Cyber Resilience

Finance Company Taps into Security

with Forescout and Keysight

Migrating to a Faster Network Required Better Tools!

The adoption of higher-speed data center communications positions the bank to grow digital banking, support remote work and access, and grow through M&As and geographic expansion — initiatives that all require real-time monitoring to spot potential security threats. The bank’s network architecture team chose the Forescout Platform to monitor traffic and surface emerging threats quickly. Next, they needed to decide how best to feed the Forescout solution complete data from its new high-speed network in real time.

The question brought the team face-to-face with an age-old visibility dilemma:

To Tap or Not to Tap?

Prior to the upgrade, the bank’s network operations architecture used network taps to collect packet data needed by monitoring tools from the network, but the new speed requirements made the team question whether their existing solution was reliable and cost-effective enough to maintain going forward. While the seemingly obvious choice would have been to buy more of the same taps already in place, the team suspected its old solution might be dropping packets—creating dangerous security blind spots in the process—and consuming too many data center racks and resources to scale efficiently. 

And, analysts found the incumbent vendor’s user interface (UI) tedious to operate which did not bode well for connecting hundreds or even thousands of taps to monitoring tools while operating at higher speeds. 

Instead, the team took a step back and considered two different alternative approaches – using network switch ports to mirror traffic for analysis and replacing its existing tap solution with Keysight Flex Taps. They engaged solution provider partner CDW to help weigh the pros and cons of each option and choose the ideal approach. 

ROI Analysis Rules Out Using SPAN Ports

The bank’s network experts want the ability to tap every link as its network continued to evolve, a goal that rendered a switched port analyzer (SPAN) approach cost-prohibitive. Consuming so many valuable switch ports, more CPU, and excessive data center rack space would obviously cost more in the long run. SPANning might also mean overwhelming the infrastructure to the point of dropping packets. 

Taps offer significant advantages over the use of switch ports to monitor networks, starting with the fact that SPAN ports require engineers to reconfigure switches. Switches also knowingly eliminate some traffic including corrupt or very small packets, Layer 1 and some Layer 2 errors.

Taps pass on all data so tools see everything that can potentially help troubleshoot common physical-layer problems such as bad frames that caused by faulty network interface cards (NICs). Taps also prove less vulnerable to security attacks and more resource-efficient as they do not create unnecessary or duplicate copies of packets.

In the end, the high cost and unacceptable risk associated with the SPAN approach convinced the team to move forward with a visibility architecture based on network and cloud taps to aggregate, filter, and deliver traffic to Forescout for analysis. But which one?

Performance and ROI Goals Drive an Upgrade to Keysight

Where the previous taps took up too much space in the data center and consumed considerable CPU resources. Keysight Flex Taps provide roughly double the coverage and density using the same data center resource, a tremendous advantage that pays compound dividends as the network evolves, and a vastly more intuitive interface.

Visibility Secures Scale Into the Future

The rollout began with two major data centers, the bank’s Chicago headquarters and a primary southeast location. The install went smoothly and progressed to other regions of the US. As it completes and potentially expands to include network packet brokers (NPBs), the joint solution from Keysight and Forescout positions the banking services provider to achieve scalable, world-class visibility for years or even decades to come.

Related

Resources