The Purview Solution Integration With Splunk



Similar documents
Extreme Networks: A SOLUTION WHITE PAPER

Purview. Product Overview NETWORK-POWERED APPLICATION ANALYTICS AND OPTIMIZATION DATA SHEET PURVIEW HIGHLIGHTS

Extreme Networks CoreFlow2 Technology TECHNOLOGY STRATEGY BRIEF

Extreme Networks Solutions for Microsoft Skype for Business Deployments SOLUTION BRIEF

We are able to increase application response time thus increasing productivity

Extreme Networks Purview Application Analytics Integration with VMware vrealize Log Insight

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

Augmented Search for Web Applications. New frontier in big log data analysis and application intelligence

QRadar SIEM and FireEye MPS Integration

EMC IONIX FOR SMART GRID VISIBILITY AND INTELLIGENCE

DELIVERING APPLICATION ANALYTICS FOR AN APPLICATION FLUENT NETWORK

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

IBM Security IBM Corporation IBM Corporation

ByteMobile Adaptive Traffic Management Product Family

Minder. simplifying IT. All-in-one solution to monitor Network, Server, Application & Log Data

4net ESP differentiators. Data Sheet

Elevating Data Center Performance Management

SDN Software Defined Networks

VMware Virtualization and Cloud Management Solutions. A Modern Approach to IT Management

XpoLog Center Suite Data Sheet

Augmented Search for IT Data Analytics. New frontier in big log data analysis and application intelligence

Augmented Search for Software Testing

Extreme Networks Software Defined Networking (SDN) Platform: Open, Standards-based and Comprehensive

Find the Information That Matters. Visualize Your Data, Your Way. Scalable, Flexible, Global Enterprise Ready

Lumeta IPsonar. Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks

Delivering actionable service knowledge

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide

PacketTrap One Resource for Managed Services

Copyright 2013 Splunk Inc. Introducing Splunk 6

Solution Overview. Optimizing Customer Care Processes Using Operational Intelligence

How To Make Data Streaming A Real Time Intelligence

Software defined networking. Your path to an agile hybrid cloud network

SDN and NFV in the WAN

Support the Era of the App with End-to-End Network and Application Performance Visibility

AlcAtel-lucent enterprise AnD sdnsquare sdn² network solution enabling highly efficient, volumetric, time-critical data transfer over ip networks

Network Performance Management Solutions Architecture

IBM QRadar Security Intelligence April 2013

Unified Security, ATP and more

Whitepaper Unified Visibility Fabric A New Approach to Visibility

MRV EMPOWERS THE OPTICAL EDGE.

Sikkerhet Network Protector SDN app Geir Åge Leirvik HP Networking

Leveraging SDN and NFV in the WAN

Avaya Virtualization Provisioning Service

QRadar SIEM and Zscaler Nanolog Streaming Service

Atrium Discovery for Storage. solution white paper

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Meraki as Cisco Cloud Services Manage your network Where ever you are!

Network Performance + Security Monitoring

Strategic Direction of Networking IPv6, SDN and NFV Where Do You Start?

Automating Healthcare Claim Processing

Network Metrics Content Pack for VMware vrealize Log Insight

What is Security Intelligence?

How To Manage A Network With Ccomtechnique

Forcepoint Stonesoft Management Center

Converged Infrastructures Demand Converged Business Service Management

Network Monitoring Fabrics Are Key to Scaling IT

MRV EMPOWERS THE OPTICAL EDGE.

Information Technology Policy

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

FlexPod from Cisco and NetApp:

ALCATEL-LUCENT ENTERPRISE DATA CENTER SWITCHING SOLUTION Automation for the next-generation data center

Network Management Deployment Guide

XpoLog Center Suite Log Management & Analysis platform

Simplifying Data Data Center Center Network Management Leveraging SDN SDN

How Cloud Services Benefit from Cloud-Based Delivery. With a Look at Solutions from Akamai

TORNADO Solution for Telecom Vertical

Kaseya Traverse. Kaseya Product Brief. Predictive SLA Management and Monitoring. Kaseya Traverse. Service Containers and Views

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

Secret Server Splunk Integration Guide

Superior Web Application Performance in the Cloud

End to End Solution to Accelerate Data Warehouse Optimization. Franco Flore Alliance Sales Director - APJ

Analance Data Integration Technical Whitepaper

Simplified Management With Hitachi Command Suite. By Hitachi Data Systems

Visibility in the Modern Data Center // Solution Overview

Experience Performance

場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR

Junos Space Virtual Control

Pentaho High-Performance Big Data Reference Configurations using Cisco Unified Computing System

Vistara Lifecycle Management

Q1 Labs Corporate Overview

Log Management Solution for IT Big Data

Gaining Operational Efficiencies with the Enterasys S-Series

IBM QRadar as a Service

SP Monitor. nfx One gives MSPs the agility and power they need to confidently grow their security services business. NFX FOR MSP SOLUTION BRIEF

can you improve service quality and availability while optimizing operations on VCE Vblock Systems?

DevOps Best Practices: Combine Coding with Collaboration

Implementing Software- Defined Security with CloudPassage Halo

EMC SOLUTION FOR SPLUNK

SAS IT Intelligence for VMware Infrastructure: Resource Optimization and Cost Recovery Frank Lieble, SAS Institute Inc.

When SDN meets Mobility

Business Case for Brocade Network Analytics for Mobile Network Operators

A Vision for Operational Analytics as the Enabler for Business Focused Hybrid Cloud Operations

Vulnerability Management

Layer 7 Visibility and Control

Enterprise Energy Management with JouleX and Cisco EnergyWise

access convergence management performance security

A Guide Through the BPM Maze

BlackStratus for Managed Service Providers

Transcription:

The Purview Solution Integration With Splunk Integrating Application Management and Business Analytics With Other IT Management Systems A SOLUTION WHITE PAPER

WHITE PAPER Introduction Purview Integration with Splunk Purview is a network powered application analytics and optimization solution that captures and analyzes context-based application traffic to deliver meaningful intelligence - about applications, users, locations and devices. It is the Industry s very first and only patent pending solution to transform the Network into a Strategic Business Asset - by enabling the mining of network-based business events and strategic information that help business leaders make faster and more effective decisions. It does this all from a centralized command control center that combines Network Management with Business Analytics, and at unprecedented scale (100M sessions) and scope. Enterprise mobility is more than the mobile device mobility and agility across the entire enterprise requires access to data from any device, which has resulted in a change of the application landscape by moving away from installing and maintaining traditional applications, to private and public Cloud-based delivery models, such as SalesForce.com, Google Apps and many more. Millions of new applications have been developed to support new work efficiencies, with new apps showing up every day; some become business-critical the next day while others may have no real value. Additionally, mobile users demand immediate access to all of their social media apps. Social, mobile, Cloud and Big Data is everywhere. To maximize the user experience IT must make sure that applications can be seamlessly delivered from the Cloud private or public to those users and devices that require them to perform their jobs. The Purview Solution White Paper 2

Apps Everywhere Public and Private Cloud How users see applications: How traditional switches see applications: Port 80 Port 443 Figure 1 Loss of application visibility and control What is Purview? The three main solution components that make up this unique Purview architecture are: OneFabric Control Center with OneFabric Connect Purview (Application Fingerprint) Engine CoreFlow2 based Data Collection Device OneFabric Control Center provides centralized visibility and control over the entire network. Centralized visibility and control enables infrastructure and application teams to work together, eliminating costly misalignments and errors that occur through typical operational workflows. Embedded automation and orchestration features improve application delivery for dynamic and mobile environments leveraging Cloud, virtualization, and server/storage consolidation. OneFabric Control Center provides unified, centralized management and control, which allows network operations to leverage the power and intelligence, built into Extreme Networks networking solutions and thereby unlock the full potential of Purview. Additionally, OneFabric Control Center as a SDN (Software Defined Network) management and control solution integrates with external systems via OneFabric Connect a set of APIs that increases visibility and control to new heights. The data that Purview provides can be accessed via OneFabric Connect to create new third party integrations or augment existing integrations. The integration options are: Scheduled reporting (email via PDF) OneFabric Connect API (XML) support for integration with other IT applications Real-time application detection notification (using syslog) Purview is in fact a deep packet inspection (DPI) solution that can be deployed at scale, across the entire network infrastructure from the data center to the mobile edge wired and wireless to provide a superior user experience while optimizing network resource utilization. A fully integrated and unified solution can also eliminate point products, thereby reducing the operational complexity and cost The Purview Solution White Paper 3

that is associated with these existing approaches. By providing more contextual information the solution becomes a business asset for analytics and network-driven business intelligence. CoreFlow2 is the cornerstone of Extreme Networks switching technology addressing the need for application monitoring and control at scale and highperformance. CoreFlow2 is a highly programmable custom designed ASIC, which delivers flexibility in packet classification and reframing not found in competitive offerings. The granularity of packet analysis and controls is unsurpassed, and it translates into real-world benefits in the data center and the campus network. The flow-based application visibility provided by CoreFlow2 is used to provide the Purview flow mirroring to the Purview Fingerprint Engine. Visibility Control Context OneFabric Control Center Collect Analyze Classify Purview Engine NetFlow Purview Mirror Massive scalability Multiple Tbit/s and millions of flows CoreFlow2 Data Collection Device Figure 1 Loss of application visibility and control Overview Purview Integration Splunk Enterprise What is Splunk Enterprise? IT systems and technology infrastructure websites, applications, servers, networks, sensors, mobile devices and the like generate massive amounts of machine data. By monitoring and analyzing everything from customer clickstreams and transactions to network activity and call records, Splunk Enterprise turns machine data into valuable analytics. Troubleshoot problems and investigate security incidents in minutes, not hours or days. Monitor your end-to-end infrastructure to avoid service degradation or outages. Gain real-time visibility into user experience, transactions and behavior. The integration with Splunk Enterprise and Purview allows users to take full advantage of layer 7 application fingerprints produced by Purview within the Splunk framework. This enables complex use cases and analytics that Splunk makes possible through its excellent user interface, but powered under the covers by Purview application fingerprints derived from real world network communications. Splunk also has the ability to issue complex queries over incoming data sources. This allows network and security administrators to gain insight into what is actually happening with networks and systems that they are responsible for. The addition of Purview data will allow such investigations to take into account full application layer fingerprinting information. This provides a rich enhancement to network visibility for Splunk users. The Purview Solution White Paper 4

Purview Alerts with Splunk Enterprise Splunk has a light-weight correlation system capable of producing custom-built Alerts. The Splunk system allows the administrator to create security, policy, or behavioral Alerts tied to specific values extracted from the results of a saved search. These Alerts can be posted to the Splunk user interface, configured to launch an administrator supplied script, or emailed to provide immediate notification. The Splunk system does not come with a large number of default Alerts, instead, Splunk administrators create their own custom Alerts to match their particular needs. In the example below a custom Splunk Alert is created via a wizard to detect virtual network computing (VNC) network reconnaissance and then post the Alert to the Splunk user interface. Purview Visibility within Splunk Splunk is able to provide in-depth visibility derived from the Purview event feed. Splunk provides a facility for complex queries, custom aggregations, multiple chart formatting options, real-time dashboards, and historical views through trend reports. Splunk s strength is to parse, normalize, and process all available fields within the Purview event feed without any burdensome customization requirements placed upon the administrator. In the example below the Application Response Time field provided in the Purview feed is monitored for all values greater than 200 ms, aggregated by application, and then displayed in an auto-updating time-series chart. The Purview Solution White Paper 5

Additional visualizations of Purview data are displayed below. Figure 5 Raw Purview data collected from a relatively busy network: The Purview Solution White Paper 6

Figure 6 The Purview data is fully indexed and is searchable Figure 7 Top source IP addresses in the current data set along with an aggregate graphical view The Purview Solution White Paper 7

Top applications in the current sample set. This illustrates Splunk indexing of our application specific fingerprint information: Figure 8 Top Apps The Purview Solution White Paper 8

Top applications in the current sample set. This illustrates Splunk indexing of our application specific fingerprint information: Splunk Queries of Purview Data A strength of Splunk is the ability to issue complex queries over incoming data sources. This allows network and security administrators to gain insight into what is actually happening with networks and systems that they are responsible for. The addition of Purview data will allow such investigations to take into account full application layer fingerprinting information. This provides a rich enhancement to network visibility for Splunk users. Summary Purview provides application visibility for IT operations and business analytics at unparalleled scale and performance. Purview is also part of the OneFabric Control Center suite of network management solutions. By taking advantage of the OneFabric Connect API, Purview acts as a data broker and can feed application layer data to other third party applications to use for things such as SIEM, Splunk for detailed compliance reporting and analytics, and much more. 2014 Extreme Networks, Inc. All rights reserved. Extreme Networks and the Extreme Networks logo are trademarks or registered trademarks of Extreme Networks, Inc. in the United States and/or other countries. All other names are the property of their respective owners. For additional information on Extreme Networks Trademarks please see http://www.extremenetworks.com/about-extreme/trademarks.aspx. Specifications and product availability are subject to change without notice. 6667-0114 WWW.EXTREMENETWORKS.COM The Purview Solution White Paper 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information