With business infrastructures getting more complex and data traffic levels rising, organisations increasingly need to understand what’s going on in their network environment, how it is happening and the context around it. That’s never easy to do.
Networks organically grow. Servers are ‘spun up’, new applications are launched all the time – and businesses struggle to keep a handle on this complexity. Today, in addition to their physical server-based network, many also have cloud environments to deal with. They may have a blend of public and private clouds and/or a hybrid mix of cloud and on premise. They may be engaging with multiple providers for functions such as CRM, office software, messaging, collaborative tools and other web services.
Given all this, organisations often find that their network has become so complicated that they have lost control of what people are doing on it and where everything is.
What these businesses need today are tools that first help them understand what they have within their network and how they are using it and second, pick up traffic in the correct places.
Knowing where to monitor, and which traffic to capture is critical, and is a common problem for many network tools. An example of a requirement of many businesses is implementing an intrusion detection/prevention system (IDS / IPS) in order to detect traffic anomalies. There are limitations in scope, however, as often only a small number of specific links can be monitored.
The business can put the IDS on a link between point A and point B that enables them to detect anomalies on that link. But what about the rest of the network? Does the business need to put systems everywhere or just capture certain parts of the network? Many businesses find that there is just too much they need to look at and monitor. Instead, they need an alternative approach that allows them to observe only traffic of interest and therefore gain true visibility and insight into what is happening without having to spend too much time and money in doing it.
The latest tapping and aggregation solutions can help, allowing businesses to extract data from multiple points on any network simultaneously, filter traffic of interest and pass it on to centralised performance monitoring tools, security tools, forensic analysis platforms or security incident and event management systems.
Rather than having to implement intrusion detection systems at every single link, which is costly and time-consuming, these tapping and aggregation solutions instead use an approach called inline bypass, where taps are inserted in at key points on the network and can start feeding relevant traffic to the associated IDS / IPS for analysis (and the IPS / IDS tool can be disabled without impacting the flow of traffic).
It’s a smart approach because the aggregators can determine when information traversing the network has already been seen, eliminating the need to send it to the tool again, thereby reducing costs and time spent, while maintaining optimum network visibility.
This approach also delivers many additional benefits. It helps meet compliance and legislative obligations, allows businesses to implement multiple changes quickly, and reduces refresh cycles by protecting investments in existing security and monitoring tools.
Also, the benefits that organisations attain from this focus extend beyond security into other key areas such as performance and network monitoring, further highlighting why, when it comes to networks, organisations need to focus on ‘keeping it visible’.