The case for pervasive security and monitoring


“Mario Vecchio-Director, APAC”

It goes without saying that we are living in an interesting time. We are more connected than ever before. Our cars are connected, our life is connected in a multitude of ways through our mobile devices and particularly with social platforms. Every day we share more about ourselves than we can imagine through our digital footprints across various platforms, such as social networks, payment systems and location tracking. But with this hyper connectivity and over sharing comes a far greater and ongoing risk of our information being compromised.

Across the U.S and Australia, Red Cross, Yahoo!, Snapchat, LinkedIn, Dropbox, Sony and Target are just a few of the companies that have recently had their networks compromised, which resulted in their users or customers’ personal data being stolen. And with each such incident, the scope continues to increase. No longer is it just a few accounts being compromised – breaches are now affecting millions and sometimes hundreds of millions of people.

The question now is, what can enterprises do in the face of this, given this interconnectedness forms the very foundation of the economy, business and increasingly, how we manage our lives? Rather than accept the status quo and the risk that comes with it knowing that such events can happen and will happen, there is a better, more prudent approach. And that is to evolve today’s security architecture so that it can prevent such breaches from occurring in the first place.

In today’s digital world, a multi-layer security and visibility architecture where all traffic needs to be inspected, regardless of whether or not it leaves the data centre, is no longer optional but rather is now mandatory. This architectural approach is the only way security tools can do an effective job of screening all suspicious traffic and recognising patterns that can lead to breaches.

At the DMZ (the demilitarised zone where the outside, untrusted traffic interfaces with an organisation’s network), typically high performance security appliances need to be placed inline to the production network traffic and have visibility to all network packets coming in and going out of the data centre. For traffic that remains in the data centre (east-west traffic as opposed to north-south for the DMZ), effective monitoring typically requires an out of band security tool farm. The more traffic the tools have access to, the more effective they can be at this layer. At the network layer, isolation segments (commonly known as VRFs) are recommended as an effective security layer, while micro segmentation is recommended at the app layer.


Click to enlarge

Enterprises fear the cost and complexity associated with the concept of “secure everything architecture,” but leveraging software defined networking (SDN), combined with industry-standard hardware makes it simpler to implement this multi-layered security while meeting business objectives, reducing costs and most important, ensuring total network security.

Enterprises need to be more vigilant than ever before and create a multi-layer security defence system to prevent against the ever growing threat of user data breaches. A next-generation SDN architecture is an innovative new way for organisations to stay ahead of those trying to do harm to their brand.

Mario Vecchio is Managing Director APAC at Big Switch Networks, the leader in bringing hyperscale-inspired networking to data centres worldwide.