The Importance of Lossless Visibility!
Does lossless visibility really matter for monitoring tools?
They’re supposed to be able to handle lost packets, corrupt packets, data gaps, etc., right?
Well, the answer is kinda, sorta, absolutely NO!
Security and monitoring tools are only as good as the data they see, or don’t see. Some tools have capabilities to help them “tolerate” missing data but that is a flawed theory and here’s why.
Missing data can lead to missed or false positive security threats, longer and more costly troubleshooting efforts, and lower customer satisfaction ratings. According to the 2016 Verizon Data Breach Investigation Report, most victimized companies don’t discover security breaches themselves. Approximately 75% have to be informed by law enforcement and 3rd parties (customers, supplier, business partners, etc.) that they have been breached—they had no idea the breach had happened. It’s hard enough to defeat modern network security threats, you don’t want to start off with limited network visibility. But that’s exactly what happens if your monitoring solution (which includes your taps, SPANs, and network packet brokers) does not feed your security and monitoring tools the correct data. For instance, check out this report from the Tolly Group about how one network packet broker drops packets and doesn’t even report it.
Other than missing your target reason for network visibility!
The following list shows some examples of why lossless visibility is important: