The delicate balance between network security and performance

Businesses must balance security and performance. Continuous testing can help measure the effects of changes, resolve issues faster, inform investment needs, and demonstrate the impact of changes on your network, explains Sashi Jeyaretnam, Senior Director of Product Management for Security Solutions at Spirent.

Managing network security for a modern business can feel like walking a tightrope. Admittedly, a faulty step won’t have quite the same impact (although cyberattacks continue to plague the world the biggest organizations, the stakes can seem almost as high). But like walking a tightrope, the secret to protecting an enterprise network is to maintain an excellent balance – in this case, between security on the one hand, and application performance and user experience on the other. somewhere else.

Focus too much on ease of access and user experience, and you risk leaving your business exposed. But if you focus too heavily on inspecting network traffic for threats, your applications can slow down, frustrating users and disrupting day-to-day business operations.

Many companies have solved this dilemma, especially large service providers and financial institutions. They do this by conducting in-depth security and performance reviews as part of ongoing change management. By implementing proactive testing, both to verify the effectiveness of security controls and to measure their effects on the user experience, these companies can sustain application traffic without exposing the business to undue risk. Today, as organizations across all industries rely on increasingly distributed applications and clouds, more enterprises are expected to follow suit.

Learn more: Why network service automation is the future of network management

A changing landscape

The back and forth between security and user experience is not a new phenomenon. But several recent trends have converged to make getting the balance right – and maintaining it – much more urgent. These include:

More distributed users and applications: Gone are the days when companies could easily categorize traffic as “internal” versus “external”. Today’s enterprise network is a tangle of distributed applications, clouds, and connected devices, where the “edge” can literally be anywhere. The good news is that modern architectures such as Secure Access Service Edge (SASE) integrate security directly into these distributed environments. Disadvantage: Understanding how security controls affect a given application or group of users has become much more complex.

More complex and dynamic environments: While yesterday’s corporate networks were largely static, today’s are constantly changing. With software-defined networks, changing cloud infrastructures, and continuous software updates to infrastructure and applications, the network you had this morning could look very different this afternoon. Even the security solutions themselves, which could receive software updates once or twice a year in the past, can now change several times a month.

More encryption: The percentage of network traffic using Transport Layer Security (TLS) encryption continues to increase. Google estimates that 95% of web traffic is now encrypted. While this is good news for users in many ways, it also means that inspecting network traffic for threats has become much more computationally intensive and much more likely to affect user experience. Some organizations find that inspecting encrypted traffic literally cuts firewall performance in half. This is the main reason why 50% of deployed firewalls capable of performing TLS inspection have this feature disabled.

Organizations continue to adopt ever more powerful security controls to protect against the growing threat surface that these trends expose. But if companies can’t measure the true impact of these controls, they won’t be able to use them effectively.

Learn more: Just like sports, it takes a team to fix network security

living with change

What is the secret to solving this riddle? The most successful companies don’t fight change; they kiss her. They assume that they will always modify and expand network security controls in their distributed environments. However, where they differ from some companies is in placing the same priority on user experience. They adopt change management frameworks to continuously assess security effectiveness and performance as their distributed environment scales.

Organizations concerned with balancing network security and performance deploy test agents at strategic points in their environment (within on-premises networks, at public and private cloud access points, at branch offices, etc. ) to simulate the network topology. They then generate emulated traffic to test the performance limits of network devices, web applications, and media services. And they do this in a way that emulates real-world traffic patterns as closely as possible, engaging all security controls as they will be configured in the production environment, as well as simulating world threats. real, with evasion and obfuscation techniques used in real-world cyberattacks.

By using these techniques, these companies establish a baseline for maintaining acceptable performance with the right level of inspection for their business. And they repeat this assessment on an ongoing basis, whenever security controls, configurations, or network software change.

Find the right balance

If that sounds like a better strategy than waiting for users to notify you that a security control change has rendered apps unusable, it is. By embracing continuous testing in your change management process, you can:

  1. Consistently and proactively balance network security and performance: Just being able to test against baselines makes a huge difference to users. By preemptively measuring the effects of network and security changes, you can understand their impact before they affect applications. You can keep users happy even if you protect them and avoid rushing to undo changes after the fact.
  2. Solve problems faster: The ability to test against performance benchmarks makes it easier to understand the impact of a network or security change on applications. You can identify exactly where and how the user experience is affected and quickly focus on a solution.
  3. Make smarter investments: Through continuous testing, you can understand exactly what you need from your security solutions, as well as the size and number of those solutions, in advance. For example, you can simulate inspecting all encrypted traffic and identify how many firewalls you will need at each location to ensure enough capacity for your users.
  4. Hold your suppliers accountable: If you don’t perform ongoing security and performance testing, you don’t have any credentials, which makes it much harder to keep tabs on your vendors. If a vendor releases an update that decreases performance, all you can say is that users are complaining. When you perform continuous testing, you can demonstrate exactly how a change has affected your business. And you can validate that your security solutions live up to vendor claims.

Cyber ​​threats will continue to evolve, and you can expect corporate networks to continue to become more distributed and harder to protect. But if you embrace constant change and incorporate network security performance and effectiveness testing into change management, you can walk that tightrope with confidence.

How do you balance security performance and efficiency? Share with us on Facebook, Twitterand LinkedIn.


Image source: Shutterstock