Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 1 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Multiple SIEM Dilemma – UDP Forwarding

by The Gurus
August 1, 2016
in This Week's Gurus
Share on FacebookShare on Twitter

Multiple SIEM Dilemma – UDP Forwarding
By Mike Patterson, Founder and CEO, Plixer
In large enterprise environments, the security teams are often completely autonomous from the network team.  They purchase separate tools to do their jobs and they keep the data separate as well.  This results in an unwillingness to share resources such as access to the SIEM for running searches.
The separation of responsibilities can also result in double purchases of exactly the same solution (E.g. SIEM) and sometimes this division can create obstacles.  Take for example devices such as routers and switches that send UDP traps, NetFlow or IPFIX.  Some of these devices can only send these messages to one or two destinations.  When the security and network teams both need the same data to multiple systems within their group, the one or two destinations from the hardware just isn’t enough.  When this problem surfaces, both teams turn to UDP Forwarding.
UDP Forwarding
UDP Forwarding is a process where UDP messages are sent from one or more devices to a UDP Forwarder.  The UDP Forwarder duplicates the messages and forwards them out to multiple servers by changing the destination IP address. The source IP address however, is not modified.  As a result, the device performing the UDP forwarding is completely transparent to the destination.
A UDP Forwarder is sometimes referenced as a UDP Fanout and the biggest benefits gained from them include:

  • Reduction in the amount of traffic on the corporate network
  • Reduces the CPU load on routers and switches as they only have to send UDP messages to one location
  • Lessen the configuration work load.  Imagine ~1000 routers that need to send NetFlow, sFlow, IPFIX or syslogs to a second IP address
  • Allow both network and security administrators to receive the same log messages while maintaining separate systems.

Perhaps one of the biggest benefits is that they assist companies with regulatory compliance requirements by ensuring that a backup of all system messages and notifications are sent to multiple locations.  Security administrators gain peace of mind knowing that they definitely have the data required should an audit become necessary.
When evaluating UDP Forwarding solutions, there are several features to keep in mind.  Will the solution:

  • Detect when the destination hosts (i.e. UDP Collectors) are offline and stop forwarding traffic to them?
  • Provide a way to measure performance of the UDP Forwarder and the volume of individual UDP streams that it is receiving?
  • Is the solution easy to configure and does it scale for larger environments (i.e. can it operate at wire speed).
  • Provide fault tolerance and redundancy in case of a failure?

UDP Forwarding is not a big multi million dollar industry but, it definitely solves a unique problem in companies where departments need to keep the data they are working with completely hidden from other departments.

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

How to Protect Yourself or Organization from Malware

Next Post

UK SMEs not prioritising better online security

Recent News

JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023
Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information