Network Packet Brokers (NPB)
This article covers Network Packet Brokers (NPB), including their functions and benefits.
What is Network Packet Brokers (NPB)?
Network Packet Broker (NPB) is a more powerful traffic processing technology than Network tap. It enables NPB devices to receive traffic from a large number of links, aggregate it for internal processing (e.g. filtering, etc.) of the device, and then Distribute traffic to other devices on the other side. This behavior can also be called aggregation and distribution. Correspondingly, devices that implement NPB can be called aggregation and distribution devices.
When is a Network Packet Broker Needed?
Most of the time, network engineers complain that their online security tools do not receive all the required data, resulting in blind spots in the network. This can ultimately lead to wasted resources, redundant costs, and a higher likelihood of being hacked.
These issues can be addressed by using NPB to forward traffic from network access tools to various network security, performance management, and other monitoring tools before applying specific filters and rules. Moreover, the device can aggregate traffic from multiple input ports to a single output port and vice versa. The image below shows what the advanced network visibility platform looks like.
What Exactly Can NPB Do?
In theory, aggregating, filtering and delivering data sounds simple. But in reality, smart NPBs can perform very complex functions, resulting in exponentially higher efficiency and safety gains.
Load balancing traffic is one of these features. For example, if you upgrade your data center network from 1Gbps to 10Gbps, 40Gbps, or higher, NPB can slow things down so that high-speed traffic can be distributed to an existing batch of 1G or 2G lower-speed analytics monitoring tools. This not only extends the value of your current monitoring investment, but also avoids expensive upgrades during IT migration.
Other powerful functions performed by NPB include:
Redundant data packet deduplication
Analysis and security tools support receiving large amounts of duplicate packets forwarded from multiple taps. NPB eliminates duplication to prevent tools from wasting processing power processing redundant data.
SSL decryption
Secure Sockets Layer (SSL) encryption is a standard technology for sending private information securely. However, hackers can also hide malicious cyber threats within encrypted data packets.
Inspecting this data must be decrypted, but breaking down the code requires valuable processing power. Leading network packet brokers can offload decryption from security tools to ensure total visibility while reducing the burden on costly resources.
Data Desensitization
SSL decryption makes data visible to anyone with access to security and monitoring tools. NPB can mask credit card or Social Security numbers, protected health information (PHI) or other sensitive personally identifiable information (PII) before passing the information so it is not disclosed to the tool and its administrators.
Header Stripping
NPB can strip headers such as VLAN, VXLAN, L3VPN, etc. so tools that cannot handle these protocols can still receive and process packet data. Context-aware visibility helps uncover malicious applications running on the network and the footprints attackers leave as they work across systems and networks.
Application and Threat Intelligence
Catching vulnerabilities early can reduce the loss of sensitive information and the ultimate cost of a breach. The situational awareness visibility provided by NPB can be used to uncover indicators of compromise (IOCs), identify the geographic location of attack vectors, and combat cryptographic threats.
Application intelligence extends beyond Layers 2 to 4 (OSI model) of packet data, up to Layer 7 (Application Layer). Rich data about user and application behavior and location can be created and exported for use in blocking application layer attacks where malicious code disguises itself as normal data and valid client requests.
Application Monitoring
Application-aware visibility also has profound implications for performance and management. Maybe you want to know when an employee used a cloud-based service like Dropbox or web-based email to bypass security policies and transfer company files, or when a former employee tried to access files using a cloud-based personal storage service.
Benefits of NPB
Easy to use and manage.
Intelligence that takes the burden off your team.
No packet loss – run advanced features.
100% reliability.
High-performance architecture.