Data Security and Performance Management from Network Instruments

Is your performance management solution a target for attackers? With increasingly creative exploits, it is important to stay ahead of the curve when it comes to data protection. Performance monitoring tools that do not keep pace can leave your information vulnerable.

TOTAL PERFORMANCE MANAGEMENT

The Observer® Performance Management Platform is a fully integrated solution, purpose-built to support the highest level of network security.

Its features include:

• TLS-based 256-bit encryption for data in motion and data at rest
• Power to keep up with line-rate during encryption
• Network invisibility option with internal Gen2 capture card
• Web-based interface for reduced learning curve, maximum ease of use
• Centralized management of AAA

The Observer Platform delivers a return far above its cost, as not only a powerful monitoring solution but a wise addition to any enterprise security strategy.

Learn more by downloading the white paper

Mobilicity Down But Still Not Out; Catalyst Frustrated in Attempts to Influence Cellco

Indebted Canadian cellco Mobilicity has received its eighth court-sanctioned extension to its creditor protection, from 1 December 2014 until 30 January 2015, while it continues to seek a buyer for its business, the Globe & Mail reports. In its latest court filing Mobilicity reported 154,900 active subscribers at 31 October, down by 1,400 since August, Canadian website MobileSyrup noted, as the struggling operator continues to compete via discount offers and promotions. The court document also disclosed that Mobilicity has ‘been engaged in discussions with several parties who have expressed interest in advancing a transaction.’ Mobilicity had CAD415 million (USD368 million) in long-term debt as of 31 March, but this week’s filings state it is currently operating on a ‘cash flow break-even basis’.

Meanwhile this week Mobilicity’s largest bondholder Catalyst Capital stated it is willing to contribute funding towards Mobilicity bidding in Industry Canada’s AWS-3 mobile spectrum auction set to take place in March 2015, with a preliminary deadline for bid applications of 30 January 2015. The Globe & Mail writes that Catalyst told the court of its CAD400 million financing plan, of which it was willing to advance up to CAD300 million, although the Toronto-based fund admitted that few direct discussions have taken place with Mobilicity, while it has received little specific feedback on its proposals. Catalyst was excluded from an additional round of financing involving other debtholders last year and has complained of being shut out of discussions with other parties regarding potential deals with Mobilicity. Furthermore, whilst granting Mobilicity’s latest creditor protection period, the Ontario Court of Justice rejected a request from Catalyst for a court-ordered meeting with the cellco.

Thanks to TeleGeograpy for the article.

What is Lurking in Your Network’s Blind Spots? Find Out with Ixia’s Visibility Architecture

Ixia’s Visibility Architecture solution easily integrates into data center environments to help enterprises and service providers achieve greater visibility into and performance for rapidly growing complex networks.

Today’s networks continue to grow in size and complexity, presenting new challenges for IT and network administrators. More users are connecting using multiple mobile devices consuming more data from more sources – and many of those apps are hosted on virtualized infrastructure. What’s worse is users, both internal and external, have increasingly high expectations for always-on access and immediate application response.

This complexity and growth often results in “blind spots” on the network. Blind spots are where issues grow, and security threats propagate. These blind spots arise when there is a lack of end-to-end visibility. Why is there a lack of end-to-end visibility? A lack of SPAN and tap ports can limit monitoring tool access to data. Duplicated packets from SPAN ports can overwhelm limited tool capacity. And monitoring quite often fails to keep up with network upgrades resulting in lack of monitoring tool capacity and/or budget.

Network blind spots can be costly and risk-filled because they increase the risk of network downtime, decreased user experience, security events, noncompliant audit results and impacts to application performance.

Because as much as 80% of traffic in today’s data center is “east-west” traffic between applications, any visibility solution must provide for monitoring traffic on both the physical and virtual network easily, regardless of what hypervisor solution is in use.

Finally, visibility can refer to out-of-band monitoring and in-band security inspection and enforcement.

So, how do you address all these visibility challenges and start eliminating the blind spots? We at Ixia are focused on building solutions for our customers, not selling product. And we believe the new Ixia Visibility Architecture is a unique, integrated solution that addresses all these needs for enterprise and service provider organizations.

If you’d like to learn more, watch the following Visibility Architecture video or spend some time browsing our website.

Additional Resources:

Ixia’s Visibility Architecture: A New Perspective On Network Visibility

Thanks to Ixia for the article.

The 5 Main Questions You Have to Ask in Network Management

Although many people may perceive Network Management as an extremely complicated and diverse area of specialty, there really are only 5 questions that every Network Manager needs to think about. The main components behind every problem in Network Management, are as follows:

What do I have?

If you don’t know what you have how can you manage or monitor it. Most of the time in Network Management you’re trying to track down potential issues and how you’re going to resolve these issues. This is a very hard task especially if you’re dealing with a large scale network. If one thing goes down within the network it starts a trickle effect and then more aspects of the network will in return start to go down.

If you don’t know what you have how are you meant to know if you need an upgrade. Numerous enterprises are paying for upgrades that aren’t needed and getting charged for unnecessary maintenance. A simple tool like automated discovery management can help resolve this. It identifies what you have, displays topology maps and automatically compiles reports.

Is anything broken?

At times, technology seems like it is advancing faster than we can keep up with it. As the industry evolves, your business must adapt to take these changes, especially if you want to stay as efficient as possible. Finding out if there are any issues with your infrastructure sooner rather than later is an obvious factor, but some people find this harder than others with the size of their IT infrastructure.

Having the right Network Management solution enables you to find the flaws early on so they don’t snow ball into a catastrophe. Continuous monitoring of all systems ( devices, services, UPS’s) are all key components to eliminate these issues, an application such as Root Cause Analysis or Weathermapping can help you manage these complications.

Why is it slow?

The number one complaint is why is it slow? Everyone always presumes that it’s the networks fault that the application is slow, in reality there is a number of issues. These concerns include over capacity of links, poorly written applications, firewall problems or even QoS issues. Sometimes it’s tricky to find the actual cause of the application being slow as most of the time there is no evident issue to be found.

What can be done? TEST, TEST, TEST, and then correlate these to come up with a realistic resolution. You can use NetFlow to get a real deep dive into what’s going on.

Is it secure?

Is my network secure is a hot topic these times with breaches occurring in some of the top firm’s applications. Company’s such as JP Morgan, EBay and Snapchat have all had security threats in 2014 with a lot of their customer’s information being jeopardized. Many wonder if these networks are safe and the answer is that that they are.

There is always going to be vulnerabilities no matter what, in the first of half 2014 there were over 400 security breaches within companies withholding personal information. As long as you have a trusted network manager you should be ok, a lot of these hacks are just wake up calls for companies to improve their security network.

Our approach to security is to create, push and perform security policies. Every network application should have a good protection policy configuration. Here at NMSaaS we can create those policy checking systems which have the possibilities to take down any possible vulnerabilities and eliminate them.

Can I recover if something fails?

In reality nothing lasts forever, the average life span for a hardware device is 4 years. The main concern is are you able to recover your data if a problem arises, and the answer is yes.

What to do

• Back up all of you device configuration files (off site)
• Maintain a consistent schedule of backups.
• Have a quick and simple restoration process if something does fail.
• There are always going to be problems no matter what, but what you have to remember is that there is always a solution to every problem!

Is It Time To Consider Changing Your Contact Center Telephony Platform? Consider This:

Whether in the product business, or in services, a company’s brand image is shaped by how customers feel about interacting with the company. The impression they take away from a call to the business’s support or contact center has a lasting impact that can be either good or bad. Customer facing operations are crucial. As a business grows or undergoes other strategic changes, it may require updating its contact center operations as well.

Signaling Change

Arnab Mishra is Senior VP, Products and Solutions at Transera, a cloud customer engagement and analytics provider. He believes any changes should be made to the contact center only based on the dynamics of how the contact center is interacting with customers. He shared three basic questions that businesses can typically use to determine whether they have outgrown their current solution:

How is the business reaching out to customer? If the business’ outreach strategy is shifting, then it may be time to look for a new solution which better meets the demands of that strategy.

Is the business growing geographically? Expanding to new areas typically requires adding agents to new locations or outsourcing, and either case usually creates the need to move to a new provider.

At what stage of its lifecycle is the business? A young, expanding company may need a solution capable of handling a growing number of customer interactions, whereas a more established business will typically focus on a customer analytics solution to retain their large numbers of customers. In either case, changes to how they are interacting with customers can mean that their current solution is no longer providing the service needed, and it’s time to switch.

The backend and technology infrastructure of the contact center solution also play an important part. Mike Burke, VP Sales & Business Development at IQ Services, recommended checking for the following red flags in the infrastructure:

• Inability to offer an omni-channel interface to key customer groups, for example lack of social media interaction engines.
• Incompatibility with emerging technologies & expectations such as Secure SIP, interface to the PSTN, WebRTC, Speech analytics etc.
• Absence of functionality that reduces customer effort such as self-service, click to have an agent call back when available rather than waiting on hold for several minutes.
• Difficulty in scaling to handle seasonal peaks.

Weighing the Trade-Off

Infrastructure changes can be quite challenging for any business, especially changes of this magnitude and need careful evaluation. A thorough cost versus benefits analysis has to happen when weighing the trade-offs of changing providers. Mishra advised, “If your business has evolved significantly since you last decided on a contact center solution, and that solution is no longer meeting your requirements, then it is no longer a question of risk vs. benefits and becomes more of a necessity that you move to a new solution. On the other hand, if the changes to how your business interacts with customers have been minor, then moving to a new system likely isn’t worth it.”

Burke advocates focusing on customer service experience over technology performance. “Check the Total Cost of Operation (TCO) and do an Return on Investment (ROI) analysis, including the adverse impact of current technology/platform dysfunction on customer service experience. Trace the steps of the customer service experience.”

Mishra added, “It’s also important to consider the larger timeframe here, since most contact center systems have been in place for a decade or longer. Evaluate the benefits of moving to a new solution over an extended time period, and if you see that your business is likely to go through significant changes, then it’s time to move on”.

Mitigating the Risks

If the evaluation indicates that the contact center solution must be changed, there are a few main risks to watch out for while considering a new solution. Mishra talked about some common risk factors to be considered, “First is the functionality risk, which refers to whether the new solution is capable of performing all of the functions that you need it to. Related to this is system quality risk, which deals with the new solution’s ability not only to perform the necessary functions, but to do so reliably and efficiently. Finally, vendor relationship risk concerns the vendor company itself, and how well they treat their customers. Fortunately, all of these risks can be effectively mitigated with a bit of precautionary planning.”

To manage changes in the implementation, Burke advised, “If basic functionality is implemented differently, mitigate the risk through a detailed discovery and process documentation for the new implementation. Arrange adequate training for the customer service representatives and support teams. Test to ensure migration faithfully regenerates the previous integrations and operation.” To avoid risk due to custom integrations, Burke recommended sticking with standard APIs during development.

Mishra added a final word of caution, “Do some research on the side about potential providers. Look into both the provider’s history of performance with other customers, as well if they have a set service level that they adhere to or guarantee certain services to provide assurance to the customer. Along with their capability, also evaluate how committed they are to the transition.”

Thanks to Customer Experience Report for the article.

Synchronizing Time Using Presentense

PresenTense offers you an alternative to the limited functionality of synchronizing with Microsoft W32Time program. PresenTense, will not only synchronize all of the Windows PCs on the network, but also provides alert notification and a audit trail which is  not available from the Microsoft W32Time (Windows Time Service). PresenTense Client and Server software is a has Graphical User Interface (GUI) based program that can provide a primary and back-up time reference for redundancy.

PresenTense Client software synchronizes the PCs to the Time Server and/or another PC on the network that is running the Server software. If the PC can’t reach its Time reference, it can email an alert notification that it can’t be synchronized. PresenTense LAN Time Analyzer is a network time synchronization administrative tool that monitors the time accuracy of all PCs on the network. If a PC exceeds a user-defined accuracy specification, this program can run any exe-based program and can also open a message on the PC’s monitor, alerting to a PC with an error higher than expected and desired

Presentense LAN Time Analyzer

The PresenTense NTP Auditor program provides an audit trail of the PC’s time by comparing the PC’s time to up to three different NTP Time references. This program can provide a continuous print-out for a hard-copy proof that each PC was synchronized at any given moment in time. It also logs this information in a text file sorted automatically by month and day. The time is sampled at set intervals and the error of the PC’s time compared to the reference NTP Time Servers is permanently captured. If the time of the PC is manually set by someone at any time between the scheduled samples, the program automatically triggers an unscheduled sample to permanently log how far off from UTC the PC was manually set and when the event occurred. Once the PC is resynchronized or manually set again, another unscheduled sample occurs again and the time of this occurrence is logged.

Presentense NTP Auditor

If you would like to try Presentense for your network you can obtain a free 30 day evaluation trail by contacting us at Telnet Networks at 800-561-4019. You can download you 30 day free trail here

Security & Compliance Monitoring

High-stakes Monitoring

Global finance moves fast. When data and transactions don’t take place as smoothly or securely as expected, the company’s revenues and reputation may instantly suffer, causing valued customers to seek more reliable providers. Regulatory requirements are also growing, creating a greater need for security and compliance monitoring.

To mitigate risk and ensure performance, Ixia’s network visibility solutions deliver the ongoing data needed to dynamically detect, avoid, and address issues that affect production networks, private clouds, and applications. With security and compliance monitoring requirements increasing and physical networks becoming more complex, the Ixia suite of network monitoring switches optimizes use of network monitoring access points and overcomes hardware limitations for increased visibility at reduced cost.

Leveraging industry-leading network visibility technology, Ixia’s solutions enable engineers running the world’s most demanding networks to:

• Minimize latency and speed transaction times
• Prevent fraud and secure data across multiple networks and private cloud infrastructures
• Maintain compliance with rigorous regulatory standards associated with PCI-DSS and other governance
• Maximize existing investments while evolving to 40Gbps and beyond
• Demonstrate fairness to customers and compliance with requirements tied to Service Level Agreements

Ixia’s suite of solutions also supports testing, assessing and optimizing of network and application performance, security, compliance, and management under diverse conditions. These breakthrough solutions deliver:

• Increased network visibility by efficiently providing network, application, and security monitoring tools the exact data they need
• Expanded network monitoring capacity with aggregation, filtering, and replication of data enabling simultaneous monitoring of multiple connection points from a single port
• Maximum tool utilization extending 1Gbps monitoring tools to 10Gbps and 40Gbps networks to defer costly upgrades
• Automated troubleshooting that reduces mean time to repair (MTTR)
• Industry-first “drag and drop” interface that speeds and simplifies configuration and management

Related Products

Net Tool Optimizers Out-of-band traffic aggregation, filtering, dedup, load balancing	Net Optics Network Taps Passive network access for security and monitoring tools	Phantom Virtualization Tap Passive network access to traffic passing between VMs	Net Optics Network Packet Brokers Inline traffic aggregation, filtering, deduplication and load balancing for monitoring tools	Ixia Application and Threat Intelligence Processor Better data for better decisions

Resources

The Real Secret to Securing your Network

Thanks to Ixia for the article. 

Optimize Customer Service Experience with IQ Services VC 101

Many people believe they are best served by real people, not by voice robots. That’s the rationale behind GetHuman.com. But the economics and utility of self-service as an alternative to live agent interactions are so compelling that self-service solutions are here to stay.

Providing multiple touchpoints is a huge technology investment. Technology is great, but you can’t just diligently manage the implementation process and then assume all is well with the customer service experience. Because nothing’s static in this world it’s extremely important to confirm from your customers’ perspective that your contact center technology really is capable of delivering the experience you intend, one that defends your brand promise.

In 17 years of supporting clients through all phases of the contact center lifecycle, we’ve learned many lessons about how to best evaluate and optimize the Customer Service Experience (CSE) that is the foundation of delivering your brand promise. This article introduces a process that ensures the contact center technologies are in fact offering the customer service experience you intend, one that delivers on your brand promise.

How?

INTRODUCING VC101®

VC101® is a proven process that ensures the customer service experience delivered is aligned with the intentions of the Customer Experience & Brand Management teams because its first step is identifying key customers and defining how they will interact with the contact center technology you put in place. By doing so, VC101® goes beyond using only internal metrics that confirm everything is Working As Designed (WAD) to monitor & measure actual customer service experience as it’s delivered.

Once you have actual Customer Service Experience data, you can create a feedback loop by tweaking your systems and observing impact on the actual CSE delivered, not just on internal metrics such as CPU time or QoS.

And when you know the service experience delivered by your contact center technologies defends your brand standards, you can also be confident the experience delivered increases loyalty and creates advocates.

WHAT IS VC101®?

VC101® is a multistep process that first defines and then deploys Virtual Customers (VCs) to perform real end-to-end transactions for the purpose of evaluating application and technology performance related to Customer Service Experience impact.

WHAT ARE “VIRTUAL CUSTOMERS”?

Virtual Customers are automated processes that follow test case scripts to interact with the Contact Center just like real customers performing real transactions.

DEPLOYING “VIRTUAL CUSTOMERS”

Once the VCs are defined and the rampup and rollout plans are drawn up, the VCs are deployed. Key considerations in deploying VCs include:

• Risk analysis and consequences
• Selection of the right VC interactions
• Clearly defined availability and performance objectives and metrics
• Benchmark assessment
• Reporting and notification criteria

WHAT IS CSE OPTIMIZATION?

• A process for deploying VCs to collect data that can be used to evaluate and improve business solution performance relative to defined objectives and metrics
• May involve identification and integration of tools and services not provided by IQ Services
• An iterative process that tunes the CSE as it’s delivered

CONCLUSION

Properly implemented, VC101® is a critical element of an integrated continuous improvement process that hones & perfects a customer service experience that defends brand promise, thereby positively impacting key customer service metrics such as customer effort, customer loyalty, and net promoter score. Experiences that defend brand promise ultimately have bottom line impact, resulting in reduced total cost of operation and achievement of intended ROI.

Telus Launches Two Cisco Powered Cloud Services

In a press release, Canadian full-service telco Telus announced it is introducing two new solutions to enable Canadian businesses leverage cloud-based technology ‘to improve how they communicate with their customers, employees and partners.’ TELUS Cloud Collaboration provides businesses with access to a full suite of unified communications services, and TELUS Cloud Contact Centre offers a fully featured contact centre solution hosted in the cloud. Both products are powered by the Cisco Hosted Collaboration Solution (HCS), an end-to-end solution that enables highly secure, reliable and scalable ‘as-a-service’ offerings of Cisco Collaboration technologies. ‘For Canadian businesses looking for a competitive edge, cloud-based services can optimise employee productivity and improve customer service, while reducing technology expenditures,’ said Peter Green, president of Telus Business Solutions, adding that the new cloud offerings ‘eliminate the financial barriers to adopting best-in-class solutions, putting them within reach of businesses of any size.’

Thanks to TeleGeography for the article.

Leveraging APM Solutions to Protect Payment Card Information

Security breaches are common today – from computer viruses, such as Bash Bug or Heartbleed, undermining the security of millions of websites, to credit card cyber theft experienced by big retailers. One effort to protect cardholder information is Payment Card Industry (PCI) Data Security Standard (DSS), which was created in October 2008 to protect personal cardholder information whenever used in a financial transaction. PCI DSS, which is applied wherever cardholder data is stored, processed or transmitted, is becoming a requirement for organizations that utilize credit cards. Failure to adhere to the PCI DSS standard can result in revocation of card processing privileges or monetary penalties. However, Application Performance Management (APM) designed to capture and retain network application transaction data, also has the potential to violate compliance. Below is an outline of the 12 requirements to be PCI DSS-compliant and how to manage APM to avoid violations.

In general, PCI DSS procedures are based on 12 requirements that fall within six categories:

BUILD AND MAINTAIN A SECURE NETWORK

Requirement 1: Install and maintain a firewall configuration to protect cardholder data.

Requirement 2: Do not use vendor-supplied defaults for system passwords.

PROTECT CARDHOLDER DATA

Requirement 3: Protect stored cardholder data.

Requirement 4: Encrypt transmission of cardholder data across open, public networks.

MAINTAIN A VULNERABILITY MANAGEMENT PROGRAM

Requirement 5: Use and regularly update anti-virus software or programs.

Requirement 6: Develop and maintain secure systems and applications.

IMPLEMENT STRONG ACCESS CONTROL MEASURES

Requirement 7: Restrict access to cardholder data by business need-to-know.

Requirement 8: Assign a unique ID to each person with computer access.

Requirement 9: Restrict physical access to cardholder data.

REGULARLY MONITOR AND TEST NETWORKS

Requirement 10: Track and monitor all access to network resources and cardholder data.

Requirement 11: Regularly test security systems and processes.

MAINTAIN AN INFORMATION SECURITY POLICY

Requirement 12: Maintain an information security policy.

Below are seven considerations when assessing which APM solution to select, in order to make sure it does not hinder compliance:

1. DO NOT USE VENDOR-SUPPLIED DEFAULTS FOR SYSTEM PASSWORDS AND OTHER SECURITY PARAMETERS

Most systems today provide default passwords, but require that they are changed upon installation and configuration. The IT team needs to ensure all components of the APM solution that track or retain customer cardholder data include strong and flexible password protection.

2. PROTECT STORED CARDHOLDER DATA

There are a number of APM solutions that include packet-level storage capabilities. This functionality enables simplified troubleshooting of application and network anomalies. Depending on configuration, it could also capture cardholder data within the payload. Therefore, it is critical the data is protected while at rest or when transmitted using a strong encryption method.

3. ENCRYPT TRANSMISSION OF DATA ACROSS OPEN, PUBLIC NETWORKS

Whenever credit card data traverses an unsecured network, it must be encrypted. If an APM solution allows for remote console access across an open public network, verify the data is likewise encrypted.

4. DEVELOP AND MAINTAIN SECURE SYSTEMS AND APPLICATIONS

Two sections of this requirement do affect APM solutions: secure authentication and data encryption. A compliant APM solution needs to incorporate these attributes into their feature set.

5. RESTRICT ACCESS TO CARDHOLDER DATA BY BUSINESS NEED-TO-KNOW

APM solutions that capture cardholder information must be capable of restricting access by staff to the minimum level required to perform their duties. Best-in-class APM solutions enable unique access rights to each user to ensure only select individuals have access to the most sensitive data.

6. RESTRICT PHYSICAL ACCESS TO CARDHOLDER DATA

APM solution components that store cardholder data must be located in secure data center locations.

7. TRACK AND MONITOR ALL ACCESS TO NETWORK RESOURCES AND CARDHOLDER DATA

APM solutions with post-event forensic analysis can greatly enhance a company’s ability to satisfy this requirement by enabling detailed access tracking and identification of compromised data or system components.

When utilized with other enterprise system logging solutions, APM solutions can greatly strengthen an organization’s ability to satisfy this important PCI DSS requirement. When selecting APM solutions, be sure to select products that offer feature sets that satisfy PCI DSS compliance. For example, look for products that allow each user to have distinct logon identification and offer post-event forensic analysis and data-at-rest encryption. This will help ensure that your APM solution protects cardholder data while remaining in full compliance with PCI DSS requirements.

Brad Reinboldt is Senior Product Manager for Network Instruments, a division of JDSU.

Thanks to APMDigest for the article.