Use cases for network visibility solutions
What is Network Visibility?
Visibility is defined by Webster's Dictionary as "the ability to be easily seen" or "the degree of clarity". Network or application visibility refers to the removal of blind spots that hide the ability to easily see (or quantify) what is happening on the network and/or applications on the network. This visibility allows IT teams to quickly isolate security threats and resolve performance issues, ultimately providing the best end user experience.
Another insight is what allows IT teams to control and optimize the network along with applications and IT services. This is why network, application, and security visibility is absolutely essential for any IT organization.
The easiest way to achieve network visibility is to implement a visibility architecture, which is a comprehensive end-to-end infrastructure that provides visibility into the physical and virtual network, applications, and security.
Laying the foundation for network visibility
Once the visibility architecture is in place, many use cases become available. As shown below, the visibility architecture represents three main levels of visibility: the access level, the control level, and the monitoring level.
Using the elements shown, IT professionals can solve various network and application problems. There are two categories of use cases:
- Basic Visibility Solutions
- Complete network visibility
Core visibility solutions focus on network security, cost savings, and troubleshooting. These are three criteria that affect IT on a monthly, if not daily basis. Complete network visibility is designed to provide a deeper understanding of blind spot areas, performance and compliance.
What can you really do with network visibility?
There are six different use cases for network visibility that can clearly show value. This:
- Improved network security
β Providing containment and cost reduction opportunities
β Troubleshooting acceleration and network reliability increase
- Eliminate network blind spots
- Optimizing network and application performance
β Strengthening regulatory compliance
Below are some specific usage examples.
Example #1 β Filtering data for in-line security solutions increases the effectiveness of these solutions
The purpose of this option is to use a Network Packet Broker (NPB) to filter low-risk data (such as video and voice) in order to exclude them from security checks (Intrusion Prevention System (IPS), Data Loss Prevention (DLP) , web application firewall (WAF), etc.). This "uninteresting" traffic can be detected and passed back to the by-pass switch and sent further into the network. The advantage of this solution is that the WAF or IPS does not have to waste processor (CPU) resources to analyze unnecessary data. If your network traffic contains a significant amount of this type of data, you can implement this feature and reduce the load on your security tools.
Companies have had cases where up to 35% of low-risk network traffic was excluded from IPS inspection. This automatically increases the effective IPS bandwidth by 35% and means you can delay purchasing additional IPS or upgrading. We all know that network traffic increases, so at some point you will need a higher performance IPS. It's really a matter of whether you want to minimize costs or not.
Example #2 - Load Balancing Extends the Life of 1-10Gb/s Devices in a 40Gb/s Network
The second use case involves reducing the cost of ownership of network equipment. This is achieved by using Packet Brokers (NPBs) to balance traffic to security and monitoring tools. How can load balancing help most businesses? First, an increase in the amount of network traffic is very common. But what about monitoring the impact of bandwidth growth? For example, if you are upgrading the network core from 1Gbps to 10Gbps, you will need 10Gbps tools to properly monitor. If you increase the speed to 40 Gb/s or 100 Gb/s, then at these speeds there will be a lot less choice of monitoring tools and their cost is very high.
Packet brokers provide the necessary aggregation and load balancing capabilities. For example, 40 Gb/s traffic balancing allows you to distribute monitoring traffic across multiple 10 Gb/s tools. You can then extend the life of your 10Gb devices until you have enough money to buy more expensive tools that can handle higher data rates.
Another example is to combine tools in one place and pass the necessary data to them from the package broker. Sometimes separate solutions distributed over the network are used. Survey data from Enterprise Management Associates (EMA) shows that 32% of enterprise solutions are underutilized, less than 50%. Tool centralization and load balancing allow you to pool resources and increase usage using fewer devices. You can often put off acquiring additional tools until the utilization rate is high enough.
Example #3 - Troubleshooting to reduce/eliminate the need for Change Board permissions
Once the visibility equipment (taps (TAPs), NPBsβ¦) is installed on the network, you rarely need to make changes to the network. This allows you to streamline some troubleshooting processes to improve efficiency.
For example, after TAP is set ("set it and forget it") it passively passes a copy of all traffic to the NPB. This has a huge advantage as it removes much of the bureaucratic nuance of getting approvals to make changes to the network. If you also install a packet broker, you will have instant access to almost all the data you need for troubleshooting.
If there is no need to make changes, you can skip the change reconciliation steps and go directly to debugging. This new process has a big impact on reducing Mean Time to Repair (MTTR). Studies show that it is possible to reduce MTTR by up to 80%.
Case Study #4 - Application Intelligence, Applying Application Filtering and Data Masking to Improve Security Effectiveness
What is Application Intelligence? This technology is available from the IXIA Package Brokers (NPB). This is an advanced functionality that allows you to go beyond layer 2-4 packet filtering (OSI models) and go all the way to layer 7 (application layer). The advantage is that user and application behavior and location data can be created and exported in any desired formatβraw packets, filtered packets, or NetFlow (IxFlow) information. IT departments can identify hidden network applications, mitigate network security threats, and reduce network downtime and/or improve network performance. Distinguishing features of known and unknown applications can be identified, captured and shared with specialized monitoring and security tools.
- identification of suspicious/unknown applications
- detection of suspicious behavior by geolocation, for example, a user from North Korea connects to your FTP server and transfers data
- SSL decryption to check and analyze potential threats
- application misbehavior analysis
- analysis of the amount and growth of traffic to actively manage resources and predict expansion
- masking sensitive data (credit cards, credentialsβ¦) before sending
The Visibility Intelligence functionality is available both in physical and virtual (Cloud Lens Private) IXIA package brokers (NPB), and in public "clouds" - Cloud Lens Public:
In addition to the standard functionality of NetStack, PacketStack and AppStack:
Recently, the security functionality of SecureStack (to optimize the processing of confidential traffic), MobileStack (for mobile operators) and TradeStack (to monitor and filter financial trading data) has also been added:
Conclusions
Network Visibility Solutions is a powerful tool capable of optimizing the architecture of network monitoring and security, which creates a fundamental collection and exchange of necessary data.
Use cases allow:
- give access to the necessary specific data as needed for diagnostics and troubleshooting
- add/remove security solutions, both in-line and out-of-band monitoring
- reduce MTTR
- ensure fast response to problems
- conduct an advanced threat analysis
- eliminate most of the bureaucratic approvals
- reduce the financial consequences of hacking by quickly connecting the right solutions to the network and reducing MTTR
- reduce the cost and labor of setting up a SPAN port
Source: habr.com