55 posts categorized "Data Visualization" Feed

Solving Network Issues - Machine Learning - The IT Sorcerer’s Apprentice! (by John Kerber)

The IT Sorcerer’s Apprentice!


Machine learning seemed an odd fit at first. Our company was formed as a simple network discovery tool, as reliable and useful as a carpenter’s hammer. If you don’t know us at Who’s On My WiFi, we started off by offering a platform-agnostic ARP scanning tool to discover connected devices on a network over time.  Our company path changed drastically when we started saving all the information we were scanning.  We made an important discovery: WWW.WhoIsOnMyWiFi.com

Large amounts of network data is useless without some way to make sense of all that information!

For example, the first problem people tried to solve using our software was detecting if an unknown device suddenly joined the network.

We initially required that customers tag devices as KNOWN, and then they could be alerted to any UNKNOWN devices.  But there is a problem with this, especially on larger networks.  Tagging devices is time-consuming and requires constant updating to be useful. Our customers’ IT managers would be tasked with tagging staff and network devices, while reporting on guests that entered their building. It was an up-front workload compounded by the inevitable influx of new devices or [shudders] network equipment overhauls.

The next problem people started solving with our basic network detection was trying to determine the number of people using a public WiFi network over time.  Although this sounds simple, to get accurate usage patterns, again, there is an up front cost of going through and tagging all equipment that could possibly be on a public WiFi network to exclude it.  Otherwise, always on devices like network equipment or printers incorrectly impacted the results.  And what about employees using the public WiFi?  Should they be counted as visitors or not?

To painstakingly go through a large public venue, tag all switches, APs, as well as employee equipment and smartphones was too much maintenance for IT administrators to keep up with.

Enter Machine Learning. 


Continue reading "Solving Network Issues - Machine Learning - The IT Sorcerer’s Apprentice! (by John Kerber)" »

I need a TAP for Total Visibility, what do I need to know? (by Derek Burke)

 I need a TAP, what do I need to know?

Deciding which TAP to purchase

Network TAPs (Test Access Points) are the absolute best way to gain access to network traffic, whether that be for network visibility solutions, network monitoring infrastructure, or network security auditing.  It is common at a certain point in an organization’s growth for it to be recognized that mirror ports and SPAN (Switch Port ANalyzer) ports, due to their many limitations, are no longer sufficient to provide traffic to monitoring and or security tools. When it comes time to begin building a TAP infrastructure there are several details to consider. Some are simple and obvious, and others may be subtler and more nuanced. This article is intended to be a primer on the main points to consider when searching for Network TAPs for your environment. The information contained herein applies primarily to Cubro Network Visibility TAPs as these are the products I have the most first-hand knowledge of.

Media Type and Connector Type

The first consideration for which TAP is best suited to environment is a fairly obvious one: Which media type do you intend to tap? Really, this is the difference between an electrical connection or a fiberoptic connection. On the electrical side we generally are talking about UTP (or perhaps STP cabling; it makes no difference for our purposes), although the use of DAC (Direct Attach Cabling) is relatively common as well. Fiberoptic cabling can be broken down into Single-Mode and Multi-Mode fiber and Multi-Mode fiber presents two possible core diameters to choose from.

Each of these media types will in turn necessitate a connector type on the TAP as well; fiber, again, having the most options. First let’s address electrical connections and specifically UTP as it is the most common electrical media that a TAP will be used with. The category of UTP cabling doesn’t really impact the decision of which TAP we will choose but would, of course, impact supported speeds and cable length. The speed of the link is a differentiating factor though.  Although it is not terribly common to encounter 10/100 links anymore it is important to point out that it is possible to have a completely passive electrical TAP (that requires power only for the monitor ports) at this speed. If you have 10/100 links in your environment the questions are whether it is more important to have a passive TAP that will not support 1G speeds or whether the option of upgrading the links without needing to replace the TAPs takes precedence.

10/100/1000 links are quite straightforward; you only have one choice. It is not possible to build a completely passive TAP for gigabit Ethernet over UTP; until now the industry approach has been to use relays to provide a fail-safe solution. This approach has not been problem-free though and instances where a link does not come back up or renegotiating a link after a failure takes an excessively long time are not rare. When I said you only had one choice earlier that is only partially true; in response to the number of issues with relay-based TAPs Cubro has designed a new type of 10/100/1000 TAP to drastically reduce these issues; adding a new, more reliable option to the mix.  


Continue reading "I need a TAP for Total Visibility, what do I need to know? (by Derek Burke)" »

Is your Network Security Slowing you Down? (by Jason Nutt)

Is Network Security Slowing you Down?

Measuring the Latency impact Created by Next Gen Security Solutions

As an IT professional, you are well aware of the challenges posed by network latency. Applications like audio and video delivery, bandwidth sensitive mobile applications, cloud computing and storage services are extremely sensitive to network latency.

What you may not realize, however, is the amount of latency created by your Next Generation Intrusion Prevention Systems (NG-IPS) and Next Generation Firewalls (NG-FW). While they are critical to protecting your network, these security tools and others that perform deep packet inspection can increase latency, significantly impacting your overall application performance.

Recently we worked with a large health care services provider trying to figure out why it was taking so long to send MRI data between locations. This was causing significant frustration for patients, doctors and medical staff. Having been aware of Aukua’s nanosecond precision capture and analysis tools, they asked for our help. The company suspected one of more of their NG-IPS devices was causing the delays, but they did not have a way to confirm this. Since these security tools do not treat all packets the same, they were unable to detect or measure the application latency issue with artificial traffic such as ICMP. And since some applications were being adversely delayed and others were not, they could not rely on the NG-IPS vendor’s generic latency specs for various packet sizes. In addition, compliance rules prohibited them from introducing new traffic into their live network.


Continue reading "Is your Network Security Slowing you Down? (by Jason Nutt)" »

No visibility in the GDPR era, be ready for BIG fines! (by Derek Burke)

No visibility in the GDPR era, be ready for BIG fines!

Legal problem!!! -

As of May 25, 2018 the EU General Data Protection Regulation (GDPR) went into effect.  GDPR requires compliance for any company interacting with persons in the EU and enforces strict standards on data handling and extremely fast responses to breaches of Personally Identifiable Information (PII).  Failing to fulfill these requirements can have dire consequences with fines ranging from a minimum €20.000.000,00 to 4% of a company’s gross annual earnings.  The demands that the GDPR places upon an organization are not only daunting but can seem insurmountable. 

Get Visibility #1

First steps - The first step -  a data flow and dependencies map to identify:

  • Data items (e.g. names, email addresses, records);
  • Formats (e.g. online data entry, database);
  • Transfer and sharing methods of data;
  • Locations where data is stored and needs protection inside and outside;
  • Who is connected to who and who has what information – via the network!

Technical problem #1 - Visibility


Continue reading "No visibility in the GDPR era, be ready for BIG fines! (by Derek Burke)" »

Network Visibility - The Rise of the Aggregation Layer (by Greg Zemlin)

Network Visibility - The Rise of the Aggregation Layer

Sole reliance on SPAN ports for network visibility and monitoring has been on the decline for years. IT teams realize the inherent limitations of SPAN ports and have shifted in favor of the traditional 3-tiered approach to network visibility.

Tier 1: Physical Layer TAPs Network Test Access Points (TAPs) are hardware tools that allow you to access and duplicate network traffic. TAPs supply full line rate traffic and are never oversubscribed or rate limited. The egress traffic from the TAPs is then sent to NPBs.

Tier 2: Network Packet Brokers Network Packet Brokers (NPBs) are responsible for efficiently funneling data from network TAPs and SPAN ports to each tool. NPB’s were originally designed to replicate traffic for multiple tools while reducing the volume of traffic to each tool, ensuring each tool operates as efficiently as possible. This is typically done through a combination of aggregation, replication and L2-L4 filtering. The groomed, tool specific traffic is sent out for processing.

Aggregating Traffic

Tier 3: Tools Tools are responsible for processing and characterizing traffic of interest. Common tools are built for application performance monitoring, security, and data forensics.

Continue reading "Network Visibility - The Rise of the Aggregation Layer (by Greg Zemlin)" »