21 posts categorized "Ixia" Feed

Diffusing The IT Blame Game With Network Visibility (by Keith Bromley)

Diffusing The IT Blame Game With Network Visibility

How well does your company communicate internally? Specifically, how well do your IT departments communicate with each other?  Enterprises typically contain four or more IT sub departments (Security, Network Operations, Virtual DC, Capacity Planning, Service Desk, Compliance, etc.) and it’s quite common for them to be at odds with each other, even in good times. For instance, there’s often contention over capital budgets, sharing resources, and headcount.

But let’s be generous. Let’s say that in normal operations things are usually good between departments. What happens if there’s a breach though, even a minor one? Then things can change quickly. Especially if there are problems with acquiring accurate monitoring data for security and troubleshooting areas. Finger pointing can quickly result.

So, what can you do? We recently discussed this on an LMTV podcast How To Diffuse The IT Blame Game. One of the answers is to create complete network visibility for network security and network monitoring and troubleshooting activities.

For instance, here are three common sources of issues for most IT organizations:

  • There is a lack of proper access to network data
  • Analytic and security tools can be modified, moved, or just plain disappear without permission
  • Capture and analysis of monitoring data can create business risk and problems for other departments

Lack of data access is self-explanatory; you just don’t have access to the data you need, when you need it. One reason is that if you need to make changes to the network, you typically need to get permission from the company Change Board (your network oversight governance organization). This usually takes days, maybe weeks depending upon the business.

Besides Change Board approval being an issue for connecting equipment to the network, this is also a common issue for SPAN port filter configurations as well. Any change to the network routing switch could potentially create a service impact. SPAN ports also constantly need reprogramming to capture new data. This could affect others using that particular filter and cause an unknown loss of data to the security and monitoring tools currently in use. The IT engineer may or may not know that the new filter is clipping important data – until there’s a problem, and someone gets blamed.

A second issue is that you may not have the budget you need for certain types of equipment. Even if other departments have the equipment, they often don’t want to share. Sharing is often a problematic issue for IT departments because the security and monitoring tools often get moved or reconfigured which causes irritation among staff members. Besides individual tool sharing, some enterprises have created “crash carts” that have a set of common diagnostic tools for immediate troubleshooting purposes. However, these crash carts and their tools are often not reset to default settings, which means that the next user has to waste time resetting and reconfiguring the equipment. This stress is heightened if there is an event, such as a security breach, network failure, or application failure. These incidences result in troubleshooting time delays, higher costs, and SLA/QoE problems. This is true even if the sharing problem turns out to be that monitoring data filters were changed without permission, as this itself can cause network and application outages or increase mean time to repair (MTTR).

A third common issue is that the capture of the data leads to other problems. For instance, encrypted data can be captured, decrypted, and then the data passed in the clear to monitoring analysis and storage devices. This is a good and necessary thing – you want and need to be able to analyze the data. Unfortunately, the other side of the coin is that this can, depending on what you do with that data and where it goes, cause regulatory compliance issues. Several standards, like PCI DSS and HIPAA, require that data in motion and data at rest be secured. In addition, should this clear text data be captured as part of a network breach, you have just increased your company’s financial liability.

As mentioned earlier, one of the biggest challenges for IT staff today is to get the proper network information they need, when they need it, so that they can make informed decisions about network security and problem resolution. Proper network visibility is the solution. Without this visibility, how do you know that you haven’t been breached? If you have been breached, what was affected? IT professionals know they cannot prevent all attacks, so they need to focus on quickly detecting signs of infiltration. This helps all IT departments avoid becoming the victim of the blame game. No one wins in the blame game.

But what can you really do about the problems. Here are some examples of how you can increase network visibility and eliminate some of the pitfalls:

  • Add taps to replace SPAN ports. Taps are set and forget technology which means that you only need to get Change Board approval one time to insert the tap and you are done.
  • Add a network packet broker (NPB) to eliminate most of the other Change Board approvals and eliminate crash carts. The NPB is situated after the tap so you can perform data filtering and distribution whenever you want. By implementing a tap and NPB approach, you may be able to reduce your MTTR times by up to 80%.
  • Add an NPB to perform data filtering. The NPB performs data filtering to send the right data to the right tool whenever you need it. This improves data integrity to the tools and improves time to data acquisition.
  • Add an NPB to create role-based access to filters. This eliminates the “who changed my settings” issue and allows multiple departments to share the same NPB.
  • Add virtual taps to get access to the often hidden East-West data in a virtual data center or cloud network

No one wins at the blame game as it’s a zero sum game. Even if one department appears to win, the whole group typically loses. One of the best things an IT department can do is increase network visibility because it gets at the core of the issue instead of treating symptoms. This is what will help reduce incidents, reduce long term costs, reduce troubleshooting times, and increase staff happiness.

If you want more information on this topic or network visibility solutions, check out the video podcast How To Diffuse The IT Blame Game and the ebook The Definitive Guide to Network Visibility Use Cases.

KeithAuthor: Keith Bromley is a senior product marketing manager for Keysight Technologies with more than 20 years of industry experience in marketing and engineering. Keith is responsible for marketing activities for Keysight's network monitoring switch solutions. As a spokesperson for the industry, Keith is a subject matter expert on network monitoring, management systems, unified communications, IP telephony, SIP, wireless and wireline infrastructure. Keith joined Ixia in 2013 and has written many industry whitepapers covering topics on network monitoring, network visibility, IP telephony drivers, SIP, unified communications, as well as discussions around ROI and TCO for IP solutions. Prior to Keysight, Keith worked for several national and international Hi-Tech companies including NEC, ShoreTel, DSC, Metro-Optix, Cisco Systems and Ericsson, for whom he was industry liaison to several technical standards bodies. He holds a Bachelor of Science in Electrical Engineering.

Oldcommguy dubs Keith "One Of The Good Guys" in today's technology!

Please note - Keith has many other popular articles on WWW.Lovemytool.com - and on Keysight Technologies.

Top-five-ways-to-strengthen-a-security-architecture

How-to-improve-compliance-activities

Some-easy-ways-to-improve-network-troubleshooting

How-to-improve-network-security-and-performance

A-life-cycle-view-of-network-security

What-the-heck-are-network-blind-spots?

Network-monitoring-basics-what-why-how?

Network-security-resilience-report!

Network-monitoring-basics-what-why-how!

What-applications-are-flowing-over-your-network?

Find-breaches-faster-using-indicators-of-compromise-by-keith-bromley.html

Understanding-network-visibility-use-cases-by-keith-bromley.html


Top Five Ways to Optimize Performance Monitoring (by Keith Bromley)

Top Five Ways to Optimize Performance Monitoring

Network performance monitoring, and especially network optimization, is more of an art than a science because there are so many factors that figure into network and application responsiveness. In addition, while there is a plethora of data on the network, determining the right kind of data that you need and where you should you be capturing it from can become very difficult. This data collection process is then further complicated by the fact that tactical data loses up to 70% of its value after 30 minutes. This makes the speed and accuracy of data analysis critical.

The solution to these problems is to create a network visibility architecture. Network visibility is what enables you to quickly isolate and resolve performance issues; ultimately ensuring the best possible end-user experience. From there, you can use anomaly driven data flows to quickly isolate potential problems.

Here is what you need to set up a visibility architecture:

Optimized Performance 2

  • Taps, virtual taps, and bypass switches – These devices give you timely access to the data you need
  • Network packet broker (NPB) – This device gives you filtering capability to maximize the flow of relevant information to your monitoring tools. NPBs enable: data aggregation, filtering, deduplication, and load balancing of Layer 2 through 4 (of the OSI model) packet data.
  • Application intelligence functionality (within an NPB) – This functionality provides additional filtering and analysis at the application layer, i.e. Layer 7 of the OSI stack
  • The final layer is made up of your security and monitoring tools. These devices are typically special purpose tools (e.g., sniffer, NPM, APM, etc.) that are designed to analyze specific data.

 

Continue reading "Top Five Ways to Optimize Performance Monitoring (by Keith Bromley)" »


Top Five Ways to Strengthen a Security Architecture (by Keith Bromley)

Top Five Ways to Strengthen a Security Architecture

 

Network security is one of, if not THE, most important topic for IT professionals. This is true for the security engineer, the CISO, CIO, CLO and even the CEO.

The question though is, “What can you really do to improve it?” The answer is to strengthen your deployment of inline security tools. In terms of regulatory compliance for PCI-DSS and HIPAA, inline security tool deployment may not be critical, but it is imperative for a security architecture where you are trying to maximize your defenses.

Network security 2

Here are five of the top activities IT professionals can implement to improve their company’s inline security architecture:

  1. Insert external bypass switches between the network and security tools to improve network availability and reliability
  2. Deploy threat intelligence gateways at the entrance/exit of your network to reduce false positive security alerts
  3. Offload SSL decryption from existing security devices (like firewalls, WAFs, etc.) to network packet brokers or purpose-built devices to reduce latency and increase the efficiency of your security tools
  4. Perform serial tool chaining for suspect data to improve the data inspection process
  5. Insert network packet brokers to improve security device availability by using either n+1 or high availability technology

Read On - More details of implementing a better Security Architecture - 

Continue reading "Top Five Ways to Strengthen a Security Architecture (by Keith Bromley)" »


LMTV LIVE | Improve Network Security with Visibility (with Keith Bromley and Martin Holste)

 

LIVE Event Start Time: 9:30 AM PST, March 7, 2018

NetworkVis_Ad_TroubleshootIT_170x200Keith Bromley from Keysight Technologies (formerly Ixia) and Martin Holste from FireEye will be talking about how to use network visibility to improve network security.

Network security is one of, if not THE, most important topics for anyone in IT. This is true from the security engineer all the way to the CISO, CIO, and even the CEO. Everyone wants to improve security. The question though is, “What can you really do to improve it?” One solid answer is to strengthen your deployment of inline security tools. This is critical to an architecture where you are trying to maximize your defenses. Network visibility is what enables you to quickly isolate security threats.

Some key thoughts we will discuss during the event:

  • A Visibility Architecture is an end-to-end infrastructure which enables physical and virtual network, application, and security visibility
  • There are several possible ways to optimize your security architecture:
    • Insert external bypass switches between the network and security tools to improve network availability and reliability
    • Deploy the right kind security tools, like an IPS, to inspect incoming data and improve threat detection and isolation
    • Perform serial tool chaining for suspect data to improve the data inspection process Insert network packet brokers to improve security device availability by using either n+1 or High Availability technology
  • Security tools, like those from FireEye, can provide inline capabilities to help you improve your network operations. This lets you see and capture threats before they enter your network.
  • A visibility architecture typically yields immediate benefits such as the following: eliminating blind spots, improving data flow to security tools, and maximizing network and tool availability

Join us for the third of several discussions to learn how to unleash the power of network visibility.

Continue reading "LMTV LIVE | Improve Network Security with Visibility (with Keith Bromley and Martin Holste)" »


LMTV LIVE | How to Improve Network Troubleshooting (with Keith Bromley and Bill Coon)

With Paul Offord of Advance7 hosting, Keith Bromley from Keysight Technologies (formerly Ixia) and Bill Coon from Riverbed will be talking about how to use network visibility to improve troubleshooting.

According to an Enterprise Management Associates report (Network Management Megatrends 2016), IT teams already spend around 36% of their daily efforts on reactive troubleshooting efforts. In addition, pressure can increase exponentially on IT personnel as problem resolution time increases, since it directly correlates to network and application slowness and downtime. There is a new LMTV event happening on February 21, 2018. Keith Bromley from Keysight Technologies (formerly Ixia) and Bill Coon from Riverbed will be talking about how to use network visibility to improve troubleshooting. According to an Enterprise Management Associates report (Network Management Megatrends 2016), IT teams already spend around 36% of their daily efforts on reactive troubleshooting efforts. In addition, pressure can increase exponentially on IT personnel as problem resolution time increases, since it directly correlates to network and application slowness and downtime. 

Continue reading "LMTV LIVE | How to Improve Network Troubleshooting (with Keith Bromley and Bill Coon)" »