1 Report WildPackets surveyed more than 250 network engineers and IT professionals to better understand the presence of network forensics solutions within the enterprise. The survey, Trends in Network Forensics, revealed how many organizations currently have a network forensics solution in place as well as how organizations are currently using their network forensics solutions and its benefits. WildPackets, Inc Treat Blvd, Suite 500 Walnut Creek, CA
2 Abstract... 3 Who Took the Survey?... 3 Organizations... 4 Their Networks... 4 Key Findings... 5 Conclusion WHITE PAPER 2
3 Abstract Enterprises are relying more on their networks than ever before, but most IT organizations have decreasing visibility into the traffic traversing those networks due to 10G and faster network speeds. The volume of traffic on faster, higher bandwidth networks outstrips the data collection and analysis capabilities of traditional network analysis tools. Network analyzers that were originally developed for 1G or slower networks end up dropping packets or reporting erroneous results when tasked with monitoring and analyzing today s high-speed 10G, 40G and 100G networks. However, there is a solution that is not only essential for monitoring and troubleshooting 10G, 40G and, even 100G networks, but proves indispensable for finding proof of security attacks. Network forensics is the collection, storage and analysis of network traffic that uses network recorders to capture live network traffic and copy it to high-performance disk arrays. A 2013 WildPackets survey, The State of Faster Networks, found that 85 percent of network engineers and IT directors feel that network forensics is essential at 10G. As network forensics solutions continue to gain prominence within the enterprise, IT departments are often tasked with finding out what features and functionality a solution should have in order to be successful. In February 2014, WildPackets surveyed more than 250 network engineers and IT professionals to better understand the presence of network forensics solutions within the enterprise. The survey, Trends in Network Forensics, revealed how many organizations currently have a network forensics solution in place as well as how organizations are currently using their network forensics solutions. Our findings and analysis of the network forensics landscape are included below. Who Took the Survey? Over 250 individuals completed the Trends in Network Forensics survey. We saw respondents across organizations of all sizes and in various industries. Half of respondents, 50 percent, identified themselves as network engineers, with 28 percent at the director level or above. Respondents worked for organizations running the gamut from healthcare to education, revealing that network forensics solutions are present everywhere. The largest segment of respondents works in the technology industry, 39 percent. Other well-represented industries included education at 14 percent, healthcare at 9 percent, financial at 8 percent, and network consulting at 7 percent. The 22 percent of respondents represented as Other, encompass various industries, including transportation, utilities/energy, legal, media, insurance, gaming and nonprofit organizations. Just 40 percent of respondents currently have a network forensics solution in place at their organization, yet 51 percent support 10G+ network speeds. WHITE PAPER 3
4 Organizations Their Networks WHITE PAPER 4
5 Key Findings Organizations deploying 10G and faster network speeds recognize that having a network forensics solution is critical to capturing and identifying not only network performance issues, but security attacks that could compromise highly sensitive information. However, we found the number of organizations adopting such a solution doesn t match those who have faster networks and would benefit from its use the most. In this section, we break out five key metrics that show the impact network forensics solutions have on the enterprise. Our analysis of the findings will follow in which we anticipate organizations will adapt to increasing network speeds and why a network forensics solution is more important than ever. Organizations use network forensics for a variety of reasons Most interesting, we found that organizations are not deploying their network forensics solution for any one particular use. As noted in the following graph, 25 percent of respondents are using their network forensics solution to troubleshoot security breaches, 24 percent are using it to verify and troubleshoot transactions and the rest of respondents are using it in some degree to analyze network performance, verify VoIP problems or validate compliance. WHITE PAPER 5
6 Issues identified with network forensics Being able to identify security threats within an organization s network is often one of the key reasons organizations implement a network forensics solution, and not surprisingly, 38 percent of respondents are using their network forensics solution for that very reason. However, we found that respondents are also using their network forensics solution to identify low performing network segments (29 percent), bad voice and video over IP quality (17 percent), and faulty transactions (15 percent). Benefits of a network forensics solution With most respondents agreeing that all of the capabilities of network forensics solutions are very important to their organization, we aimed to discover some of the biggest benefits respondents have seen. Forty percent stated improved overall network performance was the biggest benefit, 30 percent stated reduced time to resolution when troubleshooting transactions, and 21 percent stated reduced operating costs. WHITE PAPER 6
7 Network utilization and the ability to capture and analyze data Organizations of all kinds depend on their networks, and lately those networks have become increasingly busy and complex. As we pointed out before, 72 percent of organizations experienced an increase in network utilization in the past year, and as a result, their ability to capture and analyze data has suffered. 38 percent of respondents stated they ve experienced slower problem identification and resolution due to increased network utilization, 25 percent stated they have less real-time visibility into the network, 15 percent stated they experience more dropped packets, and 9 percent stated they have experienced more network downtime. Luckily, as we noticed in the findings above, a network forensics solution can solve each of these problems. Conclusion Organizations are increasingly adopting faster, higher bandwidth networks and this, in conjunction with the massive amounts of data traversing networks, has created a challenge for organizations in maintaining high-performing networks and applications. Because of this, and the various challenges that come with it, they are looking to solutions, like network forensics. Network forensics helps organizations pinpoint the source of intermittent performance issues and conduct investigations to identify the source of data leaks, HR violations or security breaches. WHITE PAPER 7
8 Why is this happening? Networks have become more difficult to troubleshoot and secure. In part, this is because today s networks, which run at 10G, 40G or faster, simply transport too much data for traditional network monitoring and troubleshooting tools to collect and analyze reliably in real-time. To get by, analysis tools end up relying on sampled traffic and high-level statistics. Unfortunately, samples and statistics lack the details and hard evidence that IT engineers need for quickly troubleshooting problems and characterizing security attacks. Enterprises need dramatically improved network visibility in order to: Monitor and troubleshoot networks, especially 10G, 40G, and 100G networks that outpace traditional monitoring tools Minimize costly network degradations and downtime Find proof of elusive security attacks so they can be understood and stopped. To get that visibility, enterprises should invest in network forensics. The future of network forensics While security incident investigations are typically what people think of when they hear network forensics, the survey findings show that organizations are using these solutions for a variety of uses. Enterprises are recognizing that network forensics has become an essential IT capability to be deployed at every network location, providing ubiquitous 24/7 visibility into business operations, network performance and IT risks. With recent increase in security breaches, we expect the continued adoption of network forensics within the security operations center organizations to pinpoint breaches and infiltrations across the network. With increased 40G and 100G network deployments over the next 12 months, network forensics will be a critical tool to gain visibility and troubleshoot these high performing networks. WHITE PAPER 8
FIREWALL CLEANUP WHITE PAPER Firewall Cleanup Recommendations Considerations for Improved Firewall Efficiency, Better Security, and Reduced Policy Complexity Table of Contents Executive Summary... 3 The
White Paper Application Visibility and Monitoring > An integrated approach to application delivery Application performance drives business performance Every business today depends on secure, reliable information
> White Paper Executive Summary In today s networked world, being able to connect the right resources to the right opportunities or problems at the right time can give businesses the edge and agility they
Identifying Growth Markets for Managed Services Strategies for Managed Service Providers to capture a larger share of IT spending Identifying new markets for Managed Services WWW.OVUM.COM Written by:roy
April 2013 Operational Intelligence: What It Is and Why You Need It Now Sponsored by Splunk Contents Introduction 1 What Is Operational Intelligence? 1 Trends Driving the Need for Operational Intelligence
A Forrester Consulting Thought Leadership Paper Commissioned By Zenoss How Too Many Tools Can Impact Your IT Operation Efficiency January 2013 Table Of Contents Executive Summary... 2 Achieving Business
WHITE PAPER VoIP Networks August 2013 Keys to Minimizing Echo in VoIP Networks Table of Contents Executive Summary 3 Section 1: The Challenge 4 Minimizing Echo in VoIP Systems Section 2: The Opportunity
Is Connectivity A Human Right? For almost ten years, Facebook has been on a mission to make the world more open and connected. For us, that means the entire world not just the richest, most developed countries.
: Ensuring End-to-End Service Quality and Performance in a Multi-Vendor Environment A Executive Summary Creating Business-Class VoIP Traditional voice services have always been reliable, available, and
WHITE PAPER ediscovery: In-house vs. Outsource? www.dsicovery.com 877-797-4771 414 Union St., Suite 1210 Nashville, TN 37219 (615) 255-5343 Table of Contents Introduction.........................................................
What Mexican SMBs Want from Cloud and Managed Services Cisco Consulting Services Research Uncovers How Best To Increase Mexican SMB Adoption of Information and Communications Technologies By Jožek Gruškovnjak
Focus on your business, not your infrastructure. A buyer s guide to managed infrastructure services. What s in this guide for you? If you re considering managed services as a way of meeting your organization
Firewall Strategies June 2003 (Updated May 2009) 1 Table of Content Executive Summary...4 Brief survey of firewall concepts...4 What is the problem?...4 What is a firewall?...4 What skills are necessary
Capturing the Value of PROJECT MANAGEMENT 2015 Pulse of the Profession : Capturing the Value of Project Management February 2015 VALUING PROJECT, PROGRAM, AND PORTFOLIO MANAGEMENT All change in an organization
Web Scale IT in the Enterprise It all starts with the data Issue 1 2 Q&A With Claus Moldt, Former Global CIO for SalesForce.com and David Roth, CEO of AppFirst 6 From the Gartner Files: Building a Modern
2015 Report on the Current State of Enterprise Risk Oversight: Update on Trends and Opportunities 6 th Edition February 2015 Mark Beasley Deloitte Professor of ERM Director, ERM Initiative Bruce Branson
An Oracle Best Practice Guide April 2012 Best Practices for Improving First-Contact Resolution in the Contact Center Introduction... 1 Understanding First-Contact Resolution... 2 Improving First-Contact
Solution Brief TrueSight App Visibility Manager Go beyond mere monitoring. Table of Contents 1 EXECUTIVE SUMMARY 1 IT LANDSCAPE TRENDS AFFECTING APPLICATION PERFORMANCE 1 THE MOBILE CONSUMER MINDSET DRIVES
A REPORT BY HARVARD BUSINESS REVIEW ANALYTIC SERVICES How the Cloud Looks from the Top: Achieving Competitive Advantage In the Age of Cloud Computing Sponsored by Length of Time Using Cloud Computing Figure
10 Things Your Next Firewall Must Do Introduction Without question, your network is more complex than ever before. Your employees are accessing any application they want, using work or personal devices.
2014 DATA BREACH INVESTIGATIONS REPORT Executive Summary INSIDER MISUSE DOS ATTACKS MISCELLANEOUS ERRORS PHYSICAL THEFT AND LOSS CYBER-ESPIONAGE CRIMEWARE PAYMENT CARD SKIMMERS WEB APP ATTACKS 92 % THE
Unisys Security Insights: Germany A Consumer Viewpoint - 2015 How consumers in Germany feel about: Personal data security, ranked by industry Experiences concerning security of personal data Research by
The Critical Security Controls for Effective Cyber Defense Version 5.0 1 Introduction... 3 CSC 1: Inventory of Authorized and Unauthorized Devices... 8 CSC 2: Inventory of Authorized and Unauthorized Software...
2015 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE FOURTH ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE February 2015 2015 Network Security & Cyber Risk Management: The FOURTH
The cloud takes shape Global cloud survey: the implementation challenge kpmg.com/cloud KPMG International Contents Foreword What you should take from this report 3 14 Taking a sober look at security: Comfort