An Easy Way to Extend the Life of Your Security and Monitoring Tools

A common dilemma for IT is how can you get more done for less money? Budgets only go so far. However, internal customer, external customer, and executive needs always seem to go far beyond the existing budget. One thing that IT engineers and administrators can do is to try and stretch their budget. While this is often easier said than done, one possible area of focus to save some budget is in the area of security and monitoring tools. For instance, what if you were able to extend the life of your existing tools a little longer by improving their efficiency? I’ll show you an example of how you can do just that.

Smart Spending On Security

In the wake of several high-profile hacks, security continues to be a huge IT budget priority. As a high expense area, spending on IT security can quickly eat into tight budgets. But there are ways to make your money go further – without compromising the safety of your business. For example, you can reduce your financial outlay on new security and monitoring tools by extending the lifespan of existing ones and by using the tools you already have more strategically. With tool costs commonly ranging from $50K to $200K per tool, this could be a significant savings. The key is efficiency.

See Clearly to Save On Costs

To use your tools more efficiently, you need a visibility architecture. This can help you:

• See the data flowing across your network

• Streamline the data sent to your security tools

• Be strategic about the placement of security tools across the network

All of this can go a long way to eliminating the inefficiencies that put unnecessary strain on security tools – shortening their lifespan. And it can help you avoid buying tools that you don’t need. Implementing a visibility architecture doesn’t have to be complicated either. It can be as simple as deploying a few taps and a network packet broker (NPB) to your current setup.

Practical Ways To Save

Here are some practical examples of how a visibility architecture can help you reduce your IT costs:

Bandwidth Load Balancing

The ability to spread data across multiple tools can be very important to businesses. Let’s say you decide to upgrade your network core from 10GE to 40GE. Suddenly, you need new monitoring tools that are able to handle this higher rate of data. The tools you were using before are now obsolete and must be replaced. That’s a huge upfront expense for these new tools.

However, an NPB could help you to postpone a costly initial outlay. NPBs can be used to spread 40GE traffic across multiple 10GE tools. This is called bandwidth load balancing. It means you can continue using your old tools until there’s enough budget to purchase new ones. The lifespan of your existing equipment is extended, and you’re able to stagger your IT spend.

N+1 Load Balancing

N+1 load balancing delivers an enhanced level of reliability at a good price. N+1 means that whatever your traffic load, you add one extra tool to the data processing stream. If the solution is dimensioned properly and a security or monitoring appliance were to fail, the load is then distributed evenly across the remaining tools. This is done by the network packet broker. As an example, you might have 40 GE worth of traffic that you spread across five 10 GE security tools. This means each tool is processing 8 GE worth of traffic. If one tool fails, then the packet broker will redistribute 10GE worth of traffic to each of the four working tools.

Once the problem is fixed, the packet broker will redistribute the load across all five of the tools again. All without any manual intervention. This type of solution provides a high degree of survivability at a fraction of the cost of a fully redundant system. Should you want more reliability, you can add more security tools to create an n+2, n+3, or whatever all the way to a fully redundant system.

Processing Power Reduction

Security and monitoring tools are most effective when they able to focus on keeping your network safe. But too often, their processing power is spent on non-core functions such as data filtering, deduplication, SSL decryption. You can also end up simply wasting analysis time and effort on the wrong kind of traffic altogether.

Thankfully, NPBs can filter network traffic, ensuring your security tools receive only the specific data needed to detect threats. NPBs can also decrypt data before sending it on to the relevant monitoring tools. This frees up your security devices to focus on defending the network. With the proliferation of encrypted traffic now, the NPB capability also makes sure that older tools which don’t have decryption capabilities built into them can still be used, rather than sitting idle. In the end, NPBs reduce unnecessary strain on your devices, help extend their useful life, and ensure you get maximum value for the money you spend on your tools.

Seeing your network clearly is the key to cost avoidance. These suggestions are just the tip of the iceberg.

limit
3