TL;DR: To preserve your investment in your existing security tools and to extend your ROI, all compute workload and applications in the cloud should be instrumented to continue to feed your tools. When applications move to the cloud, feeding the security tools can be overlooked. Basic netflow / cloudflow doesn’t cut it. Nubeva Prisms is a new, born-in-and-engineered-for-the-cloud packet visibility, processing and distribution system that lets you have the best of the cloud for your applications while preserving your security investments
The one thing every security team has in common is the plethora of tools being used to secure their environments. Traditionally, these are on-premises tools used in the data center or DMZ. Initially, these tools and the systems they would monitor were physical, rack-and-stack boxes based on silicon and sheet metal. In the recent past, applications and security tools, have migrated to VMs or even open source projects. Today, we are seeing a similar migration of both security and application VMs into the cloud where they are either privately hosted or publicly available as subscriptions.
All too often, there is a key element missing from the transition from metal to virtual to cloud. That overlooked element is getting the important network packet traffic from the cloud to the tools. In the past, data centers and enterprise network had a combination of physical taps, span/port mirrors and network packet brokers make this happen. These ensured that your tools had the data they need to operate. The cloud has changed that.
Everyone is aware of their capital expense investment in security and IT monitoring tools. In some organizations, there are tools for every occasion. Sometimes there are even multiple tools that accomplish similar functions that are used by different teams. Because of these factors, there is often a significant amount of operational investment in the utilization of all these tools. When your entire team is familiar with a tool and that tool is part of your incident response or availability plan, it is critical to ensure that tool remains functional. Keeping it operating even as the applications and traffic it monitors and secures change origination points (e.g. from the data center to the cloud) must be a priority for investment to be preserved.
Today, security and IT teams are faced with two issues as they migrate their own tool capabilities to the cloud and as they deal with the applications that are moving to the cloud that they are tasked with securing.
How do I retain my existing investment in my security tools?
How & what do I feed these tools?
To answer the question of how to preserve existing investments you’ve already made and grow the ROI of security tools is to increase and lengthen their useful lifetime. IT and Security teams do this by preserving and growing their internal tribal knowledge surrounding each tool. The more a tool is used in a community, the deeper their collective expertise in using that tool to its fullest. The more your existing tools are used to secure or monitor new traffic sources, the greater the ROI. Specifically, the ROI comes from lengthening the life of the tool + avoiding the cost of new tools required to secure and see into new public cloud sources + preservation of tribal and operational knowledge of how to integrate the tool into your core processes.
We might express the ROI growth formula like this:
Existing Tool --> securing or monitoring new sources = Increased ROI on the tool
IT and security teams also extend the ROI of their tools by using them to secure new and upgraded applications that have moved to the public cloud. As the business builds and buys new systems, those systems need IT and security coverage. The more a security, devops or application availability team is able to bring the accumulated tribal knowledge of their own tools, procedures and workflows to bear, the tighter the security on, and the higher the availability of, the applications. Some organizations have specialized or unique tools that are located in their own data center. When applications move to the cloud, the needs of security and monitoring tools are often overlooked which can hamstring the teams’ effectiveness and overall organizational security. It is imperative that any application in the cloud is capable of feeding your specialized security and monitoring tools; wherever they live.
To answer the question of how to provide packet level data from the public cloud to your existing security and monitoring tools, we present the first, born-in-the-cloud packet acquisition, processing and distribution system: Nubeva Prisms.
Nubeva Prisms were engineered to ensure that you can feed your IT and security tools all the interesting, packet level traffic they require; regardless of where they live. The tools could be in the same VPC / VNET; a peered VPC / VNET; somewhere on the internet; or located in your data center across a VPN or Express Route or Direct Connect link.
Nubeva Prismsare quickly and easily installed on any public cloud sources, such as VMs, containers, or other cloud elements. There they acquire and process packet level traffic and direct mirror that traffic to your tools. Nubeva Prisms also support existing cloud tapping solutions, such as Microsoft VTAPs, and radically extend their capabilities by offering, filtering, replication, and other services. Finally, Nubeva Prisms is a fraction of the cost of the competition because we believe that all organizations should be able to monitor everything. Now it is truly possible to cover everything, with your existing tools and not break the bank.
Want to learn more about Nubeva Prisms? - Request a demo today.