Security and performance tools are essential for protecting networks from threats and ensuring efficient operations. However, as networks expand, increased complexity and potential blind spots make it difficult to maintain visibility and control.

Scaling security systems to keep up with network growth can significantly increase operational costs, posing a dilemma for organizations aiming to enhance their security posture without breaking the bank. These tools often have pricing models that scale with the amount of data they process, typically measured in bandwidth.

Network Packet Brokers (NPBs) play a crucial role in optimizing the efficiency and cost-effectiveness of network monitoring and security solutions. Here’s a breakdown of how this pricing model works and how NPBs can save costs.

Pricing model for network monitoring tools

Network performance monitoring and security tools rely on visibility into the network they are deployed in, often receiving traffic from physical and virtual network TAPs and SPAN connections. The costs for these monitoring tools often depend on the volume of data they monitor, with higher bandwidth usage leading to higher costs.

Example of cost scaling with bandwidth:

• Hardware: One-time cost enables a certain level of data processing capacity, for instance up to 10 Gbps of traffic.
  
  
• Maintenance cost: Bundles can be made to include services like support, warranty, and training, for a specified time, usually 1 or 3 years.
  
  
• Incremental cost: Additional charges apply as the traffic volume exceeds the base capacity. This could be structured as a tiered pricing model or a per-Gbps rate for additional bandwidth.

Role of Network Packet Brokers (NPBs)

NPBs can filter and preprocess traffic before it is forwarded to the appropriate tools, effectively reducing the volume of data these tools need to process. This preprocessing can include stripping out redundant data, deduplication, slicing packets to remove unnecessary payload, and intelligently directing traffic based on the data's relevance to security or performance needs.

Benefits of NPBs:

• Reduced data load: By sending only actionable data to monitoring tools, NPBs reduce the bandwidth that these tools need to process.
  
  
• Cost savings: Lower data throughput on monitoring tools translates to lower costs, as these tools' pricing often scales with bandwidth.
  
  
• Improved performance: With less data to process, monitoring tools can perform more efficiently, potentially providing faster insights.

NPB features for network traffic optimization

• Aggregation: Aggregate two or more incoming streams of data into a single stream. This can be combined with the replication feature to send the aggregated traffic to multiple output ports. It can also be combined with both the replication and filtering features to send different parts of the aggregated traffic to different output ports.

• Filtering: Ensure optimum efficiency of monitoring, security tools, and bandwidth utilization by filtering traffic such that only appropriate data is sent to these network tools.

• Packet slicing: When using packet slicing, the frame headers are kept, and the payloads are dropped. By removing payloads irrelevant to your network monitoring and security analysis, tool overload and bandwidth usage can be decreased.

• Packet deduplication: When accessing traffic at multiple locations in the network, picking up the same packets multiple times is almost unavoidable. When duplicate packets are transmitted to your monitoring tools, the unnecessary utilization of bandwidth and processing power reduces their efficiency and effectiveness.

• Load balancing: When several security tools are deployed, load balancing can optimize the response time and avoid uneven load while another is idling. By distributing the traffic load evenly among the available security tools, they are used in the most efficient way.

Cost comparison example

Let’s consider a scenario where a company has a total network bandwidth of 100 Gbps. It has 10 switches deployed, each with a SPAN port of 10 Gbps to monitor. Most security/monitoring tools feature 2 SFP+ interfaces of 1G/10G as standard. For this cost comparison scenario, we took an appliance with 4 x 10G interfaces. Let us look at the total cost of ownership in a scenario without an NPB deployment versus with an NPB.

Scenario 1 - Without a Network Packet Broker

Sending traffic directly to security and monitoring tools quickly increases bandwidth consumption. To handle the total input of 100 Gbps from the 10 SPAN switches directly, 3 security/monitoring tools ((4 x 10G) x 3 = 120 Gbps) are required.

Scenario 2 - With a Network Packet Broker

With an NPB, we can optimize traffic selection and delivery to ensure that monitoring and security tools get all the data they need and only the data they need. The NPB can aggregate the traffic from all 10 SPAN links before processing it and replicating it to multiple output ports. By applying packet filtering and deduplication, the NPB can remove all unnecessary and duplicate data before sending it to the appropriate tools.

The ability of NPBs to receive, process and filter large amounts of data from multiple sources increases tool efficiency by limiting the actual volume of traffic each tool must process. With only relevant traffic to process, congestion is reduced, false positives are minimized, and you can often handle the reduced volume with fewer monitoring devices.

*These costs are averages and approximations for this simplified example.

This example shows how using a Network Packet Broker to optimize monitoring traffic can lead to significant cost savings by reducing the need for more expensive bandwidth capacity on monitoring tools. Whenever there is a later need for expansion on the security tool side, the Network Packet Broker can speed up the deployment with minimal impact on the network and also account for load balancing between multiple devices.

Conclusion

For organizations facing growing data traffic and the associated rising costs of monitoring and security tools, NPBs offer a strategic solution. By filtering and reducing unnecessary data before it reaches these tools, NPBs enhance the performance of security tools and provide a cost-effective way to manage technology investments.