Improving Network Visibility – Part 3: Automated Real-Time Response Capability

In parts one and two of this blog, I answered an often asked customer question – “What can really be done to improve network visibility?” – with discussions on data and packet conditioning and advanced filtering. In the third part of this blog series, I’ll reveal a third set of features that can further improve network visibility and deliver even more verifiable benefits.

Too quickly summarize this multi-part blog covers an in-depth view of various features that deliver true network visibility benefits. There are five fundamental feature sets that will be covered:

When combined, these capabilities can “supercharge” your network. The five categories of monitoring functionality work together to create a coherent group of features that can, and will, lift the veil of complexity. These feature sets need to be integrated, yet modular, so you can deploy them to attack the complexity. This allows you to deliver the right data to your monitoring and security tools, and ultimately solve your business problems.

This third blog focuses on the use of automation. When automation is combined with a network monitoring switch, you can achieve near real-time responses via “adaptive monitoring.” So, what is adaptive monitoring? Adaptive monitoring uses automation capability to create an advanced feature set that many of the common network monitoring switches (also referred to as packet brokers) don’t have. Adaptive monitoring means the monitoring switch can automatically initiate functions (i.e. apply filters) based upon specific stimuli. This automation is akin to SDN (software defined network) capabilities that allow a switch/controller to make real-time adjustments to suspicious activities or problems within the data network.

Adaptive monitoring directly translates to the following benefits:

  • Operational streamlining and cost reduction by aligning your provisioning and monitoring functionality for new services and customers
  • Faster responses to network security threats
  • Automated data captures and traces to properly diagnose network issues and anomalies
  • Faster mean time to diagnosis (MTTD) and a corresponding mean time to repair (MTTR)

In addition to the real-time benefits, there are additional benefits to adaptive monitoring:

  • Easy application of consistent procedures
  • Alignment of IT with company business processes to reduce costs
  • Reduction of errors that are typically associated with programming complexity and changes
  • Less time spent constantly writing static filter rules

Adaptive monitoring is a proactive approach to minimize threats and decrease the MTTR for your network because faster responses to problems result in a shorter mean time to diagnosis and a corresponding faster MTTR. More details about adaptive monitoring and automation can be found in the Ixia whitepaper titled “Automation – The Future of Network Visibility.”

For automation to work with the Ixia Net Tool Optimizer (NTO) product, the NTO can use either a web-based API based upon the IETF REST protocol (introduced in NVOS 3.9) or an API based upon the TCL scripting language for NVOS releases prior to 3.9. A good monitoring switch will have an API capability built into it. Automation capabilities can be triggered in response to external events like SNMP traps, SNMP polls, Syslog messages, NMS events, SIEM events, etc. As a side note, the TCL scripting language is widely used and is similar to most scripting languages. It includes common conditional commands (if/then/else statements) that provide the key elements to proactive monitoring.

While the automation capabilities of adaptive monitoring take a little effort to configure initially, the benefits are dramatic in terms of MTTR minimization and network security responsiveness. There are typically five fundamental use cases for adaptive monitoring which can be summarized as follows:

  1. Response to external commands from orchestration systems and network management systems to create a complete visibility solution end to end
  2. Real-time response to security threats and spurious/intermittent anomalies
  3. Fast response to network problems and middle of the night outages
  4. Automation of manual/repetitive tasks
  5. Integration for compliance initiatives

In addition to the automation capabilities that are available directly through the NTO, Ixia has performed integrations with many of our technology partners to deliver fully integrated solutions based upon this technology. For instance, we have documented integrations with the following vendors:

  • CA
  • IBM
  • SolarWinds
  • HP
  • LogMatrix
  • LogRhythm
  • Splunk

If you are interested in any of these or other possible integrations, please contact your local sales representative for more information.

Ixia solutions that take advantage of adaptive monitoring will be able to respond in real-time to network events. This will have clear and definite positive impacts on mean time to diagnosis and mean time to repair. More information on the Ixia Anue Net Tool Optimizer (NTO) monitoring switch and adaptive monitoring capability within the Network Visibility Operating System (NVOS) 3.8 and 3.9 is available on the Ixia website.

Thanks to Ixia for the article.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: