20:20 Network Visibility
We do business with
- 4 of the top 10 Fortune 100
- 6 of the top 10 banks in the US
For corporations the need to get accurate and granular visibility into what’s happening on the network is a critical one. As voice and data network converge, the network by definition becomes more critical to the business and the need to know what’s happening on it becomes more acute.
CIOs play a critical role inside large organisations. They must keep the network up at all times, ensure sensitive customer information is adequately protected, manage end-user quality of experience and ensure that compliance requirements are met—and do it all with dwindling resources.
To assist them, CIO’s buy a range of different tools; those that provide them with visibility into security threats, DDoS attacks, quality of experience issues, network utilisation and application performance (to mention just a few).
What's interesting is that the high-level objective of each tool is broadly the same: identify service-effecting events rapidly and get them remediated as quickly as possible. What’s odd, however, is that the more tools companies deploy, the more confused the picture often seems to become.
Technology paradigm ‘'fail'’
Endace 2011 Network Visibility Monitor
See what nearly 100 US organisations have to say on the subject of 10Gb/s network and its impact on their operations. Download the '2011 network visibility monitor study' findings.
The current network monitoring and security technology paradigm is flawed on a number of different fronts.
- Tools miss events and the faster the network, the more events they miss. There's a growing body of evidence to support this claim. Take a careful look through the latest NSS Labs reports for network security products and you'll quickly see what we mean.
- Rarely is the process of investigating and fixing a network event a one-tool job. Most events require at least two tools to resolve them but if the two tools haven’t seen the event in the same way, then remediation can be extremely difficult.
- Tools rarely talk to each other, so MTTR is invariably slow as engineers have to go through highly manual ‘swivel chair’ processes to resolve events and issues.
- As each tool currently requires its own dedicated server, the growing number of tools is seriously challenging organisations from rack space, heat and power perspectives.
Smart organisations are using the transition to 10Gb/s as an opportunity to challenge the established wisdom and deploy a next-generation Monitoring and Recording Architecture that addresses all of these issues.
Real business benefits
The business benefits that can be derived from adopting a fabric strategy can be expressed in a number of different ways:
Application accuracy
To borrow a line from an Endace customer – “if you haven’t got every packet, then any analysis that you do is pointless.” Put that another way: you can have all the tools in the world, but if the raw input (packets) that goes into them is flawed then any output that they generate must be treated with extreme caution.
Hardware consolidation
Virtualisation has touched just about every other part of the modern enterprise IT infrastructure and it was only a matter of time before it influenced network appliances. Using heavily customised open source virtualisation capability we have enabled organisations to deploy up to six different applications on the same piece of physical hardware creating significant space, weight and power savings.
Automation: Reducing Mean Time to Resolution
For CIO’s MTTR really matters – the faster issues can be resolved the more issues can be handled by a smaller group of people. The current monitoring paradigm does little to help organisations manage MTTR – requiring multiple proprietary systems to remediate issues (what we call ‘swivel chair event management’).
Compliance
Compliance remains a significant issue for many corporations, with investment going into systems to ensure compliance with PCI, HIPAA, FISMA, ISO27000 and SOX (etc). However, the financial consequences of non-compliance are trivial compared to the damage done to a company’s reputation when customers’ personal details are stolen.
Application agility
The current appliance-based technology paradigm is highly restrictive for large organisations. Because every tool comes with its own hardware, organisations are typically tied to the tool for the duration of the hardware's life. This is great for tool vendors but is not in the best interest of organisations.
Future proofing
The future is uncertain, that’s a given however, what is certain is that the amount of data that organisations are going to be expected to manage will increase. Over the last four years the amount of data passing through corporate LANs has increased exponentially and according to CISCO, will increase 4 fold by 2014.
Key takeaways
Organisations face many challenges today, but there are alternatives to the current technology paradigm. If you are considering a monitoring or security system refresh, then you owe it to your organisation to consider a monitoring fabric. Or of course you could just keep doing it the old way….
- At network speeds beyond 2Gb/s, the physical hardware is the difference that makes the difference and the organisations that make the best tools, don’t make the best hardware
- By separating the monitoring hardware from the software tools CXOs can have hardware that guarantees to capture every packet and tools that deliver real visibility