F5 Blog

 
Archive Search Articles

Intelligent Inspection Zone for Optimized Security

Era Belongs to Technology   

Technology is transforming the way we do business. It has brought ease and timelines. We do not have to stand in queues for paying utility bills or getting a taxi anymore. Our smartphone tells us when our bus is going to arrive and keeps us connected to work while being on the move. With rapid digitization more and more of our work and life will be controlled by our smart devices.

Criminals are keeping pace with technology and have figured innovative ways to capitalize with the technology adoption. The rewards that cybercrime has to offer, the fact that it can be achieved hiding behind proxies and easy renting of technologies from underground markets has paved way for increased cybercrime.

https://sites.google.com/site/hackersqueue/_/rsrc/1445421304848/pc-tricks/malware-hacker-hacking-virus-computer-internet-2560x1440.jpg


Enterprise and Individuals alike are looking and investing in technologies to prevent, detect and respond to these threats. Heavy investments are made in the area of network and application security to guard the fort (read Brand Value). New threats are mitigated with point products leading to an enterprise acquiring a lot of technologies.

Intelligent Orchestration of Security

Today a typical enterprise stacks different kind of technologies as layers of defense and user traffic passes through it. Individually many security devices can cater for the traffic load, SSL/TLS offload, and the processing of all traffic, but the CPU cycles spent can be optimized and put to better use with intelligent orchestration.

Taking a deeper delve, let’s take a look at the traffic a typical enterprise generates (not an exhaustive list).

  1. Intranet Web Sites
  2. Social Media like Facebook, Twitter, etc.
  3. YouTube and other video sharing platforms
  4. Search Engines
  5. Emails
  6. Command and Control Sites
  7. Backup traffic
  8. Sites containing Personally Identifiable Information and Financial Information

Some types of traffic need more scrutiny than others. Making all of them pass through the same kind of inspection is not an intelligent choice. Something similar to service-oriented architecture is needed for modern day networks to thwart modern threats in an optimized manner.

Introducing the Intelligent Inspection Zone

An intelligent inspection zone can be characterized with security purchases of an organization being made available as services. These services are then applied to traffic path based on threat level. As displayed in Image below, the inspection zone needs to be controlled by an Orchestrator. The Orchestrator is responsible for:

  1. Making Security Appliances available as Service to various network paths
  2. Create a SSL free inspection zone for optimized use of inspection service
  3. Fail open or close the network in case a device fails
  4. Policy driven selection of security appliance for network traffic based on threat

Traffic heading towards an untrusted site on internet (possibly a Command & Control) should undergo strict inspection.

Traffic heading towards a trusted site on internet (or internal backup site) should undergo intermediate level of inspection. 

An intelligent inspection zone also provide an avenue to introduce new security appliance easily, by simply adding it to the inspection zone and adding it to traffic steering policy.

Conclusion

An intelligent inspection zone will help organization orchestrate the security and optimize security investments. Making security appliances available as service and an SSL free inspection zone will help organizations utilize the security appliance.

Resources:
F5 SSL Orchestrator