Overview of Ixia’s latest additions to its Vision Portfolio of network packet brokers
Deploying Inline Intrusion Prevention Systems (IPS) with Bypass SwitchesAs a network professional, you rely on your instrumentation tools to maintain network security, performance and availability. To achieve these goals, organizations use Intrusion Prevention Systems (IPS) that monitor and actively intervene they detect malicious traffic and threats.Manage Network Downtime and Points of Failure when Deploying Inline ToolsWhen deploying inline IPS or IDS monitoring tools, it is important to understand how they may introduce a potential failure point in your network. If the device needs to be taken offline at any time for scheduled or unscheduled maintenance; or if it loses power or becomes non-responsive due to oversubscription or excessive load, the network link will be broken and network traffic will cease to flow. IPSs are designed for maximum reliability, with features such as redundant configurability, link down synchronization, and hardware watchdogs. However, any internal fail-open capability is susceptible to the failure of the IPS device itself. Utilizing a Net Optics Bypass Switch provides an external and independent solution to maintain network uptime.
Overview of how using Ixia External Bypass Switches safeguards your networks. Learn more at http://www.ixiacom.com/products/bypass-switches
Are users complaining “the network is slow?” Or “Skype isn’t working?” Is your security team chasing too many false positives? Will your data center investment produce the return on investment (ROI) your executive e-staff expects? Stronger applications, tighter security, and higher returns on your IT investment all hinge on being able to see inside your network. Only with total visibility across your physical and virtual networks can your teams—and your tools—make exactly the right decisions at exactly the right time.
Scaling FirePower Inline or Out – Doug Hurd, of Cisco Security, discusses how Ixia's Visibility Architecture helps get monitoring data to its FirePower Platform.Learn more at https://www.ixiacom.com/resources/cisco-and-ixia-extend-security-everywhere-more-visibility-and-control
If you will be upgrading or migrating to a next generation firewall, take the opportunity to also review your overall security architecture. You spend significant time and money to implement, maintain, and upgrade your security infrastructure. Make sure your security tool architecture is designed to maximize value and efficiency. Limit the risk of downtime to your network. Keep your applications strong. All these benefits start with the simple addition of a bypass switch. For more advanced architectures, add a network packet broker. This paper examines how you can achieve these goals and implement a resilient security fabric—one that delivers a selfhealing, highly-available security architecture to complement your next-generation firewall (NGFW).
Continuous investment is what drives today’s network security. Threats evolve rapidly so enterprises must add, maintain, and upgrade their frontline security multiple times per year. What was once a firewall now also includes a next-gen firewall, web-application firewall (WAF), intrusion detection and prevention system, forensics tools and more. You purchase security tools to protect your network, but what have you done to protect your tools?
The costs, and downtime associated with breaches can seriously impact the bottom line, so companies continue to invest in a wide range of sophisticated security defenses. For example, solutions such as Cisco FirePOWER deliver threatfocused, next-generation intrusion prevention system (NGIPS) capabilities along with advanced malware protection (AMP) to enable continuous threat protection. While newer solutions can dramatically enhance security, the process of migrating to a new infrastructure may add complexity and introduce new challenges. These can include having to take links out of service during deployment, and to include external bypass to ensure resilience.
When it comes to security, the industry focuses primarily on layers of defense against cyber-attacks. While a good defense is essential, it crumbles under pressure when not balanced with a good offense. Testing and training against realistic loads and cyberattacks before a product or service is deployed uncovers performance and security issues early. Prevent attacks from occurring in the first place and your operational costs will drop. Discovering vulnerabilities at earlier stages is much less expensive for both your products and your business.
STANDALONE BYPASS SUPPORTS FAIL-SAFE OPERATION OF CISCO SECURITY APPLIANCE After a demonstration that showed information leaving the company and going to China in an unsecure fashion, this Global 500 manufacturer of HVAC equipment and automotive devices received CFO approval to purchase the appliances necessary for inline security monitoring. They chose the Cisco ASA with FirePOWERTM for its advanced functionality, and the network team looked for a way to support real-time monitoring, while also protecting network availability. Ixia provided the solution they needed.
Choosing the Right iBypassBypass Switches are in-line devices that provide fail-safe protection for in-line security and monitoring devices, such as an Intrusion Prevention System (IPS), Web Application Firewalls (WAFs), and many others. Ixia offers a wide array of different iBypass switch products that handle different high availability features, speeds, and media types. If you are looking to deploy any tools inline please read on to find the right iBypass product for your deployment.
Ixia Net Optics iBypass 1Gb Fiber switch with Heartbeat technology protects against power, link, and application loss. The iBypass switch features remote interfaces that allow remote switching and provide access to baseline traffic statistics, including utilization levels from anywhere in the network.
The University of Texas (UT) at Austin is a noted institution, with the fiﬅh-largest single-campus enrollment in the United States. Over 50,000 undergraduate and graduate students, along with more than 24,000 faculty and staff create a dynamic educational environment that generates massive volumes of raw application traffic to monitor. This traffic poses major security and cost-efficiency challenges for the university
Ixia Net Optics iBypass HD (High Density) provides a 1U, high port density bypass switch solution for in-line network security appliances such as intrusion prevention systems (IPSs) and firewalls. Each of the two to eight segments operates independently to ensure link protection when monitoring up to eight critical network links at any one time. Individual and multisegment IPS appliances can be connected, maintained, or removed without affecting traffic through the links or the operation of the remaining segments. In addition, pairs of bypass switches can be linked in a high-availability configuration, where failure of one appliance results in switching the traffic to the other appliance.
Ixia Net Optics iBypass 40-10 is an intelligent bypass switch that provides inline tool protection for inline network link deployments. The iBypass 40-10 augments network-monitoring capability through the use of microsecond resolution heartbeat packets, SNMP traps, field upgradable software, and an easy-to-use Web UI. The iBypass 40-10 allows monitoring of four 10GbE links or daisy-chaining multiple tools on 10GbE links.