Security-in-Depth Architecture Combats Growing Cyber Attack Sophistication
August 30, 2013
As businesses grow more digital by the day, cyber attacks are growing increasingly sophisticated.
During the first quarter of 2013, for instance, sophisticated cyber-attacks hit major financial institutions and large enterprises in South Korea, Saudi Arabia, and Russia, according to security firm VSS Monitoring, which serves more than 1700 clients, including governments, financial institutions, enterprises and service providers.
These attacks are not limited to any particular country, however. Advanced malware and botnet threats continuously test corporate and government network security and performance measures.
The leading approach for defending against these attacks is a security-in-depth architecture, which is basically a strategy where multiple layers of defense are placed throughout the network and data center.
The concept behind this approach is defending against attacks by using several, varying methods of defense because a single system can’t tackle all emergent cyber threats that faces businesses today.
Image via Shutterstock
One challenge with security-in-depth architecture is scaling. Most security and analytics tools require a 1-to-1 connection approach. This is costly and doesn’t scale well.
VSS Monitoring has developed a system for getting around this problem, however. Its vBroker network packet broker system delivers intelligent traffic steering to active inline network security and acceleration appliances to optimize active inline and passive monitoring tools with all-modular configurability.
This lets the next generation firewall and IPS systems of a business, as well as its email and web threat prevention systems, detect the traffic relevant to the system’s unique function without becoming overloaded having to parse out useless data.
Traffic can pass through several in-line security tools, maximizing their throughput capabilities. VSS Monitoring’s network packet broker appliance can handle 480Gbps of concurrent throughput in a non-blocking manner.
Among the features of the VSS system are selective aggregation, session-aware load balancing, hardware-based filtering, system management, intelligent stacking, customizable health checks and trigger-based redirection policies, according to the company.
"It's not if--but when --the tsunami of sophisticated multi-threat advanced cyber-attacks will happen," said Rob Markovich, SVP of sales and marketing for VSS.
So, while cyber threats grow more sophisticated, so do the solutions vendors use to combat them.
Edited by Blaise McNamee