NetOps and SecOps Challenges

The ability to deploy a security—or even a networking—solution in the network has been a long, complicated process.

So much has stood in the way of progress, making the ability to add or change solutions difficult and causing this area to be one of the least agile in the enterprise.

 

  • 1. Security threats and networks are constantly changing.
  • 2. Security solutions are constantly advancing.
  • 3. Difficulty in deploying new solutions on the network or changing existing ones.
    • a. Quickly and easily deploy the latest technologies and minimize lengthy approval processes.
    • b. Resolving the mess of tool sprawl with logical sequential chaining and rule-based flow.
    • c. Optimizing tool performance by offloading utility tasks, such as de-dupe and decryption.

It’s an issue for security, and it’s an issue for networking. Why do we treat these as two very different things, networking and security?

They have different goals, but they are, at the same time, inexorably connected and ultimately about the same thing.

The “Network” needs an easy way to add/remove/manage security and network solutions, while looking at availability, throughput, OPEX, and flexibility in addressing growing network needs - more traffic, more tools and more customers.

It’s time to stop looking at security and networking completely separately. To solve the issue of network solution deployment agility with failsafe networking, you have to consider them together.

That is why we created the Open Visibility Platform.

the-network-managerThe Network
Manager

The Network Manager is focused on the network, and the network is always changing. Changing in order to address the constant needs for services, bandwidth, accessibility, while maintaining the highest network availability and performance. Deploying any type of solution turns into a complicated process as it may adversely affect aspects of the network.

vector-smart-object-1The Security
Manager

The Security Manager is focused on the security of the services, the data and the users. He is fighting a moving “target” of security threats and breaches, and needs to adjust swiftly and to continuously introduce the most uptodate security solutions available. As security architecture evolves, the security solutions need to access more places in the network than ever before.

Benefits of Open Visibility Platform™

OVP provides an open, high performance unconstrained environment for hosting
virtualized solutions combined with intelligent traffic delivery capabilities

Open Visibility Platform™ Deployment Hub

  • Threat Detection
  • WAF
  • DDoS
  • UEBA
  • NPMD
  • APM
  • NTA
  • TLS Decryption
  • IPFIX
  • Security and Network Applications
  • Utility Processing Functions
Open Visibility Network
OVP Deployment Hub OVP Deployment Hub

Three Pillars of OVP

  • 1Freedom to Choose
  • 2Deployment Hub
  • 3Getting the right traffic the right way
1Freedom to Choose

The Open Visibility Platform is a place to host any virtualized application for security and network solutions. By any solution, this includes not only any virtualized solution from a third-party, but also any proprietary, homegrown solution, or in the case of government organizations or highly specialized groups, some kind of black box. It also includes the ability to deploy solutions on-demand and ad-hoc for various testing, diagnostics and assessments.

Let’s take a closer look at the concept of openness and flexibility. What this means is that now organizations have the freedom to choose, and not be tied to closed garden offerings of a particular vendor. But even more than that, really, the freedom to choose and not have it take forever or to have to play “Let’s Make a Deal” with networking to swap an existing solution for some new one that you want to add. This freedom will also promote innovation because now there is a place to deploy new things.

2Deployment Hub

Deployment Hub - the OVP is a high performance/high-reliability appliance that is built to meet the requirements of any network, including the largest service providers. Because the OVP meets stringent demands for the core networking reliability, scalability and performance required by networking teams, it enables agility and flexibility by providing a deployment hub to easily host and serve multiple security and networking solutions. The OVP platform supports both inline and out-of-band deployment scenarios.

3Getting the right traffic the right way

Getting the right traffic the right way - The OVP can intelligently deliver traffic and configure policies and rules to establish traffic flows to and from solutions, and to determine the logical sequence of traffic being sent to the hosted applications as needed. Policies, actions and traffic steering can be triggered to address host application failure and failover conditions. The hosted applications can be deployed reliably inline and out-of-band.

Managing Tool Sprawl - A Primary Deployment Hub for Agility and Adaptability

With rapid changes to both solutions and requirements, organizations have been faced with a proliferation of tools that vie for a limited number of ports from networking components, limited rack space and extensive restrictions or lengthy approval processes placed on deploying new solutions. Now, the OVP can serve as a primary deployment hub in the network, reducing deployment cost and time. The platform is built to meet the most stringent requirements for performance, scalability, reliability and availability.

Figure depicts OVP Pillars – installing best of breed solutions, saving on operational costs and deployment complexity, and at the same time improving reliability. This can be further expanded, by consolidating multiple network and security solutions, leveraging OVP ability to host multiple solutions.

OVP-Firewall-2
OVP-multiTools-5
OVP-SVC-offload-1

Offloading Utility Processing to Optimize Solution Performance

The OVP provides intelligent delivery of precisely the right network traffic, delivered in the right way, having already performed the often performance-intensive utility processing functions, such as TLS decryption, de-duplication, IPFIX data extraction and data masking. These utility functions offload the task from individual solutions to enable them to focus on their own specialized tasks unencumbered by utility functions.

What is the Open Visibility Platform?

The Open Visibility Platform™ is a combination of a Niagara Networks N2 Series appliance plus the Niagara Networks Packetron™

OVP-1

 

The N2 Series

The N2 Series is a modular multi purpose visibility node, supporting NPB, active/passive Tap or switch bypass functionality. It sits directly on the network infrastructure and is designed for very high performance and reliability. Its what delivers network traffic to in-line or out-of-band solutions. Many of the top service providers already rely on Niagara’s N2 Series in their core networks.

Packetron

Packetron is an add-in packet process acceleration module that enables the solution hosting and performs the traffic processing utilities. Additional Packetron modules can be added in to scale for more solutions, traffic processing and load.

OVP-OVP-2

Why You Need Network Intelligence at the Visibility Layer

The underlying objective of the visibility layer, as a layer of devices sitting between the network itself and the network tools and security appliances, is to serve as an adaptation layer responsible for delivering the right traffic to the right tool. By doing this we are increasing the efficiency of the tools, streamlining the enterprise's operations and reducing overall total cost of ownership.

Learn more about Network Intelligence

Take the Next Step

Additional resources to learn more about the Open Visibility Platform and see how it can
simultaneously meet your networking and security solution challenge: