If you’re a physics fan like me, you’ll know the famous Heisenberg Uncertainty Principle that states you cannot know a particle's exact location and velocity at the same time. If you shine a light on the particle to see where it is, you change the speed or direction causing a big problem for particle physicists.
Network security has a similar conundrum. Every organization wants the best possible security but often any kind of increase in network visibility to improve security requires a reduction in performance because of the overhead associated with that task. A ZK Research (I am an employee of ZK Research) study last year revealed a couple of interesting but not surprising facts. The first is that almost half the respondents claim they must continually make trade offs between network performance and security. The second one is that a little over a third of the respondents actually turn security features off, that is make the environment less secure, in order to maintain performance. So security professionals are always in a state of juggling performance and security.
Heisenberg never solved his Uncertainty Principle but Ixia (Ixia is a ZK Research client) has a solution for the network security version. Earlier this month, the company announced a new product called “Vision ONE”, a high performance, in line appliance that collects, processes, filters and organizes data and application flows sent to network security tools.
The Vision ONE product works by offloading all of the heavy lifting from the security appliance and lets the security tools do what they do best. For example, intrusion prevention systems (IPS), data loss prevention (DLP) and firewalls all perform the tasks they were built to do great. But what if the traffic is encrypted? The overhead alone from having to decrypt/encrypt SSL traffic can often bring these products to their knees.
Sure, one could continually buy bigger and higher performing appliances but this is a never-ending battle since SSL traffic continues to skyrocket. It seems every website is now SSL encrypted and we will certainly continue to see the rise of this type of traffic. Vision ONE does the work that security devices were never meant to do and lets those tool do what they do best, providing a better return on the investment dollars already spent.
Also, because Vision ONE sees all of the packets, it ensures there are no “blind spots” on the network. Security devices sit at particular points in the network and can’t secure traffic that they don’t see. Vision ONE can be deployed across the network and ensure these blind spots are revealed. The rise in BYOD, Internet of Things, cloud and mobility simply adds to the number of blind spots so solving for this problem now can keep customers from experience more pain tomorrow.
Vision ONE is built on technologies from their Annue, NetOptics and Breaking Point acquisitions and combining it into single device. The appliance addresses these six key security challenges that every organization faces:
- End to end visibility to remove any possible blind spots
- Ability to see inside encrypted traffic offloading that capability from the security devices
- Grow security incrementally instead of having to upgrade expensive appliances for performance overhead
- Implement a layered defense model by leveraging inline security and out of band analysis tools
- Optimize the performance of security appliance by only sending the tools the data they require
- Enable a migration to a virtual data center by being able to bring the physical/virtual barrier from a common security platform
The performance-security trade off challenge has certainly been something businesses have struggled with over the years but managed to make due. Ixia’s Vision ONE provides a “plug and play” solution to solve this challenge. The product will be available in March and pricing of the product has yet to be finalized.