26601 Agoura Road | Calabasas, CA 91302 USA | Tel + 1-818-871-1800 | www.ixiacom.com Page 1
915-3723-01-6071 Rev A
In virtualization, microsegmentation can also extend beyond the data center. As
an example, we can apply different security policies for the human resources (HR)
database workloads of a company than to the ones from sales.
Data Center
Microsegmentation
System Test
Organizations must
validate each path
between the workloads.
The security solution should also ensure that blocking criteria is not just based
on ports, but also on traffic patterns, data types, and heuristics. In summary,
communication must be seamless for allowed applications and allowed privileges,
and blocked for all else.
26601 Agoura Road | Calabasas, CA 91302 USA | Tel + 1-818-871-1800 | www.ixiacom.com Page 2
915-3723-01-6071 Rev A
Security Resiliency Between Each Path Proper resiliency
To secure workloads, security measures are either put within the workload or tests that measure
between the two workload clusters where data travels. The security requirements the security efficacy
of one workload cluster may differ than another. For example, the vulnerabilities between each
and exploits affecting the web workload are different than the ones affecting the of these paths is
database or the application workloads. Proper resiliency tests that measure the key to identifying
security efficacy between each of these paths is key to identifying weaknesses weaknesses in those
in those paths and possible remediation for any exposed risk. The tests also help paths and possible
in fine-tuning security policies or in performing proof of concept (PoC) before remediation for any
deploying any newer security technologies. exposed risk.
Measuring Performance Impacts Due to Microsegmentation
In general, inline security policies will have performance impacts. Analyzing
traffic in motion and making decisions based on analysis can introduce latencies.
Performance issues include lower throughput, latencies, and session scalability.
Historically, many security technologies have been discontinued or put in non-
blocking mode due to their impact on performance and business. To ensure the
security technology continues in production, it’s important to prove that it can
perform its tasks without impacting business performance.
Key Issues
26601 Agoura Road | Calabasas, CA 91302 USA | Tel + 1-818-871-1800 | www.ixiacom.com Page 3
915-3723-01-6071 Rev A
Solution: Generating Real-World Traffic®, BreakingPoint Virtual Edition (VE) can Generating Real-World
replicate any of those workload clusters. It becomes both the sender and receiver Traffic®, BreakingPoint
of various such workloads, even replicating the entire microsegmentation network. Virtual Edition (VE)
By simultaneously simulating traffic (like that from applications, the web, can replicate any
databases, or clients) through the individual components of a data center, you can of your workload
effectively test every traffic path possible. Since it can also simulate data traffic
clusters.
patterns, you can test if the security solution goes beyond port matches to block
malicious traffic. A series of pre-packaged test cases and reports ensure all
legitimate traffic flows are allowed while anything else is blocked.
KEY BREAKINGPOINT
TEST CASES
• Create mixes of relevant applications
and understand latency, throughput,
and concurrency of such applications in
microsegmentation environment
26601 Agoura Road | Calabasas, CA 91302 USA | Tel + 1-818-871-1800 | www.ixiacom.com Page 4
915-3723-01-6071 Rev A
Test Security Resiliency
Problem: Implementation of security policies requires proper validation that
they work per expectations and can neutralize against any threat vector moving
between any workloads.
26601 Agoura Road | Calabasas, CA 91302 USA | Tel + 1-818-871-1800 | www.ixiacom.com Page 5
915-3723-01-6071 Rev A
Representative graph of performance impact when security policies between workloads are applied.
MORE INFORMATION:
www.ixiacom.com/products/breakingpoint-ve
26601 W. Agoura Road Clarion House, Norreys Drive 101 Thomson Road,
Calabasas, CA 91302 Maidenhead SL64FL #29-04/05 United Square,
United Kingdom Singapore 307591
(Toll Free North America)
1.877.367.4942 Sales +44.1628.408750 Sales +65.6332.0125
(Fax) +44.1628.639916 (Fax) +65.6332.0127
(Outside North America)
+1.818.871.1800
(Fax) 1.818.871.1805
www.ixiacom.com
26601 W. Agoura Road | Calabasas, CA 91302 USA | Tel + 1-818-871-1800 | www.ixiacom.com Page 6
915-3723-01-6071 Rev A I © Keysight Technologies, 2017