Senior Editor Denise Dubie guides you through the latest developments in management tools and services.
There is no shortage of data that can be collected across complex distributed networks, but often network managers are challenged to extract meaningful information from the volumes of metrics pulled out of multiple proprietary systems.
For Matthew Shoemaker, network/systems engineer at Georgia's Henry County Water and Sewage Authority (HCWSA) near Atlanta, the need to centralize data across intrusion detection systems (IDS) was magnified by his organization's dependence also on SCADA (Supervisory Control and Data Acquisition) systems. Shoemaker says he went in search of technology that would help him centralize data collection from security systems, monitor network traffic and troubleshoot unknown threats.
"We were looking for a centralized way to look into network traffic, provisioning and diagnosis. We had a lot of IDS boxes, and it got to be too much to handle. There was no correlation of the information we were collecting, so it wasn't necessarily useful to us," Shoemaker explains.
Not only did he need to pull together data from disparate IDS appliances, but also Shoemaker wanted to get a better look at HCWSA's SCADA environment. Mostly Shoemaker had concerns over security with the SCADA systems.
"SCADA equipment manufacturers are proprietary so I needed something that could pull that proprietary information into the centralized repository," he says.
That's when Shoemaker learned of StealthWatch from Lancope. StealthWatch is software packaged on appliances that are distributed across a network, near a core switch or data center
router. Upon installation, it performs a benchmark of normal traffic behavior and continuously monitors for changes. The product
does not sit in line of network traffic, but passively monitors conversations between hosts and clients. Administrators can
tap into the appliances via a Web-based interface or use the management console to configure, monitor and generate reports
from multiple distributed appliances.
Sometimes called network behavior analysis technology, products like StealthWatch can learn normal patterns of an environment and then alert network managers when anomalies occur. That capabilities helped
Shoemaker determine that Lancope was right for HCWSA's varied environment.
"We are short-staffed and most of us wear more than one hat so it helps that the products can point out when there is a problem," Shoemaker says. "It helps us collect and make sense of our data, but how well it deals with undocumented vulnerabilities is an invaluable benefit."
Denise Dubie is senior editor with Network World.
Partner Content
www.netscout.com
VOIP OPTIMIZATION
Optimize and assure the delivery of Voice over IP services with a superior packet based management platform that delivers unified views and analysis of voice, video and data traffic.
Download Technical Note
VIRTUALIZATION SIMPLIFIED
Industry analyst Jim Metzler helps identify how to overcome the challenges of managing virtualized server environments in this in-depth whitepaper.
Download the Whitepaper
Managing Modern IP Networks
Industry expert Nate Kalowski discusses the best practice approach of a Performance Assurance Layer (PAL), built in an ITIL framework, as a means to speed problem resolution and enable high quality QoS.
Download the Whitepaper