20:20 Network Visibility
We do business with
- 4 of the top 10 Fortune 100
- 6 of the top 10 banks in the US
For enterprises the need to get accurate and granular visibility into what’s happening on the network is critical. As voice and data network converge, the network by definition becomes more critical to the business and the need to know what’s happening on it becomes more acute.
CIOs play a critical role inside large organizations. They must keep the network up at all times, ensure sensitive customer information is adequately protected, manage end-user quality of experience, and ensure that compliance requirements are met — and do it all with dwindling resources.
To assist them, CIOs buy a range of different tools; those that provide them with visibility into security threats, DDoS attacks, quality of experience issues, network utilization, and application performance (to mention just a few).
What's interesting is that the high-level objective of each tool is broadly the same: identify service-affecting events rapidly and get them remediated as quickly as possible. What’s odd, however, is that the more tools companies deploy, the more confused the picture often seems to become.
Technology paradigm ‘'fail'’
Endace 2011 Network Visibility Monitor
See what nearly 100 US organizations have to say on the subject of 10Gb/s network and its impact on their operations.
Download the '2011 network visibility monitor study' findings.
The current network monitoring and security technology paradigm is flawed on a number of different fronts:
- Tools miss events and the faster the network, the more events they miss. There's a growing body of evidence to support this claim. Take a careful look through the latest NSS Labs reports for network security products and you'll quickly see what we mean.
- Rarely is the process of investigating and fixing a network event a one-tool job. Most events require at least two tools to resolve them but if the two tools haven’t seen the event in the same way, then remediation can be extremely difficult.
- Tools rarely talk to each other, so MTTR is invariably slow as engineers have to go through highly manual ‘swivel chair’ processes to resolve events and issues.
- As each tool currently requires its own dedicated server, the growing number of tools is seriously challenging organizations from rack space, heat, and power perspectives.
Smart organizations are using the transition to 10Gb/s as an opportunity to challenge the established wisdom and deploy a next-generation Monitoring and Recording Architecture that addresses all of these issues.
Real business benefits
The business benefits that can be derived from adopting a fabric strategy can be expressed in a number of different ways:
Reducing Mean-Time-to-Resolution
For CIOs MTTR really matters – the faster issues can be resolved, the more issues can be handled by a smaller group of people. The current monitoring paradigm does little to help organizations manage MTTR – requiring multiple proprietary systems to remediate issues (what we call 'swivel chair event management'). Leveraging the power of EndaceVision organizations can dramatically reduce the mean-time-to-resolution on network issues.
Improving application accuracy
To borrow a line from an Endace customer: “if you haven’t got every packet, then any analysis that you do is pointless.” Put that another way: you can have all the tools in the world, but if the raw input (packets) that goes into them is flawed then any output that they generate must be treated with extreme caution.
Consolidating hardware
Virtualization has touched just about every other part of the modern enterprise IT infrastructure and it was only a matter of time before it influenced network appliances. Using heavily customized open-source virtualization capability, we have enabled organizations to deploy up to six different applications on the same piece of physical hardware, creating significant space, weight, and power savings.
Improving compliance
Compliance remains a significant issue for many enterprises, with investment going into systems to ensure compliance with PCI, HIPAA, FISMA, ISO27000, and SOX, etc. However, the financial consequences of non-compliance are trivial compared to the damage done to a company’s reputation when customers’ personal details are stolen.
Developing application agility
The current appliance-based technology paradigm is highly restrictive for large organizations. Because every tool comes with its own hardware, organizations are typically tied to the tool for the duration of the hardware's life. This is great for tool vendors but is not in the best interest of organizations.
Future proofing
The future is uncertain. That’s a given, however what is certain is that the amount of data that organizations are going to be expected to manage will increase. Over the past four years the amount of data passing through corporate LANs has increased exponentially and according to CISCO, will increase fourfold by 2014.
Key takeaways
Organizations face many challenges today, but there are alternatives to the current technology paradigm. If you are considering a monitoring or security system refresh, then you owe it to your organization to consider a monitoring fabric. Or of course you could just keep doing it the old way…
- At network speeds beyond 2Gb/s, the physical hardware is the difference that makes the difference, and the organizations that make the best tools don’t make the best hardware.
- By separating the monitoring hardware from the software tools, CXOs can have hardware that guarantees to capture every packet and tools that deliver real visibility.
