Every security team has a need for certain network security prevention tools to be placed inline with the network. As network data volumes rise, security teams are faced with the complexity of managing overloaded inline security tools that struggle to keep pace with the volume of network traffic.
As the majority of enterprise networks have inline security tools and typically use multiple security tools per site1, these appliances increasingly represent potential points of failure in the network. Whether due to a power outage, software malfunction, processing or throughput bottleneck, failing inline tools can disrupt the very applications and services they are meant to protect. This problem is addressed in two ways: deploying redundant inline tools and utilizing bypass protection.
The inline bypass functionality in the GigaSECURE® Security Delivery Platform enables security teams to:
1 Source: ESG Research Insights Paper: Network Security Trends, January 2017
Redundant inline tools address resiliency with the simple principle that if one tool fails, the redundant tool takes over. This is also known as 1+1 protection. A Gigamon inline visibility node is required to detect the failure of the active tool and then redirect traffic to the standby tool. The health of an inline tool is determined by monitoring the state of the link and optionally sending bidirectional heartbeat packets that verify the tool is passing traffic. The parameters of the heartbeat packets can also be refined to trigger a failover to the standby tool when the latency of the active tool becomes too great.
Rather than have this traditional active/standby arrangement, the Gigamon visibility solution can distribute traffic across multiple inline tools simultaneously. Not only does this allow security inspection and monitoring capabilities to scale up to the speed of the network, it also, in the event of a tool failure, enables the traffic can be redistributed to the remaining healthy tools. In addition, a dedicated standby tool can be deployed to provide N+1 protection.