New technology closes the hybrid cloud visibility gap by providing IT with a single, consistent view into all data in motion from Layers 2–7 and East-West traffic across all platforms, including between clouds. This enables operations and security teams to ensure a positive, secure user experience and to optimise tools and traffic costs.
There are many ways that hybrid and multi-cloud visibility is beneficial, even critical, to ensuring application availability and business continuity.
One of the most common applications and use cases that we’ve seen for this capability is tracking the status of SSL/TLS certificates on the thousands of application and communication servers that make up an enterprise network.
At a business level, if a TLS certificate expires it can take servers offline, leading to service outages, lost revenue opportunities, and reputational damage — which has happened in well-publicised incidents at organisations ranging from Adobe to Yahoo.
At the IT level, dealing with these fire drills is highly disruptive to the flow of IT operations and is very inefficient.
Of course, tracking TLS certificates is a difficult process that is made even more resource and time-consuming by the sheer volume of certificates and keys, often as many as 50,000, that must be tracked.
Because tracking expired, expiring, weak cipher, self-signed or fraudulent certificates is so important and so resource intensive, it is a natural candidate for automation. Yet, as the hybrid network becomes ever more complex, so does automating this process.
Let’s take an example of an organisation that has decided to create a TLS certificate traffic app on Splunk running on AWS. This app needs to get its tracking information from servers that could be in the public cloud, private cloud, and in multiple on-premises data centres.
Ideally, this TLS tracking information should be sent as metadata to Splunk to minimize traffic flow and consumption-related costs.
While this process is easy to describe, it’s much more difficult to develop and implement. To approach it from scratch, IT would need to build a pipeline capable of logging in to each of the thousands of servers in the enterprise to check on the TLS certificate, and then report alerts of those that are about to expire, are self-signed, have weak ciphers, and so on.
As a result, there are many TLS certificate management solutions available, but many of these are platform-specific, resulting in hybrid or multi-cloud enterprises running multiple certificate management solutions and not being able to easily gain a single view, or overall control of their situation.
With my company’s technology, this process can be radically simplified. A fabric manager provides a single view into all of hybrid platforms and is tightly integrated with cloud-native visibility tools, including AWS Traffic Mirroring, VMware ESX and NSX-T, Nutanix Flow and Prism, and OpenStack Tap as a Service.
This means that our solution has visibility into certificate status and can feed this into a tool like Splunk to automate the management process, saving significant amounts of the ops team’s time, heading off fire drills, and protecting the enterprise against outages.
For anyone wanting to deploy a TLS tracking app on Splunk, it’s much more efficient and potentially less expensive to send this data to Splunk as NetFlow metadata, not raw network packets. Specific new technology can make SIEMs like Splunk much more powerful, efficient and actionable by providing metadata collected from Layer 4 through Layer 7.
Using application intelligence, it’s possible to extract any of 5,000 application and network metadata attributes, including key attributes related to TLS certificates. By sending the right metadata information to our TLS Tracking app in Splunk, IT is able to quickly identify weak ciphers and expired or soon-to-expire certificates.
This is a practical example of the benefits of using advanced tech and a metadata intelligence application to automate and streamline a highly resource-intensive process and one that, if not properly implemented, can have adverse effects on application availability and business continuity, and ultimately on customer and user experience.