Top 3 Reasons to Choose a SaaS Network Management Application

NMSaaS Network ManagementFor small and medium sized organization deciding to use a SaaS based Network Management application they will have the ability to use better solutions that would have been too expensive for them to in the past.

Even the smallest business now has access to very advanced CRM, ERP, manufacturing and other software that would never have been available to them at their small scale.

In the world that NMSaaS plays in, this means mid-sized companies can now monitor and manage their IT systems with the same advanced software that was previously only available and affordable for large global enterprises.

The ability to gain these advantages without having to purchase expensive software is what makes cloud based network monitoring so appealing to mid-sized enterprises.

If an Enterprise decides to use a SaaS Network Management solution of any kind they’re going to see immediate benefits from three prime areas.

  1. Reduced costs
  2. Speed
  3. Flexibility

Reduced Cost

In the network monitoring space, many traditional Network Management applications require a hefty upfront fee for their software, and then an equally if not more expensive fee for professional services to actually make the system operate and integrate with other platforms. On the contrary, most cloud based systems are sold as yearly or less. SaaS models don’t need to pay for server hardware, storage or electricity associated with running a solution in house.


One of the biggest advantages of cloud based systems is that they are already running. The front end, backend and associated applications are already installed. As a user all you have to do is raise your hand and say you want it and in most cases your service can be provisioned in a matter of hours or less.


Cloud based system are generally much more flexible in terms of deployment, usage, terms, and even support compared to “legacy” software deployments! According to a survey by North Bridge Venture Partners, in conjunction with GigaOM Research “More than half of respondents cited business agility 54.5% as a main driver” of cloud migration. Clearly businesses are seeing flexibility as a major reason to move to the cloud and we do not see any end to this trend in sight.

In the end, all organizations are looking for ways to trim unnecessary costs and increase capabilities. One of the easiest ways to accomplish this today is to switch to cloud based SaaS applications where it makes sense.

NMSaas Top 10 Reasons to Consider a SaaS Based Solution

Thanks to NMSaaS for the article.

Network Performance Monitoring

Visibility Into the Business

With virtualization, “Big Data,” and the sheer complexity of enterprise networks on the rise, dynamic network monitoring of performance and security provides a critical business advantage. Ixia’s network visibility solutions deliver ongoing insight into production networks to help maximize your company’s productivity and profitability, as well as its return on new and existing IT investments.

Leveraging state-of-the-art technology and techniques, Ixia’s powerful, high-performance network monitoring switches equip network engineers to meet the growing challenge of testing, assessing and monitoring complex, high-performance networks with limited access points. These solutions add intelligence between network access points and sophisticated monitoring tools to streamline the flow of data, ensuring that each tool receives the exact information it needs. Data from multiple TAP and SPAN ports is aggregated and multicast to performance and security monitoring tools, providing network operators with maximum visibility into both physical and virtual networks.

Ixia network visibility solutions:

  • Optimize traffic for monitoring with advanced filtering, aggregation, and replication
  • Extend investments in 1G monitoring tools to 10G and 40G deployments
  • Automate troubleshooting to reduce MTTR
  • Introduce “drag and drop” simplicity to streamline configuration and management
  • Expand network monitoring capacity enabling simultaneous monitoring of multiple connection points from a single port

Poor application performance leads to poor business performance: lost sales, missed opportunities, inefficient operations, and disgruntled customers, weakening the corporate brand. Mitigating this risk, Ixia’s network visibility solutions equip network engineers to leverage actionable insight—maximizing network and application performance while helping to optimize security, compliance, management, scalability, and ROI.


Ixia's Net Tool Optimizer Net Optics Network Taps
Net Tool Optimizers
Out-of-band traffic
aggregation, filtering,
dedup, load balancing
Net Optics Network Taps
Passive network access for
security and monitoring tools


Thanks to Ixia for the article.

SNMP Management is a Crucial Factor to Consider in Business Today

What is SNMP? Why should we use it? These are all common questions people ask when deciding if its the right feature for them, the answers to these questions are simple.SNMP Management

NMSaas Top 10 Reasons to Consider a SaaS Based SolutionSimple Network Management Protocol is an “internet-standard protocol for managing devices on IP netowrks”. Devices that typically support this solution include routers, switches, servers, workstations, printers, modem racks and more.

Key functions

  • Collects data about its local environment.
  • Stores and retrieves administration information as defined in the MIB.
  • Signals an event to the manager.
  • Acts as a proxy for some non–SNMP manageable network device.

It typicaly uses, one or more administrative computers, called managers, which have the task of monitoring or managing a group of hosts/devices on a computer network.

Each tool provides valuable insight to any network administrator who requires complete visibility into the network, and it acts as a primary component of a complete management solution information via SNMP to the manager.

The specific agents uncover data on the managed systems as variables. The protocol also permits active management tasks, such as modifying and applying a new configuration through remote modification of these variables.

Companies such as Paessler & Manage Engine have been providing customers with reliable SNMP for years, and its obvious why.

Why use it?

It delivers information in a common, non-proprietary manner, making it easy for an administrator to manage devices from different vendors using the same tools and interface.

Its power is in the fact that it is a standard: one SNMP-compliant management station can communicate with agents from multiple vendors, and do so simultaneously.

Another advantage of the application is in the type of data that can be acquired. For example, when using a protocol analyzer to monitor network traffic from a switch’s SPAN or mirror port, physical layer errors are invisible. This is because switches do not forward error packets to either the original destination port or to the analysis port.

However, the switch maintains a count of the discarded error frames and this counter can be retrieved via a simple network management protocol query.


When selecting a solution like this, choose a solution that delivers full network coverage for multi-vendor hardware networks including a console for the devices anywhere on your LAN or WAN.

If you want additional information download our free whitepaper below.

NMSaas Top 10 Reasons to Consider a SaaS Based Solution

Thanks to NMSaaS for the article.


Ixia Brings Application and Threat Intelligence to Network Visibility

Ixia announced enhancements to its network visibility product portfolio, which extends the capabilities of its Visibility Architecture™. With the latest releases incorporating Ixia’s Application and Threat Intelligence, comprehensive solutions come together to meet the needs of enterprises for simplified and actionable network insight.

In an increasingly dynamic environment, network administrators are striving for complete network visibility. This level of awareness requires a robust visibility architecture that is able to apply context and correlation to network applications incorporating factors such as user location, granular application action, operating system, browser, and handset type across physical- and virtual-source traffic. The addition of these capabilities to Ixia’s Visibility Architecture marks a significant advancement in the tools that IT professionals can leverage to better understand the application performance and security implications of network events.

Updates to Ixia’s Visibility Architecture include:

  • Application filtering technology – Using Ixia’s ATI Processor, administrators are able to select precise geo-tagged application traffic for forwarding to specific monitoring tools. File transfers to suspicious locations or VoIP connections from a branch office with performance problems can be automatically highlighted and directed to the appropriate tools for immediate analysis.
  • New high-density platform – Ixia’s ATI Processor is available in the new NTO 6212 packet broker, which enhances Ixia’s NTO family with application brokering and NetFlow generation in an efficient 48-port 1U package.
  • Advanced packet processing and 100G supportIxia’s NTO 7300 now supports 100Gb interfaces and 1.8Tb of advanced processing (such as header stripping and deduplication), the highest capacity and density in the industry by a substantial margin.
  • Monitoring of financial feeds – Ixia’s recent TradeView release allows for the monitoring of market data down to the channel level providing early warning of health issues with channel feeds that can save millions in revenue lost to trading errors.

Industry Commentary:

“As the number of data sources and customer expectations for always-on access continue to rise, its imperative that IT professionals have the right tools to keep networks running securely and at optimal performance,” said Jim Rapoza, Senior Research Analyst, Aberdeen Group. “To accomplish this, organizations must have visibility solutions that provide immediate insight into events in order to capture more accurate application and network data.”

“Application Intelligence is the next wave of network visibility, yielding deeper insight and faster resolution times,” said Scott Register, Senior Director, Product Management for Ixia. “Our recent advances demonstrate our commitment to providing our customers with the most advanced, efficient and comprehensive visibility solution in the industry.”

Thanks to Ixia for the article.

Canada Unveils Plans for ‘Unprecedented’ Release of Mobile Spectrum

Canada’s government has announced plans to release an ‘unprecedented amount of mobile spectrum’ in 2015, with Industry Canada claiming that by May 2015 the amount of spectrum available to provide mobile services to consumers will have increased by almost 60% against early 2014.

As part of its plans, the state has confirmed it will launch an auction of ‘Advanced Wireless Spectrum-3’ (‘AWS-3’) frequencies (1755MHz-1780MHz, 2155MHz-2180MHz) on 3 March 2015, with it saying these will ‘enable the delivery of fast, reliable service on the latest smartphones, tablets and mobile devices and to encourage sustained competition’. In addition, the government said it will seek views on plans to make spectrum in the 600MHz band available for mobile use, and plans to provide a path for mobile use in the 3500MHz frequency band, while maintaining existing fixed-wireless internet services in rural areas. Further, the state intends to develop a plan to enable use of the AWS-4 spectrum band (2000MHz-2020MHz and 2180MHz-2200MHz) in order to enable the launch of a new operator, with a view to increasing ‘[the] choice to Canadians, especially those in rural and remote areas’. Rounding out the plans, Industry Canada said an additional 2100MHz of spectrum will be made available, while it intends to establish a ‘more efficient and consistent process’ for new concessions in the 24GHz, 28GHz and 38GHz bands.

Commenting on the plans, James Moore, Canada’s Minister of Industry, said: ‘Spectrum is essential to power our wireless devices, and our government is making it more available than ever before. The end result is that Canadians will benefit from more competition, lower prices and better service in our wireless sector. The Harper Government is committed to delivering competitively priced wireless services on the latest technologies.’

Thanks to TeleGeography for the article.

The Improving Image of IVR

Speech RecongnitionSince Interactive Voice Response (IVR) systems were first introduced as a customer service tool, there have been many detractors. However, a recent Forrester Consulting survey indicates that the tide has turned and customers have accepted IVR and, in some cases, even prefer it to live operators. Speech-enabled self-service IVRs have become so commonplace that many consumers report that they prefer to use such systems for simple tasks such as checking account balances, flight statuses or shipment tracking. The survey results show that more than 50% of participants reported a preference for speech-enabled IVR for most simple transactions.

The survey also suggests a positive consumer response to proactive IVR systems. Such systems are being used to place courtesy calls to customers as reminders of appointments or other important upcoming activities. Of course there is nothing new about the practice of proactive calling, but customer acceptance of the technology is improving along with the general trends in IVR acceptability. Despite all the positive marks for IVR systems, there is still room for improvement.

Although customers appreciate the ability to handle simple tasks themselves, they still want the option to easily bypass the IVR to speak to a live operator. Respondents also said that improving speech recognition and accuracy would greatly improve their calling experiences. IVR systems are still the best method for cost savings in a call center environment and are unlikely to be replaced by any other technology in the immediate future. However it is important for developers to regard negative feedback from consumers as constructive criticism and a means to improve service and performance. Overall the results of this survey are very positive but continual improvement and meeting customer expectations will result in increased business for everyone involved in the IVR industry.

Thanks to for the article. 

Network Configuration Management is a Key Component in Business Today

NMSaaS Network Configuration ManagementNetwork configuration management is the process of organizing and maintaining information about all the components of a computer network.

When a network needs repair, alteration, development or advancements, the administrator refers to the network configuration management database to determine the best course of action.

This database contains the locations and network addresses of all hardware devices, as well as information about the programs, versions and updates installed in network computers.

There are many advantages you have while implementing configuration management such as:

  • Minimizing configuration errors.
  • Minimizing downtime.
  • Optimizing network security.
  • Improving the processes of maintenance, repair, and expansion and upgrading.

Companies such as Cisco have been developing network configuration applications for years now and they feel it is a necessity and not an option in business today.

By using it, it allows you to roll out configuration changes to numerous network devices within minutes rather than hours, or even days. Push out a config change in real time or schedule it for after hours.

It makes you take advantage of the central repository for all network devices by automatically backing up your configurations. This automated approach allows you to sleep at night knowing that you can always have the most up to date configurations of your devices.

The web interface quickly gives you a user friendly snapshot of the status of your devices providing you the knowledge of what devices are backed up, not backed up, have start/run conflicts, etc.

One of the main leaders in the tech industry Infosim has come out with statement saying that

“Through 2015, 80% of outages impacting mission-critical services will be caused by people and process issues, and more than 40% of those outages will be caused by change, configuration, release integration and hand-off issues.”

This can all be easily avoided by using one of our configuration applications. To find out more get in contact with the team.

NMSaaS Network Configuration Management

Thanks to NMSaaS for the article.

Network Strategies for 2015

As we say goodbye to 2014 and review our network equipment plans for the new year, looking at replacement options is not enough.

We have to consider the currents that network technology flows in and where they are taking us.

Ignoring buying decisions and looking at the bigger picture provides an opportunity to assess what emerging companies are doing to redefine and redirect our network thinking, from the higher levels of standardisation, convergence and virtualisation down to how startups are meeting these challenges.

Here is what you should be aware of in 2015.


2015 will see the shifts in IT investments move towards standardised hardware and software products. The software and hardware standardisation efforts inherent in software-defined networks (SDN) and network function virtualisation (NFV) initiatives in the wide area network (WAN) will affect corporate network


Existing datacentre hardware is being optimised in virtualised environments, and applications are being farmed out to public cloud providers, significantly changing the hardware equation.


Hyperconverged infrastructure products combine compute, networking and storage resources to create all-in-one solutions. Hyperconverged appliances offer the scale-out architecture that fits the needs of most shared virtualised environments. To facilitate this, unified software packages have been adopted to converge networking functions previously allocated to dedicated hardware boxes such as WAN optimisers, packet shapers, application development controllers, application and network performance managers, load balancers and next-generation firewalls. This means storage and security are becoming intrinsic to networking topologies and, as such, will become embedded in networking hardware and software.

New challenges in 2015

The specific board-level demands to most enterprise network managers in 2015 will include:

  • Handling 100% traffic growth with the same budget as in 2014.
  • Recognising that much of that traffic growth, namely video, will be latency sensitive.
  • Ensuring the growing bring your own device (BYOD) demand for connectivity is secure and delivers quality of service (QoS) to the customers.
  • Minimising capital expenditure and go with industry-standard, bare-metal hardware to support SDN/NFV.
  • Maximising operating expenses in software and hardware deals.

This translates into key concepts around aligning networks to support business processes, shifting more traffic to Ethernet, flexible cloud deployments and better integration of security and storage capabilities. Startups present interesting next-step products to dominant suppliers in all these categories.

Aligning Network Hardware To Business Processes

When the buyer focus shifts to commoditisation, this presents a serious challenge to profit margins for premium network hardware brands such as Cisco, HP and IBM. Conversely, it presents an opportunity for nimble startups in the network hardware business, as brand loyalty is eroded and the focus shifts to supporting horizontal business processes.

Startup hardware suppliers are adopting the same hyperconvergence logic as software suppliers by integrating complementary software functionality into their boxes to facilitate core business processes. The result is hardware with better integration levels, cheaper and simpler deployments and easier scale-out capacity than their software and brand-name competitors. Instead of outsourcing functions, these network hardware startups advocate on-premise enterprise networking strategies. The message certainly whets the appetite of investors.

They are not looking for startups selling Lego blocks for DIY constructions, but rather emerging suppliers with the integrated hardware and software to handle specific business needs with faster time to value than existing value propositions on the market. Market leader VMware, with its Evo: Rail concept, has aligned all parts of its vSphere and Virtual SAN (storage area network) ecosystem with seven hardware partners (Dell, EMC, Fujitsu, Inspur – China’s dominant cloud computing and service provider, NetOne – Japanese infrastructure optimiser, HP, and SuperMicro – the US application-optimised server, workstation, blade, storage and GPU systems provider).

Startup company Scale Computing, with its HC3 platforms, presents an interesting challenge to the Evo: Rail design, aimed at small and medium-sized enterprises (SMEs), and values simplicity and fast deployment. The three HC3 platforms scale from 40 to 400 virtual machines (VMs). Scale Computing uses a customised version of Red Hat’s KVM hypervisor and leverages a block-level storage architecture as opposed to Virtual SAN’s (VSAN) object-based approach. While KVM may not have as many features as vSphere, Scale Computing is banking on the simplicity of operation along with aggressive pricing compared to the competition, and uses a scale-out architecture that can handle four nodes as the infrastructure grows.

Large enterprises should look at the startup Simplivity and its OmniCube, a hyperconverged infrastructure that delivers the economies of scale of a cloud computing model while ensuring enterprise IT performance and resiliency for virtual workloads. OmniCube has a data architecture that addresses data efficiency and global management requirements in virtualised and cloud computing environments. Its single unified stack runs on standard and hyperconverged x86 building blocks, simplifying and lowering the cost of infrastructure. Deploying a network of two or more OmniCubes creates a global federation that facilitates efficient data movement, resource sharing and scalability.

Ethernet deployments

Ethernet adoption continues to expand and startups such as Arista provide important contributions with the 10-1000Gbps Ethernet switches that target cloud service providers with purpose-built hardware. Its EOS network operating system provides single-binary system images across all platforms, maximum system uptime, stateful fault repair, zero-touch provisioning, latency analysis and a fully accessible Linux shell. With native support for VMware virtualisation and hundreds of Linux applications integrated into hardware platforms, it is designed to meet the stringent power and cooling requirements of today’s most demanding datacentres.

Cloud in a box

In the SME market, SixSq’s Nuvlabox offers a turnkey private cloud in a box. The Mac Mini-sized box includes a complete infrastructure as a service (IaaS) framework, powered by StratusLab, and a platform as a service (PaaS) powered by Slipstream. The built-in Wi-Fi provides network connectivity. With the ability to run up to eight VMs, capacity constraints are solved by adding more boxes and managing them as a single unit. Nuvlabox comes with a library of standard apps and operating system images, including different flavours of Linux and Windows and allows secure remote monitoring and application deployment from a single dashboard. To bypass the capital expenditure objection, SixSq has shifted its business model towards business-to-business licensing, where service provider customers pay rental fees for the equipment and SixSq provides ongoing maintenance and call centre support.

Network Security

Increased use of IT adds value to corporate network transactions and attracts a lot of unwelcome attention. In 2015, we expect more hackers, script kiddies, professional thieves and state-sponsored advanced persistent threat (APT) attacks to target corporate networks. But there is still a lot of low-hanging fruit to gather, such as increased employee awareness of weak passwords and phishing exploits, faster remediation of security holes and better denial of service protection measures. There is also a need for better tools and procedures to protect the enterprise network and ensure these measures meet corporate governance, risk and compliance (GRC) requirements.

One supplier aiming to address these needs is Bromium, which combines a software client on any device with a central security server. Instead of using signatures, behaviours or heuristics to identify potential threats, its vSentry client creates hardware-isolated micro‑VMs for every network-related task, such as visiting a web page, downloading a document or opening an email attachment. All micro-VMs are separated from each other and from the trusted enterprise network. Thus, malware is contained in the hardware-isolated micro-VM. Bromium’s Live Attack Visualization and Analysis (Lava) server converts each micro-VM in the enterprise into a honeypot and automates the often prolonged post-attack malware analysis process. An entire attack is automatically and instantly forwarded to the Lava console, which provides an automatic in-depth analysis of the advanced malware.

Network Storage

Video and social network communications from mobile devices with always-on technology has mushroomed data flows. In the enterprise, big data analytics relies on huge volumes of unstructured data, itself often comprised of large file formats that require secure storage and fast retrieval capacity. Network data volumes are moving from exabyte to zettabyte levels of data and higher. Most pundits and some analyst firms predict traffic and storage volumes will continue to double every two years. Next-generation storage systems include hyperscale data storage, virtualisation to improve utilisation, cloud storage for disaster recovery and lower power consumption to save costs. To enhance storage security, storage systems may incorporate data dispersal and keyless encryption to keep data secure against breaches.

The startup company Solidfire has developed a storage system built on the native ability to achieve significant scale, guarantee storage performance, and enable complete system automation. Combined with enterprise applications and deeply integrated with key management frameworks, Solidfire delivers validated products that make a next-generation datacentre deployment more cohesive, automated, and dynamically scalable.

At the high end, Insieme Networks is the driving force behind Cisco’s Application Centric Infrastructure (ACI) at the core of Cisco’s long-awaited SDN strategy. The ACI architecture leverages a mix of merchant and custom Asics, along with Cisco’s new line of Nexus 9000 switches and its Application Policy Infrastructure Controller (APIC).

Establishing business models

Startup companies in the network hardware business are not only introducing new technology perspectives, they are also exploring new business models and establishing customer relationships. Building on standardised platforms allows users to do more process management and security tasks themselves. With higher levels of personalisation and control, users can more easily explore alternative business processes and combine functions across different platforms, which translates into faster time to value. 2015 promises to be an exciting year for enterprise IT departments looking to revamp their corporate network infrastructures – they may actually meet their boards’ network targets.

Thanks to Computerweekly for the article.

Improving Network Visibility – Part 3: Automated Real-Time Response Capability

In parts one and two of this blog, I answered an often asked customer question – “What can really be done to improve network visibility?” – with discussions on data and packet conditioning and advanced filtering. In the third part of this blog series, I’ll reveal a third set of features that can further improve network visibility and deliver even more verifiable benefits.

Too quickly summarize this multi-part blog covers an in-depth view of various features that deliver true network visibility benefits. There are five fundamental feature sets that will be covered:

When combined, these capabilities can “supercharge” your network. The five categories of monitoring functionality work together to create a coherent group of features that can, and will, lift the veil of complexity. These feature sets need to be integrated, yet modular, so you can deploy them to attack the complexity. This allows you to deliver the right data to your monitoring and security tools, and ultimately solve your business problems.

This third blog focuses on the use of automation. When automation is combined with a network monitoring switch, you can achieve near real-time responses via “adaptive monitoring.” So, what is adaptive monitoring? Adaptive monitoring uses automation capability to create an advanced feature set that many of the common network monitoring switches (also referred to as packet brokers) don’t have. Adaptive monitoring means the monitoring switch can automatically initiate functions (i.e. apply filters) based upon specific stimuli. This automation is akin to SDN (software defined network) capabilities that allow a switch/controller to make real-time adjustments to suspicious activities or problems within the data network.

Adaptive monitoring directly translates to the following benefits:

  • Operational streamlining and cost reduction by aligning your provisioning and monitoring functionality for new services and customers
  • Faster responses to network security threats
  • Automated data captures and traces to properly diagnose network issues and anomalies
  • Faster mean time to diagnosis (MTTD) and a corresponding mean time to repair (MTTR)

In addition to the real-time benefits, there are additional benefits to adaptive monitoring:

  • Easy application of consistent procedures
  • Alignment of IT with company business processes to reduce costs
  • Reduction of errors that are typically associated with programming complexity and changes
  • Less time spent constantly writing static filter rules

Adaptive monitoring is a proactive approach to minimize threats and decrease the MTTR for your network because faster responses to problems result in a shorter mean time to diagnosis and a corresponding faster MTTR. More details about adaptive monitoring and automation can be found in the Ixia whitepaper titled “Automation – The Future of Network Visibility.”

For automation to work with the Ixia Net Tool Optimizer (NTO) product, the NTO can use either a web-based API based upon the IETF REST protocol (introduced in NVOS 3.9) or an API based upon the TCL scripting language for NVOS releases prior to 3.9. A good monitoring switch will have an API capability built into it. Automation capabilities can be triggered in response to external events like SNMP traps, SNMP polls, Syslog messages, NMS events, SIEM events, etc. As a side note, the TCL scripting language is widely used and is similar to most scripting languages. It includes common conditional commands (if/then/else statements) that provide the key elements to proactive monitoring.

While the automation capabilities of adaptive monitoring take a little effort to configure initially, the benefits are dramatic in terms of MTTR minimization and network security responsiveness. There are typically five fundamental use cases for adaptive monitoring which can be summarized as follows:

  1. Response to external commands from orchestration systems and network management systems to create a complete visibility solution end to end
  2. Real-time response to security threats and spurious/intermittent anomalies
  3. Fast response to network problems and middle of the night outages
  4. Automation of manual/repetitive tasks
  5. Integration for compliance initiatives

In addition to the automation capabilities that are available directly through the NTO, Ixia has performed integrations with many of our technology partners to deliver fully integrated solutions based upon this technology. For instance, we have documented integrations with the following vendors:

  • CA
  • IBM
  • SolarWinds
  • HP
  • LogMatrix
  • LogRhythm
  • Splunk

If you are interested in any of these or other possible integrations, please contact your local sales representative for more information.

Ixia solutions that take advantage of adaptive monitoring will be able to respond in real-time to network events. This will have clear and definite positive impacts on mean time to diagnosis and mean time to repair. More information on the Ixia Anue Net Tool Optimizer (NTO) monitoring switch and adaptive monitoring capability within the Network Visibility Operating System (NVOS) 3.8 and 3.9 is available on the Ixia website.

Thanks to Ixia for the article.

5 Ways to Use APM for Post-Event Security Forensics

Most security experts agree that the rapidly changing nature of malware, hack attacks and government espionage practically guarantees your IT infrastructure will be compromised. According to the 2014 Cost of Data Breach Study conducted by the Ponemon Institute, the average detection, escalation and notification costs for a breach is approximately $1 million. Post-incident costs averaged $1.6 million.

Once an attacker is within the network, it can be very difficult to identify and eliminate the threat without deep-packet inspection. The right Application Performance Management (APM) solution that includes network forensics can help IT operations deliver superior performance for users, and when incorporated into your IT security initiatives, deep packet inspection can provide an extra level of support to existing antivirus software, Intrusion Detection System (IDS) and Data Loss Prevention (DLP) solutions. The ability to capture and store all activity that traverses your IT infrastructure acts like a 24/7 security camera that enables your APM tool to serve as a backstop to your business’ IT security efforts if other lines of defense fail.

To use APM solutions for security forensics for post-event analysis, you must have a network retrospective analyzer that has at least the following capabilities:

  • High-speed (10 Gb and 40 Gb) data center traffic capture
  • Expert analytics of network activity with deep packet inspection
  • Filtering using Snort or custom user defined rules
  • Event replay and session reconstruction

Capacity to store massive amounts of traffic data (we’re potentially talking petabytes) for post-event analysis

Like utilizing video footage from a surveillance camera, captured packets and analysis of network conversations can be retained and looked at retrospectively to detect, clean up and provide detailed information of a breach. This back-in-time analysis can be especially important if the threat comes from within, such as a disgruntled employee within a company firewall. It also allows companies to determine exactly what data was compromised and help in future prevention.

Below are five ways to use network monitoring and analysis to investigate breaches:

  1. Identify changes in overall network traffic behavior, such as applications slowing down that could be a sign of an active security breach.
  2. Detect unusual individual user’s account activity; off-hour usage, large data transfers, or attempts to access unauthorized systems or services — actions often associated with disgruntled employees or a hacked account.
  3. Watch for high-volume network traffic at unusual times, it could be a rogue user in the process of taking sensitive data or stealing company IP.
  4. View packet capture of network conversations to determine how the breach occurred and develop strategies to eliminate future threats by strengthening the primary IT security.
  5. Discover what infrastructure, services, and data were exposed to aid in resolution, notification, and regulatory compliance.

By incorporating retrospective network analysis, companies can use their network monitoring as a back stop to IDS and DLP solutions, and accelerate detection and resolution.

Thanks to APM Digest for the article.