What is Driving Demand for Deeper Traffic Analysis?

search

During a customer review call last week, we got a very interesting quote from a US based user who offers marketing services to the retail sector: ‘We need greater insight over what is taking place on our internal network, systems, services, and external web farm seen through a single portal. We need to keep downtime to a minimum both internally and on our external customer-facing web farm. We chose LANGuardian because of its integration with SolarWinds and its deep-packet inspection capabilities.

Before discussing this in more detail, because of all the hype these days we also always ask about cloud now, so when we asked this contact about hosting these critical services in the cloud, he countered with 3 reasons for keeping them in house:

  1. Security
  2. Control
  3. Cost

When drilled on ‘cost’ he mentioned that they were shipping huge amounts of data and if hosting and storing this in the cloud, the bandwidth and storage related charges would be huge and did not make economic sense.

Back to Deeper Traffic Analysis, turns out this customer had already purchased and installed a NetFlow based product to try and get more visibility and try to focus on his critical server farm, his external/public facing environment. His business requires him to be proactive to keep downtime to a minimum and keep his customers happy. But, as they also mentioned to us: ‘With Netflow we almost get to the answer, and then sometimes we have to break out another tool like wireshark or something. Now with Netfort DPI (Deep Packet Inspection) we get the detail Netflow does NOT provide, true endpoint visibility.

What detail? What detail did this team use to justify the purchase of another monitoring product to management? I bet it was not a simple as ‘I need more detail and visibility into traffic, please sign this’! We know with tools like wireshark one can get down to a very low level of detail, down to the ‘bits and bytes’. But sometimes that is too low, far too much detail, overly complex for some people and very difficult to see the ‘wood from the trees’ and get the big picture.

One critical detail we in Netfort sometimes take for granted is the level of insight our DPI can enable into web or external traffic, does not matter if its via a CDN, or proxy or whatever, with deep packet inspection one can look deeper to get the detail required. Users can capture and keep every domain name, even URI and IP address AND critically the amount of data transferred, tie the IP address and URI to bandwidth. As a result, this particular customer is now able to monitor usage to every single resource or service they offer, who is accessing that URI or service or piece of data, when, how often, how much bandwidth the customer accessing that resource is consuming, etc.

Users can also trend this information to help detect unusual activity or help with capacity planning. This customer also mentioned that with deeper traffic analysis they were able to take a group of servers each week and really analyze usage, find the busiest server, least busy, top users, who were using up their bandwidth and what they were accessing. Get to the right level of detail, the evidence required to make informed decisions and plan.

CDN(Content Delivery Networks) usage has increased dramatically recently and are making life very difficult for network administrators trying to keep tabs and generate meaningful reports on bandwidth usage. We had a customer recently who powered up a bunch of servers and saw a huge peak in bandwidth consumption. With Netflow the domain reported was an obscure CDN and meant nothing. The LANGuardian reported huge downloads of data from windowsupdate.com from a particular IP address and also reported the user name.

What was that about justification? How about simply greater insight to reduce downtime, maximise utilisation, increase performance, reduce costs. All this means happier customers, less stress for the network guys and more money for everybody!

Thanks to NetFort for the article.

More Demand for Deeper Traffic Analysis?

During a customer review call last week, we got a very interesting quote from a US based user who offers marketing services to the retail sector: ‘We need greater insight over what is taking place on our internal network, systems, services, and external web farm seen through a single portal. We need to keep downtime to a minimum both internally and on our external customer-facing web farm. We chose LANGuardian because of its integration with SolarWinds and its deep-packet inspection capabilities.”

Before discussing this in more detail, because of all the hype these days we also always ask about cloud now, so when we asked this contact about hosting these critical services in the cloud, he countered with 3 reasons for keeping them in house:

  1. Security
  2. Control
  3. Cost

When drilled on ‘cost’ he mentioned that they were shipping huge amounts of data and if hosting and storing this in the cloud, the bandwidth and storage related charges would be huge and did not make economic sense.

Back to Deeper Traffic Analysis, turns out this customer had already purchased and installed a NetFlow based product to try and get more visibility and try to focus on his critical server farm, his external/public facing environment. His business requires him to be proactive to keep downtime to a minimum and keep his customers happy. But, as they also mentioned to us: ‘With Netflow we almost get to the answer, and then sometimes we have to break out another tool like wireshark or something. Now with Netfort DPI (Deep Packet Inspection) we get the detail Netflow does NOT provide, true endpoint visibility

What detail? What detail did this team use to justify the purchase of another monitoring product to management? I bet it was not a simple as ‘I need more detail and visibility into traffic, please sign this’! We know with tools like wireshark one can get down to a very low level of detail, down to the ‘bits and bytes’. But sometimes that is too low, far too much detail, overly complex for some people and very difficult to see the ‘wood from the trees’ and get the big picture.

One critical detail we in Netfort sometimes take for granted is the level of insight our DPI can enable into web or external traffic, does not matter if its via a CDN, or proxy or whatever, with deep packet inspection one can look deeper to get the detail required. Users can capture and keep every domain name, even URI and IP address AND critically the amount of data transferred, tie the IP address and URI to bandwidth. As a result, this particular customer is now able to monitor usage to every single resource or service they offer, who is accessing that URI or service or piece of data, when, how often, how much bandwidth the customer accessing that resource is consuming, etc.

Users can also trend this information to help detect unusual activity or help with capacity planning. This customer also mentioned that with deeper traffic analysis they were able to take a group of servers each week and really analyze usage, find the busiest server, least busy, top users, who were using up their bandwidth and what they were accessing. Get to the right level of detail, the evidence required to make informed decisions and plan.

CDN(Content Delivery Networks) usage has increased dramatically recently and are making life very difficult for network administrators trying to keep tabs and generate meaningful reports on bandwidth usage. We had a customer recently who powered up a bunch of servers and saw a huge peak in bandwidth consumption. With Netflow the domain reported was an obscure CDN and meant nothing. The LANGuardian reported huge downloads of data from windowsupdate.com from a particular IP address and also reported the user name.

What was that about justification? How about simply greater insight to reduce downtime, maximise utilisation, increase performance, reduce costs. All this means happier customers, less stress for the network guys and more money for everybody!

Thanks to NetFort for the article.

You Do Not Need to Look Into the Packets, NetFort Will

You Do Not Need to Look Into the Packets, NetFort Will

DPI (Deep Packet Inspection) is a very useful and flexible technology used in many security and network products today. Recently I took a call from an engineer, John, working in the public sector in the US with a title ‘Senior Deep Packet Inspection Engineer’ really friendly and experienced engineer, managing a team of 11 other engineers who was interested in our product and found it with a SEO search term.

He was interested for a number of reasons, including its integration with some well known Network Management systems like SolarWinds and Splunk. His main pain though was ‘ease of use’. He already had a well known network management system which utilizes Deep Packet Inspection, really likes it, very powerful, can do a deep dive into the packets, extract some useful information, but very complex and difficult to use. As a result, the other engineers in his team keep coming to him for help when using the system, in order to troubleshoot and get to the information they need to understand and solve the problem.

John is what we call in NetFort a ‘power user’ , an expert, extremely technical, proactive, knowledgeable, he knows his network and technology. John is a rare breed though, hard to find and retain, expensive, and usually extremely busy because they are asked to help with everything because they get the job done.

DPI based technology is usually ‘expensive’ not only in monetary terms, but also in terms of costs to deploy, train and manage. Ease of use is not easy, by working closely with the customer we in NetFort tried to ensure even small and medium size organisations can easily look inside the packets and quickly get the level of visibility required to figure out what is going on. The LANGuardian is a product organizations of all sizes can easily download, install, use and afford to purchase and manage. It uses DPI technology, traffic, no agents or clients, to get to the right level of visibility, the information they require with minimum hand holding and support and ‘cost’.

DPI is complex but does NOT have to be always about ‘bits and bytes’ , ‘deep’ packet analysis, timings, errors, etc. In some rare cases it is important to be able to get to that level but these systems should take away the complexity until it is absolutely necessary, start at a high level, a level most of us can understand. Use the information pyramid, the software should be able to extract the complexity, to give the high level picture, to allow instant drill down, to generate reports with detail, actual NAMES, users, files, domains, normal users can understand!

You do not need to look into the packets, let NetFort do it for you!

More later…..

John Brosnan
CEO

Thanks to NetFort for the article.

Ixia’s v7.8 Director and Director Pro Release Empowers Customers with More Flexibility and Security Controls

The Net Optics Director family of smart filtering appliances (Network Packet Brokers) directs traffic of interest to monitoring tools in order to relieve oversubscription, leverage tool investment across groups, and centralize monitoring in the NOC.

As part of the new Director 7.8 software release, we are introducing several new key features for the Director and Director Pro product lines:

  • Port behavior configuration options are enabled for customers: Previously, network ports were bi-directional, that is, they could transmit and receive, even when unidirectional communications were intended. In this release, users can choose whether a port is receive only (RX), transmit only (TX), or keep the default setting (both RX and TX). While not required, this allows customers to further strengthen their security best practices.
  • Syslog enhancements make the product more secure: An enhancement was made to the syslog messages to record histories of every configuration change made by users. Now you’ll know who, what, where, when and how changes were made. Users can enable audit logs by issuing a log set audit on command line. Refer to the Director CLI Guide for more information on this command.
  • Native IPv6 support: IPv6 support was enhanced to allow users to configure logging, NTP, upgrade server, and tunnel settings. This change affects the CLI, Web UI, and SNMP interfaces.
  • Pro engine settings added to the Web UI make it more flexible and easy to use: The Pro Engine feature was added to the Director’s Web UI. Previously, you could only configure the Pro Engine settings using Director’s CLI.

For more information, see this link: http://customer.netoptics.com/portal/login.asp

Additional Resources:

Ixia Director