By Keith Bromley, Senior Solutions Marketing Manager, Ixia
Network monitoring is rapidly becoming a hot topic for enterprises because they can’t afford to lose access or control of the corporate network they rely on so heavily. But with the addition of new features and tools built around the Internet of Things (IoT), big data and the cloud, ensuring network security is no easy feat for an IT department tasked with keeping everything running 24×7. A problem considering that network outages or slow performance—especially for critical functions such as credit card transactions, Internet access, email and unified communications—can have a direct impact on an organisation’s ability to be successful.
And the larger the company, the greater the network complexity. Fortunately, the right type and implementation of network monitoring solutions can easily help IT to prevent potential network and application issues, and quickly solve issues that may have slipped through without anyone noticing.
This brand of security hinges on visibility. Only with visibility can you uncover blind spots and explain the risk they incur. In essence, you can’t defend against what you can’t see and detect.
Uncovering potential blind spots
Blind spots obscure IT’s ability to quickly identify a network problem and where it may be hiding. The first step is to admit you have blind spots, here are a few questions you can ask yourself to help identify them:
- Are your security, network IT and compliance departments talking and sharing data? If not, these silos in an enterprise can be creating blind spots in your network.
- Are you currently using virtualisation technology? According to Gartner Research, up to 80 percent of virtualised data centre traffic is east-west (i.e. inter- and intra-virtual machine traffic) so it never reaches the top of the rack where it can be monitored by a traditional tap and SPAN technology, creating blind spots in your network.
- Are your employees accessing your network with their own devices, i.e. creating ‘rogue IT’ solutions? If so, your company security policies are being bypassed, which opens the door to security, compliance and liability issues.
- Do you use SPAN ports? Do all of your IT groups use the same SPAN ports? It’s important to know that SPAN ports are less secure than taps and can lead to blind spots in your network.
- Have you recently added new network equipment? When new equipment is added, there may not be a record of who owns it and what it does, and it therefore gets “lost” and forgotten, creating network blind spots.
Solving the network blind spot challenge
But with visibility it’s simple to identify network hiccups and outages, increase network security and address potential regulatory compliance issues—all before they impact your business.
A strong visibility architecture, requires four basic components to be effective: access to the network; monitoring middleware functionality, such as filtering and packet grooming; advanced monitoring functions including application intelligence and NetFlow support; and connectivity of monitoring tools.
Framed this way, visibility architecture exposes the hidden locations where danger, problems and inefficiencies may lurk, enabling you to address the people, process, return on investment (ROI) and technology issues your teams are facing.
It is important to understand that not all monitoring tools are created equal. If the customer is using a SPAN port instead of using a tap, then the data getting to the tool may or may not be all of the pertinent data. Without a network packet broker, the monitoring tool (from vendors like FireEye, Blue Coat, Fortinet, Niksun and others) may be getting overloaded with the wrong data (due to duplicate packets, unfiltered irrelevant data, and uncorrelated data), which significantly reduces the tool’s efficiency and accuracy. A network monitoring tool is just the beginning of an effective visibility architecture.
The perks of a visibility architecture
Once implemented, you will see a fairly rapid return on investment—primarily the result of architectural, process and technical improvements. However, there are many significant business as well.
For instance, the ability to deliver an enhanced user experience or greater visibility into both physical and virtual network traffic. It also ensures tools get all the data they need for true end-to-end visibility and insight as the network scales. Further, management is simplified through easy integration with existing network management systems and programmatic controls offer automatic adjustments for dynamic issue and threats. Lastly, it helps leverage investments in existing monitoring and security tools, even while migrating the network to higher speeds.
The end goal
The last step of the process is to combine your visibility architecture with your security architecture. This creates network security resilience to resist attacks, but delivers the flexibility needed to support self-healing capabilities such as inline security tools, real-time responsiveness to security threats, SSL decryption, as well as application intelligence and filtering.
Once the visibility and security architectures are integrated, you can experience a wide array of savings and capabilities benefits. For instance, inline security and performance tools can be quickly and easily implemented for immediate time to value. The correlation of out of band tool data (forensic analysis, recording tools, packet captures, and logs) can be combined with inline tool data to accurately diagnose threats and potential problems faster.
The end goal is to get the right information to the right tool at the right time. This allows you to access deep insight into what is, and what is not, happening in your network.