POH: The Power Behind HDBaseT (by Mark Mullins)
LMTV LIVE | Top 6 Scariest Things (Mike Canney)

Understanding Network Visibility Use Cases! (by Keith Bromley)

Understanding Network Visibility Use Cases!

 

Network visibility is fast becoming a key component of network and security planning. This is because network visibility is more than just network monitoring. It is about understanding the network—how is it actually performing, are there any current problems, where do future pain points lie, and how do I optimize my resources?  IT’s fundamental challenge is to ensure that the infrastructure beneath their applications is reliable, fast, and secure.

As we all know, network blind spots get in the way. Common sources of blind spots include:  Silo IT organizations, SPAN port overloading, rogue IT, SSL encrypted data, data overload of monitoring equipment, and network and equipment complexity. These blind spots directly correlate to network problems and outages, increased network security risk, and potential regulatory compliance issues.

Encrypted data further exacerbates the situation. According to a Bluecoat infographic, half of all network security attacks in 2017 will use encrypted traffic to bypass controls. In addition, internal and external SLA’s and customer quality of experience have become increasingly important for IT. These requirements are forcing IT to gain an even better insight and understanding of the network to maximize performance. What no IT team wants to find out is that all of their assumptions and architecture designs are based on incorrect or missing data. When this happens, it results in higher solution costs, confusion, rework, customer dissatisfaction, performance problems, and unplanned outages.

IT security and analytics tools are only as good as the data they are seeing. Visibility solutions are what enable IT to combat blind spots and quickly isolate the resulting security threats and resolve performance issues; ultimately ensuring the best possible end user experience. Without visibility, IT can only operate reactively to problems and may become ineffective at eliminating those problems.

For instance, visibility architectures can help IT administrators and engineers in the following six areas by:

  • Improving network security and reliability
  • Helping optimize network performance
  • Speeding up troubleshooting efforts
  • Strengthening regulatory compliance initiatives
  • Providing cost containment and cost reduction capabilities
  • Removing network blind spots

So how, specifically, can visibility help? Actually, there are lots of use cases within these areas. I don’t have time to go over them all, but here is a list of a few examples. I have sorted the use case examples under each of the six topics.

  • Security & Reliability
    1. Application intelligence can be used to expose security breach indicators of compromise
    2. Inline deployments of network packet brokers (NPBs) and bypass switches can use high availability features to improve reliability and uptime of security tools, like intrusion prevention systems (IPS)
    3. Inline data filtering can improve the efficiency of security tools by allowing low risk traffic (like voice and video) to bypass IPS inspection. This improves IPS efficiency and throughput.
  • Performance
    1. Application intelligence can be used to identify application performance issues (i.e. slow applications, high bandwidth consumption, etc.)
    2. Proactive monitoring with network traffic generation and testing can be used to validate service level agreements (SLAs) and to pretest how an application will perform on the network under load, before end-users begin using the application/feature. This provides faster and better rollouts.
  • Troubleshooting
    1. NPBs can help reduce mean time to repair (MTTR) by eliminating change board approvals and the use of crash carts during a network problem/outage. This saves hours, or even days, of time.
    2. Geographic location information can be used to provide proactive troubleshooting by allowing IT to see if problems/outages have a geographic commonality to speed up resolution times.
    3. Floating filters created within an NPB allow IT to decrease troubleshooting times by accessing predefined troubleshooting filters that are already connected to specific tools. This allows IT to literally start capturing monitoring data in less than one minute.
  • Compliance
    1. Application intelligence can be used to enhance regulatory compliance by using data masking of sensitive information, regular expression (REGEX) searching, and forwarding of data to specific analysis tools for inspection
    2. Packet trimming (payload stripping) can be used to remove sensitive data before it reaches monitoring tools.
  • Cost reduction
    1. NPB filtering and deduplication can be used reduce the load on monitoring tools. Depending upon network configurations, you may be able to eliminate up to 70% of irrelevant data currently being passed to monitoring tools. This is a huge boost to the tools, as they have less “junk” to process now.
    2. Load balancing features within an NPB allow you to extend the life and value of existing monitoring tools by spreading the monitoring data across multiple tools that have been pooled. Without this feature, it is common for monitoring tools to be under-utilized and for you to need to spend more than needed on security and monitoring tool purchases.
  • Removing blind spots
    1. Visibility architectures expose missing data from SPANs, which only provide summarized data and exclude malformed packets and other bad data that is useful for troubleshooting. In addition, filters created by command line interfaces (CLI) are commonly configured incorrectly, resulting in clipped (missing) data.
    2. Visibility architectures and virtual taps expose hidden data in the virtual data center. It is common for up to 80% of virtual traffic to be east-west data that never hits a physical tap. A virtual tap can provide access to this data.
    3. Network complexity can be reduced by deploying NPB’s which allow you to create a holistic view (visibility architecture) for monitoring data, VLANs, and subnets.

Could you use help in any one of these areas? Most IT enterprises probably can. If you want to learn how you can optimize your network in some of these areas, there is a free webinar coming up. Myself and others will review an extensive list of visibility use cases that you can apply to your network in order to make it stronger and more resilient. This includes uses cases and benefits for all six areas mentioned above. Specifically, the webinar will cover:

  • Fast and concise training into what a visibility architecture is and its benefits
  • An overview of several of the possible use cases for network visibility solutions
  • How to make your existing monitoring strategies more efficient

Click here if you want to attend the webinar. If not, more information on visibility architectures is available here.

Keith

Author:Keith Bromley is a product marketing manager for Ixia, Inc., with more than 20 years of industry experience in marketing and engineering. Keith is responsible for marketing activities for Ixia’s network monitoring switch solutions. As a spokesperson for the industry, Keith is a subject matter expert on network monitoring, management systems, unified communications, IP telephony, SIP, wireless and wireline infrastructure. Keith joined Ixia in 2013 and has written many industry whitepapers covering topics on network monitoring, network visibility, IP telephony drivers, SIP, unified communications, as well as discussions around ROI and TCO for IP solutions. Prior to Ixia, Keith worked for several national and international Hi-Tech companies including NEC, ShoreTel, DSC, Metro-Optix, Cisco Systems and Ericsson, for whom he was industry liaison to several technical standards bodies. He holds a Bachelor of Science in Electrical Engineering. 

Keith has many other popular articles on WWW.Lovemytool.com - and on Ixia.com

A-life-cycle-view-of-network-security

What-the-heck-are-network-blind-spots?

Network-monitoring-basics-what-why-how?

Network-security-resilience-report!

Network-monitoring-basics-what-why-how!

What-applications-are-flowing-over-your-network?

Latest - http://www.lovemytool.com/blog/2016/10/find-breaches-faster-using-indicators-of-compromise-by-keith-bromley.html

 

Comments