Troubleshooting with Wireshark - Spurious Retransmissions Explained (by Chris Greer)
LMTV LIVE | Visibility Architectures - Best Practices for Network Monitoring (with Keith Bromley and Recep Ozdag of IXIA)

How To Combat Monitoring & Security Tool Overload! (by Keith Bromley)

How To Combat Monitoring & Security Tool Overload 

I have a fundamental question for you. Are you managing your security and monitoring tools or are they managing you? We all want to say that WE are in control, correct? Unfortunately, data from two EMA investigations shows that this might not be the case. It is summarized in this infographic – How to Combat Monitoring and Security Tool Overload.

The number of security and monitoring tools that IT personnel use is increasing. According to the EMA Network Management Megatrends 2016 Report, the average number of security and monitoring tools used by an “average” enterprise (1,000 to 4,999 employees) ranges anywhere from 4 to 15 different tools. In 2014, the average enterprise used 3 to 10 different tools (according to EMA). So in two years, there has been an increase of around 25 to 30% in the number of tools being used.

This causes IT several problems like:  

  • Getting the proper access to good quality monitoring data
  • The sheer volume of tools makes it hard for IT to manage them
  • And a mixture of virtual and physical tools is making the situation even more confusing

An Ixia sponsored EMA survey in the fall of 2016 showed that despite all of the tools, most (60%) enterprises are not able to monitor their whole network. There are several reasons for the lack of coverage. The number one issue is a shortage of data access (tap & SPAN) ports for 35% of the respondents. Getting access to monitoring data is important. But more tools means more contention for the data feeds. If you are using SPAN ports, there could be a serious SPAN port contention issue, due to an increased number of tools that are all vying for the same port and the same, or subsets of the same, data. Even if you are using taps, directly connecting to the taps can present geographic and logistic problems with respect to getting all of the data that you need.

The growing volume of tools is also causing operational issues and increased costs. The 2016 fall survey showed that 23% of the respondents said they cannot keep pace with the number of tools they have. This is understandable. More tools means more maintenance activities like software updates for the tools, patch management, tool configuration (and reconfiguration) to capture the right monitoring data, and then the various network configurations required for proper data filtering. For instance, 49% of the respondents said they change the locations from where they mirror traffic within their network more than 3 times per month. This creates lots of extra work and reduces productivity.

A third concern is that cloud networking is introducing it’s own set of issues. According to the 2016 Right Scale State of the Cloud Report, the average enterprise uses 6 cloud networks. Trying to monitor each of those networks is complicated. Aggregating data across your physical and virtual networks can be even more frustrating. First off, how do you access the cloud data, especially if you have six networks? Once you solve that issue, how are you going to analyze the data – physical tools or virtual tools? Then, how do you combine monitoring data from the virtual and physical networks so that you can see true performance and cost impacts for both networks? These are tough questions but Management expects you to have an answer.

The survey finally showed that close to 45% of the respondents spent more than half of their time configuring monitoring tools. What’s worse is that while over ¾ of the respondents think that complete visibility to their monitoring tools is important, almost 1/3 are not confident that this is actually happening.

All of this affects the long term cost of ownership, the ability to get proper data analytics, and adherence to regulatory compliance standards. So, what can you do about it? That answer is simpler than you might think. It’s called a visibility architecture. A visibility architecture is simply a structure to create an organized plan for understanding:  what monitoring data you need, where it’s coming from, and how best to optimize the flow of that data. A visibility architecture, like IxVision, makes these problems go away by ensuring that your security and monitoring tools get the right data at the right time, every time. Physical taps, virtual taps, and network packet brokers are used to capture, organize, filter, and distribute the data to where it needs to go. It’s that easy.

Visit the Ixia Out-of-Band Visibility solutions page at to see how a visibility architecture can help you.

KeithAuthor:Keith Bromley is a product marketing manager for Ixia, Inc., with more than 20 years of industry experience in marketing and engineering. Keith is responsible for marketing activities for Ixia’s network monitoring switch solutions. As a spokesperson for the industry, Keith is a subject matter expert on network monitoring, management systems, unified communications, IP telephony, SIP, wireless and wireline infrastructure. Keith joined Ixia in 2013 and has written many industry whitepapers covering topics on network monitoring, network visibility, IP telephony drivers, SIP, unified communications, as well as discussions around ROI and TCO for IP solutions. Prior to Ixia, Keith worked for several national and international Hi-Tech companies including NEC, ShoreTel, DSC, Metro-Optix, Cisco Systems and Ericsson, for whom he was industry liaison to several technical standards bodies. He holds a Bachelor of Science in Electrical Engineering. 

Keith has many other popular articles on - and on