Security breaches at several major retailers, social media companies, and even the Federal Reserve, CIOs and CTOs are under pressure to harden their networks against a tide of cyberattacks that seems to be getting worse. The proliferation of mobile devices, bring your own device and the Cloud is changing the way people work and collaborate. This adds further complexity to the network and security monitoring challenge.

Data threats go far beyond the traditional foes everyone knows. Newer dangers include advanced persistent threats (APTs) and so-called man-in-the-middle attacks that intercept traffic between machines operating on Internet Protocol version 6 (IPv6) and older routers running IPv4.

In the rush to secure every vulnerable network portal, CIOs and security managers should not overlook the critical need for 100% network visibility. This requires a comprehensive monitoring strategy implemented with techniques that ensure all data is available, at line rate, to all monitoring tools at all times.

For enterprises that have yet to consider this critical fact — and the research indicates many companies are not even trying to analyze all the traffic moving through their networks — it is time to sit up and take notice.

What is not known — and, more importantly, what can’t be monitored— is the Achilles heel of any network security strategy. In many cases, the information speeding into networks at upwards of 40G is simply too much to handle for tools installed in the 1G era.

But with an intelligent network monitoring strategy, using the appropriate network monitoring architecture, taps/tools and packet manipulation techniques, you can maintain your 1G tools in these expanding networks.

Consider the case of a large financial services institution with responsibilities to shareholders and millions of customers. The company’s credibility lies in its ability to maintain a secure network.

To ensure this security, the organization needs to apply five or six tools to the critical data flowing through its network. There might be an intrusion protection system, an intrusion detection system, a data loss prevention tool and other tools that watch for signs of hacking or troublesome domains.

However, one concern is how to ensure all those tools have simultaneous access to the network at multiple monitoring points, in real time without dropping packets.

It is done by rethinking network monitoring architecture. The data center infrastructure traditionally consists of network switches that, with one or two outlets called switched port analyzers (SPAN), can be used for sending production data to a monitoring tool.

If there are six or more security tools that need to access data, two ports are simply not enough. The problem is referred to as SPAN port contention, and it is one of the biggest challenges faced in a security environment.

Further, SPAN ports will not catch everything that crosses the network, leaving visibility blind spots. In heavily loaded networks, if you configure too much traffic to be replicated by a SPAN port you are likely to lose packets as the port tries to keep up.

The use of network taps that sit in line between switches offers the advantage of accessing all the data, without the possibility of dropped packets, regardless of bandwidth. Total visibility is possible only through the adequate use of network taps and the right switching architecture with advanced monitoring techniques that ensure all data is available, at line rate, to all monitoring tools at all times.

After achieving access to all that data, it is important to take other steps to ensure that your tools are not overwhelmed.

An intelligent network monitoring switch will support complete packet manipulation and modification including aggregation, filtering, packet slicing/stripping, deduplication, and network load balancing to reduce the combined stream to meet available bandwidth.

Multi-stage filtering offers limitless flexibility in filtering rules and provides pinpoint accuracy, allowing users to specify exactly which packets are delivered to each egress port on the switch and eliminating the threat of oversubscribing ports and dropping packets.

Many critical security monitoring tasks are concerned only with the data contained in the packet header. Packet slicing can be used to discard packet payload information sent to monitoring tools to reduce overall data volume, increase tool performance, enhance network visibility and save scarce budget resources.

The need to eliminate duplicate packets has become fundamentally important for security and network performance monitoring. With up to 50% of network monitoring traffic being duplicates, implementing a packet deduplication function with the network monitoring switch is foundational to ensuring security monitoring tools remain efficient.

The fight for full network visibility depends on many factors. But with some strategic thought and planning, and by using the latest intelligent network monitoring technology and techniques, it is possible to harden your defenses.

The first step is to open an internal discussion on network monitoring switch architecture to ensure that your company’s tools have 100% visibility. Any company that lacks complete visibility leaves itself vulnerable.

The opinions expressed in the article above are those of the author and do not reflect those of DatacenterDynamics, its employers or affiliates.