Is Data Masking Relevant Today?
Additional features are typically used in any industry as a means to give a product more apparent value but, of course, for a much higher price.
Example: A base-model car has 5 speakers, but you can upgrade to 8 or even 12 speakers. Did you really need them though? In a car, it is a question of the luxury feeling whether to pay a premium on top.
A network packet broker is a tool, it should do its job well and in the background. Let's look at the data masking feature of a network packet broker.
You need tools which can search through packets of sensitive data and mask it before sending it to the monitoring tools. "Masking allows network security teams to hide confidential information (passwords, financial accounts, or medical data), and thereby help companies comply with regulatory requirements password." Data like personally identifiable information (PII), or credit card information must be protected and not exposed to unauthorized individuals. Network Packet Broker must be able to mask unencrypted sensitive data that should not be and does not need to be exposed to monitoring and security tools or their administrators, hence make monitoring activities safe.
This is a marketing message. It sounds useful (as do many marketing messages) but when you look deeply into the application the reality is different.
1) Today, 60% of the internet traffic is encrypted via TLS. Therefore there is no way to read it. Nobody uses clear text transmission of banking information or sensitive data (or, if they are, shouldn't be).
2) If you use data masking on all of your monitoring traffic then you lose most of your troubleshooting information.
3) The idea of only masking the user traffic, and not the signalling, is not that easy because modern transmission protocols use in-band signalisation. So you cannot separate user and control plane.
4) This masking is done in the CPU modules which means a lot of resources are needed to do this.
This masking feature comes from the old days of networking when data in transit was not encrypted and is not relevant today.
The amount of information, misinformation, and conflicting messages can be difficult to sift through. Contact us to know more about the relevant features of a network packet broker.