Endace and Keysight on OT Security

Endace and Keysight Help Global Technology Company Uplevel Its OT Network Security   

A worldwide software provider began modernizing its operational technology (OT) infrastructure to increase automation and adopt zero trust network security. They started from the premise that visibility is foundational to security, which called for eliminating gaps in coverage—and—improving the handling of network traffic before it gets to monitoring tools.

Upgrading from a SPAN-based approach

The scope of the upgrade includes automating and improving the monitoring of networks carrying traffic from Heating, Ventilation, and Air Conditioning (HVAC) systems, badge readers, and surveillance cameras to monitoring tools running in data centers worldwide. The sheer growth of OT traffic to analyze, and increased likelihood of it containing threats, led to fundamental shift in how the team captures traffic.

Before the upgrade, the data center team used the switch port analyzer—or SPAN—port-based approach to capture and mirror network data to security tools like network detection and response (NDR) systems. The high cost and limited availability of premium network switch ports makes SPAN an expensive option that doesn’t scale or perform all that well.

Port limitations lead to incomplete, often unreliable visibility coverage. Tools don’t get to inspect all relevant traffic and packets may get dropped, duplicated, or arrive out of order. To begin improving its visibility from the ground up, an internal team of directors embarked on a quest for a more intelligent, scalable, and easily managed approach.

Keysight and Endace Beat Out Diverse Competition

The company also wanted to replace their existing traffic aggregators with sophisticated network packet brokers (NPBs) that could process and streamline traffic from the network to monitoring tools for analysis in real time. Its initial search led to the team inviting a ‘short list’ of leading network visibility platform vendors to participate in a multi-round proof of concept (POC) test.

The internal team left it up to the visibility providers to propose or bring their recommended packet capture solutions, which they did, including one vendor who demonstrated an all-in-one integrated approach. The Keysight team immediately reached out to Endace and made the appropriate introductions.

As the POC progressed over the course of several months, the joint Endace-Keysight solution emerged as the hands-down winner, even besting the integrated solution that would figure to be more efficient and less costly—but wasn’t. 

Endace out-captures the competition

The Endace solution met the customer’s current and future needs by capturing traffic packets from the network at speeds up to 40Gbps and demonstrating easy API integrations out of the box. Endace integrates with the company’s preferred security tools and also generates EndaceFlow enhanced NetFlow traffic to accelerate and enrich analysis. 

The Keysight architecture demonstrates clear advantages

The technology company wanted a highly robust network visibility platform and Keysight was the obvious choice.  The customer liked the fact that Keysight’s Vision family of packet brokers uses custom hardware and FPGAs instead of taking a pure software approach and using off-the-shelf ASIC technology. Processing in powerful hardware allows customers to run multiple advanced, CPU-intensive features like deduplication simultaneously without the NPBs dropping valuable packets that might contain evidence of threats.

Keysight easily and reliably performs the sophisticated capabilities needed to monitor OT traffic—deduplication, header stripping, load balancing—simultaneously. Intelligence-wise, the NPBs filter real-time traffic based on IP, application, location, and other criteria and add rich metadata to further enhance analysis.

But perhaps above all, the internal team preferred Keysight’s intuitive graphic user interface (GUI) to all three competitors’. Monitoring experts were able to train themselves and get up and running on the Keysight platform quickly with virtually no learning curve.

Best-in-class and ‘better together’

As the evalution went on, the customer witnessed and benefitted from the close collaboration between and with the Keysight and Endace team. Experts from both companies worked closely with them to integrate the proposed visibility solution with the company’s  preferred monitoring vendors. Keysight even introduced the planning team to industry experts from the well-known, cutting-edge visibility deployment at the Salt River Project (SRP) in Phoenix to gain valuable front-lines perspective.

Compared to the other three solutions that competed in the POC, the best-in-class performance and flexibility of the Keysight-Endace solution stood out for performance, security, and ROI out of the gate and over time.

OT networks warrant Zero Trust security

Today’s connected OT environments make attractive targets for cyberattacks. The software provider’s plan to uplevel its security operations includes adopting a Zero Trust Network (ZTN) infrastructure within data centers to improve threat monitoring.  The team is counting on its visibility platform to filter traffic from security cameras and trim unwanted data from Internet of Things (IoT) devices to improve compliance and monitoring operations.

As the rollout reaches full stride, the Endace-Keysight-customer team continues to collaborate to optimize performance and security monitoring across IT/OT network environments, avoiding risk and saving time and money in the process.

Related

Resources