Have you ever wished for the ability to press a rewind button to back up to a specific point in time to review exactly what was happening on your network at that moment? Maybe there was some sort of major drag on performance around 2:15 last Tuesday afternoon, and you need to diagnose precisely what caused it. Or perhaps you suspect an employee of improperly sending proprietary data outside the firewall a month ago, and you need to confirm your suspicions by viewing the exact network traffic that user generated way back then.
If only there was a device like TiVo for your network. Then you could look back and see it all exactly as it happened.
If you can relate to the TiVo analogy, then you understand what Solera Networks offers. Founded by former file system architects from Novell, Solera Networks has developed a range of appliances that do continuous deep packet capture and stream-to-storage for 100% of your network traffic. Unlike TiVo though, you don’t need to preprogram what to “record”; you simply record it all. Then, if necessary, you can “play back” the traffic of interest to you to conduct your analysis.
This capability is an attractive proposition for enterprise organizations as well as government agencies, and it has a range of uses, including network security, network management, lawful intercept, and forensics/analytics. Consider the possibilities:
* Collecting vast amounts of network information over a long period of time allows you to benchmark your network performance. Then, if performance suddenly takes a hit, you can view a specific window of time and see what is happening that could be causing the performance issues. This takes the guesswork out of problem diagnosis and gives you a shorter time to resolution.
* Virtually every network is vulnerable in some way to viruses and other malware. You might not be able to see immediate outward signs of an infection, but you can view the history of your network traffic during windows of vulnerability (i.e., before an exploit is closed) to trace the origins of malware.
* You can enhance your intrusion detection system by using a Solera appliance to load-balance and segment the analysis of the packets.
* If a network intrusion does take place, you have the historical data to determine when and where the intruder entered, how security was bypassed, where they've been, and what they've done.
* Under the CALEA statute, all providers of facilities-based broadband Internet access and interconnected VoIP service are required to have the means to allow law enforcement agencies to intercept communications. The traffic recorded on the Solera appliances help ISPs and other companies comply with this regulation.
You can probably think of myriad ways you could use the packet capturing technology to improve the security and performance of your own network.
A Solera appliance captures data at sustained rates of 5Gbps (bursts up to 6.4Gbps). It sits passively on your network and can be configured to be invisible, so it doesn’t impair or impede your network performance in any way and remains undetected. The administrator can use capture policies to include or exclude recording specific segments of network traffic if desired. The data can be stored on the appliance, or on pretty much any external NAS or SAN storage facility.
As for filtering, viewing or analyzing the stored information, you can use any of hundreds of applications because Solera provides the interfaces and APIs to work with other tools. Solera’s intent is to be the engine for the other tools that act as the dashboard to present the information you want. The software is 100 % open with applications that do network monitoring, forensics, and so on.
The cost of an appliance is relatively low –starting around $10,000, depending on the configuration and purpose. Many companies, and especially government agencies, will want this functionality once they know they can have it at such a reasonable cost. Someday, capturing and storing all network traffic for later analysis will become a best practice in network administration.
Learn more about the Solera solutions by listening to this Rocky Mountain Voices podcast.