Five Steps to Building Visibility and Security Into Your Network



Similar documents
White Paper. Optimizing Visibility, Control and Performance of Network Traffic

Best Practices for Network Monitoring How a Network Monitoring Switch Helps IT Teams Stay Proactive

Enabling a Converged World. Are Duplicate Packets Interfering with Network Monitoring?

Solving Monitoring Challenges in the Data Center

Are Duplicate Packets Interfering with Network Monitoring? White Paper

Application Performance Management - Deployment Best Practices Using Ixia- Anue Net Tool Optimizer

WHITE PAPER. Best Practices for Eliminating Duplicate Packets

White Paper. Simplify Network Monitoring

Best Practices for Network Monitoring

Best Practices In Monitoring High-Speed Ethernet (HSE)

White Paper. The Ten Features Your Web Application Monitoring Software Must Have. Executive Summary

Data Center Automation - A Must For All Service Providers

Best Practices from Deployments of Oracle Enterprise Operations Monitor

Network Instruments white paper

WHITE PAPER. Network Traffic Port Aggregation: Improved Visibility, Security, and Efficiency

THE EVOLUTION OF SIEM

Best Practices for Security Monitoring

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

WHITE PAPER. Realizing ROI from Your Network Visibility Investment

Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

WHITE PAPER. Best Practices for Network Monitoring Switch Automation

Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER

Best Practices for Building a Security Operations Center

Observer Probe Family

Observer Analysis Advantages

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

Best Practices for Managing Virtualized Environments

are you helping your customers achieve their expectations for IT based service quality and availability?

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Intelligent Data Access Networking TM

Whitepaper Continuous Availability Suite: Neverfail Solution Architecture

Security Operations Metrics Definitions for Management and Operations Teams

Predictive Intelligence: Identify Future Problems and Prevent Them from Happening BEST PRACTICES WHITE PAPER

Observer Probe Family

Application Performance Management Based on Network Data

Overview of NetFlow NetFlow and ITSG-33 Existing Monitoring Tools Network Monitoring and Visibility Challenges Technology of the future Q&A

Diagnosing the cause of poor application performance

ThreatSpike Dome: A New Approach To Security Monitoring

Attack Intelligence: Why It Matters

Scalability in Log Management

Network Monitoring Fabrics Are Key to Scaling IT

Analyzing Full-Duplex Networks

You Don t Know What You Can t See: Network Security Monitoring in ICS Rob Caldwell

Web Analytics Understand your web visitors without web logs or page tags and keep all your data inside your firewall.

Application Performance Management

Market Update Intelligent Network Packet Brokers

SP Monitor. nfx One gives MSPs the agility and power they need to confidently grow their security services business. NFX FOR MSP SOLUTION BRIEF

How To Manage Log Management

Predictive Intelligence: Moving Beyond the Crystal Ball BEST PRACTICES WHITE PAPER

Enhanced Visibility, Improved ROI

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

Business Benefits of Smarter Networks for Smarter Branches

Airline Disruption Management

Tool Optimization. Benefits. Introduction. Technical Brief. Extend the usage life of tools and avoid costly upgrades

Contact Center Technology Monitoring

4G Aggregation Network Monitoring (ANM) Switch

How To Make Data Streaming A Real Time Intelligence

RAVEN, Network Security and Health for the Enterprise

Network Instruments white paper

Bridging the gap between COTS tool alerting and raw data analysis

LANGuardian for Healthcare Networks

How To Save Money On An Ip Trunking (Ip Trunking)

Introduction. The Inherent Unpredictability of IP Networks # $# #

Taps vs. SPAN The Forest AND the Trees: Full Visibility into Today's Networks

INTRUSION PREVENTION SYSTEMS: FIVE BENEFITS OF SECUREDATA S MANAGED SERVICE APPROACH

Deploying Probes and Analyzers in an Enterprise Environment

Passive Logging. Intrusion Detection System (IDS): Software that automates this process

Converting Security & Log Data into Business Intelligence: Art or Science? Phone Conference

Whitepaper Unified Visibility Fabric A New Approach to Visibility

Network-Wide Class of Service (CoS) Management with Route Analytics. Integrated Traffic and Routing Visibility for Effective CoS Delivery

Web Traffic Capture Butler Street, Suite 200 Pittsburgh, PA (412)

The Purview Solution Integration With Splunk

Cisco Nexus Data Broker: Deployment Use Cases with Cisco Nexus 3000 Series Switches

White Paper: Troubleshooting Remote Site Networks Best Practices

Any-to-any switching with aggregation and filtering reduces monitoring costs

5 Steps to Avoid Network Alert Overload

STEALTHWATCH MANAGEMENT CONSOLE

WHITE PAPER WHAT HAPPENED?

WHITE PAPER. Automated IT Asset Management Maximize Organizational Value Using Numara Track-It! p: f:

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

Automating ITIL v3 Event Management with IT Process Automation: Improving Quality while Reducing Expense

Business Cases for Brocade Software-Defined Networking Use Cases

Threat intelligence visibility the way forward. Mike Adler, Senior Product Manager Assure Threat Intelligence

The Anatomy of a. High-Availability Rack. November Online Tech, Inc. 220 E. Huron Ann Arbor, MI (734)

Routing & Traffic Analysis for Converged Networks. Filling the Layer 3 Gap in VoIP Management

Gaining Operational Efficiencies with the Enterasys S-Series

Architecture Overview

FireScope + ServiceNow: CMDB Integration Use Cases

Minder. simplifying IT. All-in-one solution to monitor Network, Server, Application & Log Data

How to make your business more flexible & cost effective? Remote Management & Monitoring Solutions for IT Providers

This document describes how the Meraki Cloud Controller system enables the construction of large-scale, cost-effective wireless networks.

Diagnosing the cause of poor application performance

DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS

Availability and Disaster Recovery: Basic Principles

Drawbacks to Traditional Approaches When Securing Cloud Environments

Cover. Business-Oriented Network Management Solution. Whitepaper (UPM 4.1)

Radware s Attack Mitigation Solution On-line Business Protection

Secure Access Complete Visibility

Transcription:

Five Steps to Building Visibility and Security Into Your Network You can t secure what you don t know about Contents Introduction.........................................................1 Step 1: Don t Let Capacity Limit Access to Monitoring Information......................... 2 Step 2: Reduce Unnecessary Data and Costs..................................... 2 Step 3: Get the ROI You Want From Your Existing Monitoring Tools........................ 3 Step 4: Optimize Incident Response to Reduce Mean Time to Repair....................... 4 Step 5: Optimize Your Network With Trend Analysis................................. 4 Conclusion..........................................................5 Brought to you compliments of: Introduction As organizations seek to walk the networking tightrope between the demands of performance management and network investment, they clearly need something to hang on to, to help them keep their balance. Mature enterprises are increasingly turning to network visibility as that proverbial balancing pole. Without visibility, it s difficult to manage operational variables to maintain high levels of network performance and it is near impossible to understand the threats assailing the network to maintain security and control over network assets. But simply throwing money at network and security monitoring tools doesn t provide the kind of visibility necessary to balance performance and control. Organizations also need to employ best practices to ensure that they are getting the most out of their network and security monitoring investments. 2013 Ixia

The following five-step approach can help IT keep its balance while gaining that crucial visibility into the network: Step 1: Don t Let Capacity Limit Access to Monitoring Information In an ideal world, network monitoring offers a window into the infrastructure, allowing IT to make more informed decisions about how to configure the network for improved performance and respond rapidly to security incidents. But this paradigm depends on one assumption: You must have the capacity to support it. Without enough network connections available to plug in monitoring and security information and event management (SIEM) tools simultaneously, the organization effectively neutralizes the underlying assumption of visibility afforded by monitoring. On a nontechnical level, you could compare it to plugging all of the lights in your house into a single power strip: If the strip can handle only seven lamps but the house needs 10 to keep all the rooms lit, then you re left with the prospect of unplugging three lamps to plug in three others. At any given time, some part of the house goes dark. From a networking perspective, capacity restrictions that hamper full monitoring coverage make it difficult to gain a full understanding of how well the network is performing across all components of the infrastructure. These capacity limits can also prove a considerable security liability, as an organization that must ration monitoring will sometimes be unable to pinpoint risk indicators that crop up in those areas of the network that have gone dark due to disabled tools. This is why it is so critical to implement a monitoring solution like the Ixia Anue Net Tool Optimizer (NTO) to help address your TAP and SPAN port shortages in a cost-efficient manner. Doing so makes it possible to engage all of the monitoring and SIEM tools required for maximum visibility, without having to outlay the budget to buy more hardware to support those tools. Step 2: Reduce Unnecessary Data and Costs Achieving comprehensive network and application monitoring on all network traffic can be a double-edged sword. On the plus side, a full slate of monitoring tools allows organizations to analyze all aspects of the network for clues to help fine-tune performance and protection. But on the flip side, those monitoring tools are looking at everything, including all of the redundant and extraneous packets streaming through the infrastructure. Plain and simple, the more unnecessary packets cluttering network traffic, the harder it is to sift through the mound of data to find the relevant information necessary for maintaining solid performance and spotting security issues. Unfortunately, the typical monitoring tool today is clogged with an unending stream of redundant information and duplicate packets. It costs more to not only process all this data, but to also store duplicate data on the SAN. 2 2013 Ixia

In order to get the most from your monitoring investment, it s critical to find ways to strategically cut down on packet clutter. This kind of decluttering is something the Ixia Anue NTO excels at it cleans up the stream so that the data being monitored is the data that matters. Step 3: Get the ROI You Want From Your Existing Monitoring Tools Even after cleaning up a packet stream, though, it s still possible for organizations to be overwhelmed by the information pumped through their monitoring tools. Depending on the legacy architecture, organizations could be faced with the prospect of drinking from the proverbial data fire hose. For instance, analysts at Enterprise Management Associates (EMA) found that at the University of Texas at Austin, IT teams responsible for protecting network integrity and analyzing packet streams for network monitoring, analysis and troubleshooting were using traditional network switches to provide packet streams by replicating traffic back to the monitoring tools. 1 But we had a problem, the university s chief information security officer told EMA. As [traffic] volumes grew, these mirrored flows were exhausting resources on the switches, causing packet drops. We had been doing this for years using old Cisco switches, so it wasn t costing us much, but volume was really becoming an issue and dropping packets was simply not acceptable. This is where the strategy of segmenting packet information, filtering it and directing it to specialized monitoring tools can help IT teams manage and parse out that flow of information, giving organizations a better ROI from their existing monitoring investments. Ideally, organizations should consider instituting port balancing to enable optimized distribution of information without overloading the monitoring tools. Meanwhile, three-stage filtering ingress, egress and dynamic filtering of the information being distributed will ensure that just the right amount and right type of information is distributed to the appropriate tool. Ixia believes that not only are these capabilities critical, but that they also need to be easy to control. Time is money, and the faster administrators can configure their tools, the higher the ROI. That s why Ixia puts the power to distribute the correct information in administrators hands, using a GUI equipped with drag-and-drop filters. Users can create contingent, or floating, filters for segmentation in a fast and easy way. It s the solution that the University of Texas used, and as a result, the school expects to achieve a 120% payback on its investment during the next five years, with a projected $846,000 in cost savings. 1 ROI Experiences with Network Monitoring Switches University of Texas at Austin, Enterprise Management Associates, 2012 3 2013 Ixia

Step 4: Optimize Incident Response to Reduce Mean Time to Repair The longer it takes IT to actually respond to security or operational incidents, the more risk it incurs for the business and the more expensive such incidents become. This is where automating responses to incident triggers picked up in monitoring traffic is so crucial to gaining the most return on monitoring investments. Organizations that are able to optimize real-time reactions to performance issues or security problems tend to reap the most ROI because the faster they respond, the more likely they are to reduce their mean time to repair. Another benefit of adding a monitoring switch to the network infrastructure is that organizations can eliminate the need for crash carts and change board approval. Crash cart and change board procedures are put in place to deal with SPAN/TAP shortages and the risk of network disruptions or outages when any physical change is made to the IP network. History has repeatedly shown that when IT has to make network changes on the fly, it far too often results in additional potentially worse disruptions. With a monitoring switch installed, network disruptions are minimized. IT can change/copy the data streams through software filtering, which has far fewer risks. Risks can be further minimized by testing configurations through a simulator first, before uploading any new configurations into the monitoring switch. Only a few monitoring switches, such as the Anue NTO, offer this simulator functionality, but it can be a powerful tool for optimizing the data network. While visibility solutions like the Ixia Anue NTO monitoring product don t fix the problems themselves, they make it easier for an organization s expert problem solvers to take care of issues more quickly. Operations staff can be automatically apprised of issues that are hindering performance, greatly reducing troubleshooting time. And security personnel are tapped into information about where, when and how attacks are occurring so they can more strategically plan for a proactive defense. The idea is simple: By developing a set of trigger scripts, the monitoring switch can respond when problematic conditions are met. So, in the case of security, if network traffic is deemed suspicious by the security tool, it will be sent to the appropriate security tool or network recorder for analysis. At the same time, an alert can be sent to the incident response team, whose members will immediately have all the necessary information at their fingertips when they access the network to troubleshoot the incident. The Anue NTO offers an additional layer of security through integration with SIEM tools. This integration makes it possible to automatically send relevant information to these tools for better correlation of seemingly disparate events. Step 5: Optimize Your Network With Trend Analysis Network planning requires long-term strategies that depend on business intelligence. Without a long history of network intelligence, it is difficult to devise a strategy based on anything other than guesswork. 4 2013 Ixia

Not only can a network monitoring switch like the Anue NTO help with immediate issues like distribution of information to monitoring tools and automated incident response, but it can also provide the capabilities needed to make decisions that feed into the organization s strategic vision. By using the historical trend data offered by the monitoring switch, organizations are better able to institute proactive network optimization on the operations side, rather than running the network reactively. Customers can watch trends and anticipate when network capacity will need to be added, rather than being surprised by network segments reaching capacity. Additionally, that same statistical information can be used to validate service-level agreements. Conclusion All too often, organizations throw money and bandwidth at network performance and security problems without ever achieving the network intelligence to fix the root causes. In order to strike that perfect balance between secure performance and reasonable investment, it takes a monitoring switch like the Anue NTO to achieve the kind of visibility necessary for that intelligence. The Anue NTO helps organizations filter unnecessary packets and distribute data optimally to existing monitoring tools so that they are never overloaded by data that eventually could be lost. Automatic trigger scripts help organizations get the most out of their monitoring investment by reducing mean time to repair. And all of that valuable trend data is made available so that organizations can be more proactive about their infrastructure decisions. Most important, it s all done in a way that reduces complexity, through a consistent management interface across all deployment scenarios. This power of simplicity drives the power to create more network monitoring ROI. To learn more, visit http://simpleis.ixiacom.com 5 2013 Ixia

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information