In a recent interview, Ariana Lynn, Principal Analyst at The Fast Mode spoke to Scott Register, Vice President of Security Solutions at Keysight Technologies on the impact of traffic visibility on modern IP networks. Scott joins us in a series of discussions with leading networking, analytics and cybersecurity companies, assessing the need for traffic filtering technologies that can deliver real-time, granular application awareness. The series explores how advanced analytics power various network functions amidst the rapid growth in traffic and applications.
Ariana: How do your solutions and products fulfill the demands of today's networks?
Scott: Packet-level visibility is critical for understanding what’s going on, good or bad, in your network. Whether it’s in your data center, the cloud, or a branch office, you will at some point need to inspect and analyze raw traffic to understand user experience and application performance, debug problems, or spot security incidents. That packet data can, of course, be used to generate metadata or other analytic information for more efficient processing. But none of that works without seeing the packets on the network.
The challenge is that modern networks handle a LOT of packets. Gigabit speeds are common even in small networks, and in a reversal of earlier networking characteristics, a lot of that traffic goes off-network (especially to the cloud). So you may need to focus on more critical application traffic, ensure you aren’t processing duplicate packets, and sometimes even decrypt traffic, all while guarding against blind spots on the network.
That’s where Keysight’s Vision series of network packet brokers come in. But how do you understand the user experience and security efficacy of your distributed, cloud-heavy application deployments?
How do you ensure that all of those analytics systems, SIEMs, etc., are actually optimized to detect attacks?
That’s where Keysight’s performance and security validation tools come in. CyPerf is Keysight’s cloud-native performance and security validation tool, which lets you accurately predict and understand not only transaction latency and security for your distributed and cloud deployments but also how elastic it is – how quickly your cloud security infrastructure can react to sudden changes in workload. Often, apps are deployed with a lot of overprovisioned infrastructure because it’s not clear where the real performance chokepoint is. CyPerf saves money and accelerates deployment by letting you understand performance, elasticity, and scalability at every point in the deployment chain.
And even when deploying high-quality security tools from reputable vendors, what can separate you from the thousands of companies who deployed the exact same security tools and suffered a crippling breach? Threat Simulator is Keysight’s Breach and Attack Simulation tool, which safely simulates the latest attacks from global threat actors to make sure your security tools and teams are optimized to recognize the attacks most likely to target your network. Updated daily, Threat Simulator lets you be proactive in defending your critical data, enabling you to deploy applications with confidence.
Ariana: What technologies are most effective in delivering real-time traffic visibility?
Scott: As noted above, ubiquitous access to packet-level data across the entire deployment infrastructure is critical in enabling full traffic visibility, in real-time, for security and performance monitoring. You need the ability to access all traffic, but in most cases, you don’t need to perform full analytics on every packet. You have to be able to filter and select the traffic of interest without missing anything and without processing duplicates as you monitor all of the segments of your deployment. This is best accomplished with a combination of taps and network packet brokers. Taps operate logically at layer 1 of the OSI stack, capturing raw data from copper or fiber optic cables in physical networks or virtual switch traffic in virtual networks. Network packet brokers, either physical or virtual, can take traffic from those taps and apply advanced filtering, deduplication, timestamping, and other grooming to optimize the performance of downstream tools of almost any type.
Ariana: What challenges do you often face in using existing traffic visibility tools?
Scott: For complete visibility, tools need complete traffic access. Back in the days of the traditional data center with centralized, cleartext traffic, this was easy. But now deployments are distributed across data centers, clouds, and hybrid mixes. For additional security, much of that traffic is now encrypted by default. That’s why network visibility solutions like Keysight’s are critical for seamless deployment across hybrid infrastructures, with complete physical, virtual and cloud visibility even into most encrypted traffic.
Ariana: How effective is deep packet inspection (DPI) technology in addressing today's traffic complexities?
Scott: We’ve already addressed the criticality of complete packet visibility, but what good are packets if you don’t know what’s in them? That’s the role of Deep Packet Inspection, which goes beyond simply looking at packet headers and examines the contents of packets for functions such as understanding application transactions and detecting malware in connections, But with the proliferation of encryption in modern networks, visibility solutions can easily become blind to most traffic. DPI engines must often be coupled with SSL decryption to enable full traffic visibility. Fortunately, many of Keysight’s Network Packet Brokers have an optional Active SSL module that can handle even modern TLS1.3 encryption.
Scott Register has 20+ years of experience leading product management and go-to-market activities for global technology companies. As Keysight’s vice president of security solutions, he is responsible for bringing new solutions to market. In his prior role as vice president of product management, Scott led the development of new Ixia security, virtualization, and cloud products and spearheaded the network visibility product line. He has also held positions with BreakingPoint Systems, Blue Coat, and Check Point Software. Scott holds B.S. and M.S. degrees in computer science from Georgia Institute of Technology and has served as a member of its research faculty.
This interview is a part of The Fast Mode's Traffic Visibility segment, featuring leading networking, analytics and cybersecurity companies and their views on the importance of network intelligence and DPI for today's IP networks. A research report on this topic will be published in June 2024 - for more information, visit here.
