Skip Links

Network packet brokers increase visibility and performance

IT Best Practices Alert By Brian Musthaler, Network World
August 09, 2012 01:53 PM ET
Sign up for this newsletter now!

The CIO-level business angle on the latest tech

As enterprises embrace technologies ranging from virtualization to cloud computing, the focus turns to making networks faster, flatter and more efficient. Today's changing networks must support ever-increasing traffic volumes, higher speeds and more service types, as well as increased requirements for security, analytics and compliance.

With the advent of BYOD, an explosion of big data and evolving cyberthreats, IT organizations are dealing with the changes by deploying more security, monitoring and acceleration tools at more segments of their network, as well as at the edge of their perimeters. And with an increase in tools comes a greater need for network visibility into the performance of the tools, and more network intelligence. In the cases of SIEM, IPS, secure Web gateways and anti-malware solutions, to name a few, if these tools are not performing as advertised, how can you be sure your network is really being fully protected and that you getting your money's worth?

EVENT: Network World BYOD Seminar – Philadelphia – Sept. 27

CLEAR CHOICE TEST: HP, IBM, CA deliver highly scalable network management suites

Let's not forget other changes enterprises must embrace, including network speeds and feeds rapidly ramping up to 10G, 40G and soon 100G. What's more, the traffic mix now includes voice, video and data, all of which has to be understood and analyzed by network monitoring.

IT managers are now looking for more feasible ways to ensure their network monitoring and security tools can see any and all actionable traffic data, while keeping up with the massive growth in the size, variety and speed of data traversing their network infrastructures.

Most of today's tools do not have access to the real physical and link layer of the network, since they are relying purely on Switched Port Analyzer (SPAN) ports, traditional aggregators and/or Netflow. These techniques provide a level of data aggregation, but ignore the critical element of link layer visibility.

Tools receiving the aggregated data cannot determine the details about a specific packet or threat -- such as the exact port or network segment, or the specific time it was captured. This problem has led to unexpected complexities around security incident analysis and response, resulting in challenges in gaining situational awareness when advanced threats or network issues are found.

What the industry needs is a more intelligent network security and monitoring approach which provides granular visibility down to the link layer. A new wave of solutions is emerging called network packet brokers (NPBs), offered by companies such as VSS Monitoring and others, which Gartner and other analyst firms have begun writing about and recommending to clients.

NPBs represent a new approach for visibility and brokering of network packets while optimizing and scaling the connectivity between network switching and the entire network of performance and security analytics, inline security and WAN acceleration tools. These products broker network traffic from multiple SPAN ports, and manipulate the traffic to allow more efficient use of network tools and monitoring devices on the network. Network packet brokers optimize incident analysis by enabling IT and Security Operations to gain situational awareness and security intelligence around intrusion and extrusion incidents. This allows enterprises to speed their incident response operations.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News