer is absolutely essential to enabling Control and Management. Think of it as extracting a full copy of all traffic – network, application or data – wherever it resides and aggregating it. At that point, the data can be manipulated as needed – de-duplicated, header stripped, filtered etc. – and sent to multiple tool sets.
For example, if you want to investigate SSL/TLS traffic say, there is no need to send non-encrypted traffic onward to be analysed. Only the traffic of interest is forwarded. This reduces the load on the tools and may actually negate the need to upgrade.
Equally, if your interest is network performance, application data may be irrelevant but CCR errors, re-transmissions or slow server response will be.
Control – Once packet and/or flow data is gathered and processed at the Visibility layer, there is virtually no limit to what can be achieved in the Control layer. By feeding dedicated or specialist tools with just relevant traffic, performance of these tools can be optimised.
For example, having IPS deployed on a 10G network and routing all traffic through it may seem like a good idea but, if 80% of the traffic is of no consequence to the business, you only use 20% of the capability – and probably spend a lot more money than necessary.
Another benefit in this layer is that multiple tools can receive the same data with the same timestamp – this is especially useful in correlating events / issues and taking intelligent action.
Management – This layer is generally where the magic happens – being able to correlate events from the control layer with packet data from the visibility layer and input from AI/ML systems (say).
Whether the Management layer triggers a playbook in a SOAR platform or initiates a network change through a SDN orchestration platform, the outcome is based on information, knowledge and wisdom. And it’s consistent.
Virtual
Virtual environments are based on software running on a physical underlay. If we consider servers, for example, the software allows multiple applications or workloads to run on a single physical server simultaneously. Within networks, virtualization can range from simple Virtual LAN (VLAN) deployments to full-blown Software Defined Networks (SDNs) including Containers.
Virtual environments are, by definition, flexible but this very point can make it challenging to deliver consistent performance or policy enforcement. With lots of dependencies and moving parts automation becomes a key consideration in virtual environments.
Data centres tend to be heavily virtualized at the server level with multiple virtual machines (VMs) for each physical server. Most traffic runs east/west between these VMs and never heads “north” so is rarely, if ever, seen by traditional network monitoring solutions. Gaining visibility and control of the traffic between VMs is essential for smooth operation and consistent performance / policy enforcement.
Visibility – The Visibility layer is absolutely essential to enabling Control and Management. Think of it as extracting a full copy of all traffic – network, application or data – wherever it resides and aggregating it. At that point, the data can be manipulated as needed – de-duplicated, header stripped, filtered etc. – and sent to multiple tool sets.
For example, if you want to investigate SSL/TLS traffic say, there is no need to send non-encrypted traffic onward to be analysed. Only the traffic of interest is forwarded. This reduces the load on the tools and may actually negate the need to upgrade.
Equally, if your interest is network performance, application data may be irrelevant but CCR errors, re-transmissions or slow server response will be.
Control – Once packet and/or flow data is gathered and processed at the Visibility layer, there is virtually no limit to what can be achieved in the Control layer. By feeding dedicated or specialist tools with just relevant traffic, performance of these tools can be optimised.
For example, having IPS deployed on a 10G network and routing all traffic through it may seem like a good idea but, if 80% of the traffic is of no consequence to the business, you only use 20% of the capability – and probably spend a lot more money than necessary.
Another benefit in this layer is that multiple tools can receive the same data with the same timestamp – this is especially useful in correlating events / issues and taking intelligent action.
Management – This layer is generally where the magic happens – being able to correlate events from the control layer with packet data from the visibility layer and input from AI/ML systems (say).
Whether the Management layer triggers a playbook in a SOAR platform or initiates a network change through a SDN orchestration platform, the outcome is based on information, knowledge and wisdom. And it’s consistent.
Cloud
For many businesses, the idea of utilizing Cloud environments was the answer to pretty much everything. Whilst Cloud environments offer tremendous benefit for the right use case, history has taught us that “Cloud” is not a panacea.
Cloud environments come in several flavours – Infrastructure, Platform or Software as a service. Although all options can be agile, elastic and versatile, each has its own considerations and limitations based upon the use case.
Cloud Service Providers (CSPs) will provide some level of performance monitoring/reporting but this may not be aligned with business requirements – especially where sensitive data is processed or regulatory compliance is paramount. This Visibility, Control and Management gap is further compounded when multiple CSPs are used by businesses. Each CSP will do things their way so reporting is inconsistent and difficult to correlate.
Irrespective of environment, the same challenges exist for Network, Security and Operations teams. Being able to see what’s going on (visibility), adapt quickly and consistently to changes or threats (control) and deliver business intelligence (management) may seem like an impossible task.
The speed of change in most networks – coupled with often conflicting demands from within the business – leads to confusion. Or worse – stagnation.
Visibility – The Visibility layer is absolutely essential to enabling Control and Management. Think of it as extracting a full copy of all traffic – network, application or data – wherever it resides and aggregating it. At that point, the data can be manipulated as needed – de-duplicated, header stripped, filtered etc. – and sent to multiple tool sets.
For example, if you want to investigate SSL/TLS traffic say, there is no need to send non-encrypted traffic onward to be analysed. Only the traffic of interest is forwarded. This reduces the load on the tools and may actually negate the need to upgrade.
Equally, if your interest is network performance, application data may be irrelevant but CCR errors, re-transmissions or slow server response will be.
Control – Once packet and/or flow data is gathered and processed at the Visibility layer, there is virtually no limit to what can be achieved in the Control layer. By feeding dedicated or specialist tools with just relevant traffic, performance of these tools can be optimised.
For example, having IPS deployed on a 10G network and routing all traffic through it may seem like a good idea but, if 80% of the traffic is of no consequence to the business, you only use 20% of the capability – and probably spend a lot more money than necessary.
Another benefit in this layer is that multiple tools can receive the same data with the same timestamp – this is especially useful in correlating events / issues and taking intelligent action.
Management – This layer is generally where the magic happens – being able to correlate events from the control layer with packet data from the visibility layer and input from AI/ML systems (say).
Whether the Management layer triggers a playbook in a SOAR platform or initiates a network change through a SDN orchestration platform, the outcome is based on information, knowledge and wisdom. And it’s consistent.
Hybrid Environments
By definition, a Hybrid environment is a combination of physical, virtual and Cloud environments. It is, by far, the most common state businesses find themselves in.
However, each sub-environment will have different tool sets to provide Visibility, Control and Management. Bringing these together is a challenge.
Since Hybrid environments rely on multiple Vendors – with little standardization – managing multiple schemas for configuration, moves and changes requires careful planning and even more careful execution.
In order to achieve consistency of performance and policy enforcement, automation or orchestration is an essential ingredient.
Visibility – The Visibility layer is absolutely essential to enabling Control and Management. Think of it as extracting a full copy of all traffic – network, application or data – wherever it resides and aggregating it. At that point, the data can be manipulated as needed – de-duplicated, header stripped, filtered etc. – and sent to multiple tool sets.
For example, if you want to investigate SSL/TLS traffic say, there is no need to send non-encrypted traffic onward to be analysed. Only the traffic of interest is forwarded. This reduces the load on the tools and may actually negate the need to upgrade.
Equally, if your interest is network performance, application data may be irrelevant but CCR errors, re-transmissions or slow server response will be.
Control – Once packet and/or flow data is gathered and processed at the Visibility layer, there is virtually no limit to what can be achieved in the Control layer. By feeding dedicated or specialist tools with just relevant traffic, performance of these tools can be optimised.
For example, having IPS deployed on a 10G network and routing all traffic through it may seem like a good idea but, if 80% of the traffic is of no consequence to the business, you only use 20% of the capability – and probably spend a lot more money than necessary.
Another benefit in this layer is that multiple tools can receive the same data with the same timestamp – this is especially useful in correlating events / issues and taking intelligent action.
Management – This layer is generally where the magic happens – being able to correlate events from the control layer with packet data from the visibility layer and input from AI/ML systems (say).
Whether the Management layer triggers a playbook in a SOAR platform or initiates a network change through a SDN orchestration platform, the outcome is based on information, knowledge and wisdom. And it’s consistent.
Find out more about how we can support with visibility, control and management of networks, security and data in any environment.