Enterprises are deploying more security, monitoring and acceleration tools on their networks today. More data at higher velocities is coming at these tools and in a variety forms, including voice, video and data. A new wave of solutions called network packet brokers is emerging to provide a more intelligent network security and monitoring approach with granular visibility down to the link layer. Read on to see how you can benefit from NPBs.
As enterprises embrace technologies ranging from virtualization to cloud computing, the focus turns to making networks faster, flatter and more efficient. Today's changing networks must support ever-increasing traffic volumes, higher speeds and more service types, as well as increased requirements for security, analytics and compliance.
With the advent of BYOD, an explosion of big data and evolving cyberthreats, IT organizations are dealing with the changes by deploying more security, monitoring and acceleration tools at more segments of their network, as well as at the edge of their perimeters. And with an increase in tools comes a greater need for network visibility into the performance of the tools, and more network intelligence. In the cases of SIEM, IPS, secure Web gateways and anti-malware solutions, to name a few, if these tools are not performing as advertised, how can you be sure your network is really being fully protected and that you getting your money's worth?
CLEAR CHOICE TEST: HP, IBM, CA deliver highly scalable network management suites
Let's not forget other changes enterprises must embrace, including network speeds and feeds rapidly ramping up to 10G, 40G and soon 100G. What's more, the traffic mix now includes voice, video and data, all of which has to be understood and analyzed by network monitoring.
IT managers are now looking for more feasible ways to ensure their network monitoring and security tools can see any and all actionable traffic data, while keeping up with the massive growth in the size, variety and speed of data traversing their network infrastructures.
Most of today's tools do not have access to the real physical and link layer of the network, since they are relying purely on Switched Port Analyzer (SPAN) ports, traditional aggregators and/or Netflow. These techniques provide a level of data aggregation, but ignore the critical element of link layer visibility.
Tools receiving the aggregated data cannot determine the details about a specific packet or threat -- such as the exact port or network segment, or the specific time it was captured. This problem has led to unexpected complexities around security incident analysis and response, resulting in challenges in gaining situational awareness when advanced threats or network issues are found.
What the industry needs is a more intelligent network security and monitoring approach which provides granular visibility down to the link layer. A new wave of solutions is emerging called network packet brokers (NPBs), offered by companies such as VSS Monitoring and others, which Gartner and other analyst firms have begun writing about and recommending to clients.
NPBs represent a new approach for visibility and brokering of network packets while optimizing and scaling the connectivity between network switching and the entire network of performance and security analytics, inline security and WAN acceleration tools. These products broker network traffic from multiple SPAN ports, and manipulate the traffic to allow more efficient use of network tools and monitoring devices on the network. Network packet brokers optimize incident analysis by enabling IT and Security Operations to gain situational awareness and security intelligence around intrusion and extrusion incidents. This allows enterprises to speed their incident response operations.
Best practice recommendations around NPBs include finding a solution that delivers true link layer visibility, that provides complete visibility to network intelligence tools across LAN, WAN and cloud network infrastructure boundaries. Leading NPB products should include link layer visibility features such as line-rate capable port and time stamping, filtering, packet counters and metrics, microburst detection and mitigation, intelligent aggregation, high availability and high resiliency, and session-aware load balancing.
This will ensure that the tools analyze only actionable data instead of trying to keep up with all of the higher throughputs of unwanted data. In short, your network packet broker must let you see any packet from anywhere on your network and across the entire enterprise and cloud network.
NPBs should offer a system-based approach to optimizing your network intelligence tools for unmatched scale and visibility without compromising link layer visibility. With a system-based approach, NPBs allow enterprises to start small and scale to meet their needs using a pay-as-you-grow model.
As networks expand, the network packet brokers need to be able to scale and intelligently access and aggregate desired traffic across multiple networks (LAN, WAN, Internet, virtual and cloud environments) while maintaining link layer visibility at all times. A system-based approach also will facilitate a virtual tool optimization fabric that can provide on-demand intelligent access to full packet captures with accurate time and port stamping in virtual networks.
When considering these solutions, purpose-built hardware network packet brokers provide the advantage of being able to interconnect to one another to create a full mesh architecture that is self-aware and self-healing. They allow enterprises to design a highly scalable and resilient access and visibility fabric across their growing network, and provide unmatched tool optimization to maximize ROI on security and monitoring tools at line-rate for 1G, 10G and 40G networks.
In addressing these changing industry needs, leading network packet broker systems allow IT and security operations teams to gain end-to-end visibility across LAN, WAN and Internet boundaries. At the same time, companies can future-proof their investments with a system based solution, and protect existing and future investments in security and monitoring tools.
An NPB system allows for sharing sessionized and synchronous data access among various tools across the entire network with confidence and much needed link layer visibility. As an example, data loss prevention (DLP) tools can see the exact traffic being analyzed by IPS or security gateway solutions to rapidly assess the true impact of a security incident.
According to VSS Monitoring, a company offering new network packet broker solutions, the right set of NPBs will help enterprises perform on-demand traffic capture and maintain full link layer network visibility, which is critical in monitoring large network infrastructures for rapid incident response.
VSS Monitoring points to studies where the leading NPB -- those with attributes described above -- have shown a 120% improvement in business continuity, application availability and network uptime. What's more, the company claims, enterprises can realize an 80% reduction in capex and a 50% reduction in opex, since NPBs make it possible to concentrate and optimize network tools for better performance. These solutions offer complete traffic capture for total user controlled visibility, greater monitoring efficiency and ROI, and reduced response times.
Better visibility and performance, more efficient networks, improved ROI on network and security tools, and faster response in addressing issues -- with all the changes in today's networks, these are requirements that never go out of style.
Brian Musthaler is a principal consultant with Essential Solutions Corporation. You can write to him at Bmusthaler@essential-iws.com.
About Essential Solutions Corp:
Essential Solutions researches the practical value of information technology, and how it can make individual workers and entire organizations more productive. Essential Solutions offers consulting services to computer industry and corporate clients to help define and fulfill the potential of IT.