How To Understand The Importance Of Network Forensics

Transcription

1 Report WildPackets surveyed more than 250 network engineers and IT professionals to better understand the presence of network forensics solutions within the enterprise. The survey, Trends in Network Forensics, revealed how many organizations currently have a network forensics solution in place as well as how organizations are currently using their network forensics solutions and its benefits. WildPackets, Inc Treat Blvd, Suite 500 Walnut Creek, CA

2 Abstract... 3 Who Took the Survey?... 3 Organizations... 4 Their Networks... 4 Key Findings... 5 Conclusion WHITE PAPER 2

3 Abstract Enterprises are relying more on their networks than ever before, but most IT organizations have decreasing visibility into the traffic traversing those networks due to 10G and faster network speeds. The volume of traffic on faster, higher bandwidth networks outstrips the data collection and analysis capabilities of traditional network analysis tools. Network analyzers that were originally developed for 1G or slower networks end up dropping packets or reporting erroneous results when tasked with monitoring and analyzing today s high-speed 10G, 40G and 100G networks. However, there is a solution that is not only essential for monitoring and troubleshooting 10G, 40G and, even 100G networks, but proves indispensable for finding proof of security attacks. Network forensics is the collection, storage and analysis of network traffic that uses network recorders to capture live network traffic and copy it to high-performance disk arrays. A 2013 WildPackets survey, The State of Faster Networks, found that 85 percent of network engineers and IT directors feel that network forensics is essential at 10G. As network forensics solutions continue to gain prominence within the enterprise, IT departments are often tasked with finding out what features and functionality a solution should have in order to be successful. In February 2014, WildPackets surveyed more than 250 network engineers and IT professionals to better understand the presence of network forensics solutions within the enterprise. The survey, Trends in Network Forensics, revealed how many organizations currently have a network forensics solution in place as well as how organizations are currently using their network forensics solutions. Our findings and analysis of the network forensics landscape are included below. Who Took the Survey? Over 250 individuals completed the Trends in Network Forensics survey. We saw respondents across organizations of all sizes and in various industries. Half of respondents, 50 percent, identified themselves as network engineers, with 28 percent at the director level or above. Respondents worked for organizations running the gamut from healthcare to education, revealing that network forensics solutions are present everywhere. The largest segment of respondents works in the technology industry, 39 percent. Other well-represented industries included education at 14 percent, healthcare at 9 percent, financial at 8 percent, and network consulting at 7 percent. The 22 percent of respondents represented as Other, encompass various industries, including transportation, utilities/energy, legal, media, insurance, gaming and nonprofit organizations. Just 40 percent of respondents currently have a network forensics solution in place at their organization, yet 51 percent support 10G+ network speeds. WHITE PAPER 3

4 Organizations Their Networks WHITE PAPER 4

5 Key Findings Organizations deploying 10G and faster network speeds recognize that having a network forensics solution is critical to capturing and identifying not only network performance issues, but security attacks that could compromise highly sensitive information. However, we found the number of organizations adopting such a solution doesn t match those who have faster networks and would benefit from its use the most. In this section, we break out five key metrics that show the impact network forensics solutions have on the enterprise. Our analysis of the findings will follow in which we anticipate organizations will adapt to increasing network speeds and why a network forensics solution is more important than ever. Organizations use network forensics for a variety of reasons Most interesting, we found that organizations are not deploying their network forensics solution for any one particular use. As noted in the following graph, 25 percent of respondents are using their network forensics solution to troubleshoot security breaches, 24 percent are using it to verify and troubleshoot transactions and the rest of respondents are using it in some degree to analyze network performance, verify VoIP problems or validate compliance. WHITE PAPER 5

6 Issues identified with network forensics Being able to identify security threats within an organization s network is often one of the key reasons organizations implement a network forensics solution, and not surprisingly, 38 percent of respondents are using their network forensics solution for that very reason. However, we found that respondents are also using their network forensics solution to identify low performing network segments (29 percent), bad voice and video over IP quality (17 percent), and faulty transactions (15 percent). Benefits of a network forensics solution With most respondents agreeing that all of the capabilities of network forensics solutions are very important to their organization, we aimed to discover some of the biggest benefits respondents have seen. Forty percent stated improved overall network performance was the biggest benefit, 30 percent stated reduced time to resolution when troubleshooting transactions, and 21 percent stated reduced operating costs. WHITE PAPER 6

7 Network utilization and the ability to capture and analyze data Organizations of all kinds depend on their networks, and lately those networks have become increasingly busy and complex. As we pointed out before, 72 percent of organizations experienced an increase in network utilization in the past year, and as a result, their ability to capture and analyze data has suffered. 38 percent of respondents stated they ve experienced slower problem identification and resolution due to increased network utilization, 25 percent stated they have less real-time visibility into the network, 15 percent stated they experience more dropped packets, and 9 percent stated they have experienced more network downtime. Luckily, as we noticed in the findings above, a network forensics solution can solve each of these problems. Conclusion Organizations are increasingly adopting faster, higher bandwidth networks and this, in conjunction with the massive amounts of data traversing networks, has created a challenge for organizations in maintaining high-performing networks and applications. Because of this, and the various challenges that come with it, they are looking to solutions, like network forensics. Network forensics helps organizations pinpoint the source of intermittent performance issues and conduct investigations to identify the source of data leaks, HR violations or security breaches. WHITE PAPER 7

8 Why is this happening? Networks have become more difficult to troubleshoot and secure. In part, this is because today s networks, which run at 10G, 40G or faster, simply transport too much data for traditional network monitoring and troubleshooting tools to collect and analyze reliably in real-time. To get by, analysis tools end up relying on sampled traffic and high-level statistics. Unfortunately, samples and statistics lack the details and hard evidence that IT engineers need for quickly troubleshooting problems and characterizing security attacks. Enterprises need dramatically improved network visibility in order to: Monitor and troubleshoot networks, especially 10G, 40G, and 100G networks that outpace traditional monitoring tools Minimize costly network degradations and downtime Find proof of elusive security attacks so they can be understood and stopped. To get that visibility, enterprises should invest in network forensics. The future of network forensics While security incident investigations are typically what people think of when they hear network forensics, the survey findings show that organizations are using these solutions for a variety of uses. Enterprises are recognizing that network forensics has become an essential IT capability to be deployed at every network location, providing ubiquitous 24/7 visibility into business operations, network performance and IT risks. With recent increase in security breaches, we expect the continued adoption of network forensics within the security operations center organizations to pinpoint breaches and infiltrations across the network. With increased 40G and 100G network deployments over the next 12 months, network forensics will be a critical tool to gain visibility and troubleshoot these high performing networks. WHITE PAPER 8