Financial data, medical data, personnel data all fall under this category. For example, privacy may relate to employee and customer personal information. Data being transported across the network for the purpose of security and network analysis can introduce a point of attack.
Very often the security analysis tool does not require the data packet payload at all. It may require only the packet header, which is rich in information, such as the source of the packet, packet length and other data of analytical value. A visibility tool selectively strips the data packet payload before sending the data stream to security and network performance monitoring tools. As a result, sensitive data does not traverse the network, and tools that only analyze the packet header will not be exposed to sensitive data.
Further, visibility solutions can analyze the data packet payload for sensitive data strings and selectively mask only that specific data in the payload. Therefore, information such as personal identification numbers, credit card numbers, etc., can be selectively hidden from capture, analysis tools and users.
With a visibility architecture, you can pull together valuable information from the collective network, leading to a “keys to the kingdom” scenario. Fortunately, a visibility architecture provides an integrated approach to secure access to network data.
It can govern users who access the control panel, and which resources they can view or modify. Access to data can be controlled at multiple points, including network ports, tool ports, or data filters. Resources that are out of scope for an individual are locked within the control panel and are inaccessible to unauthorized users. It also provides group-level access control and integrates with TACACS+ users and groups.
Network visibility integrates into the existing network security management infrastructure and provides information to the network management system via SNMP. It also provides auditable and verifiable compliance documentation.
Granular access control enables security professionals to access exactly the data they need for analysis without requiring excessive access. Likewise, network engineers’ access is restricted to the data required for their job function.
Monitoring technologies for security, compliance, and network performance are an IT responsibility that require an increasing amount of high-quality network data. Even the best security technologies in the world, given bad or incomplete data, will analyze the bad data and deliver incorrect and misleading analysis, thus compromising network security.
Leveraging a visibility architecture that works with your security implementations and delivers the data needed for security analysis tools to meet GRC and security requirements. A visibility architecture provides timely and accurate network data required by each tool to perform analysis, along with a host of additional benefits.[1] Ponemon 2014 Cost of a Breach Study: Global Analysis