Tag Archives: network performance monitoring

The Changing Landscape in Network Performance Monitoring

Network performance monitoring is increasingly essential to organizations, especially as they transition to 10G+ networks.

In late 2013, TRAC Research, a market research and analyst firm that specializes in IT management, published research findings on key trends in the Network Performance Monitoring market. The research highlighted some challenges and common misconceptions, with the state of Network Performance Monitoring solutions.

Examining insights from more than 500 network performance monitoring user organizations, key findings included:

  • The network is becoming more of a strategic asset. Fifty-three percent of organizations are looking to network performance management to enable networks to support new technology rollouts and major strategic initiatives.
  • Troubleshooting in virtualized environments is a top challenge. Organizations reported that the inability to troubleshoot problems in virtualized environments is a top challenge for using Network Management Systems (NMS). As organizations virtualize their infrastructures, they are finding that the tools they previously deployed are no longer sufficiently effective in these new environments and they are looking for better solutions.
  • 10G networks are challenging to manage. As organizations adopt 10G networks, they are finding that the tools they previously used are no longer sufficient for monitoring and recording high-speed traffic. As a result, they are looking for solutions that are capable of analyzing and reporting issues at 10G line rate.
  • Price is an important factor. Fifty-eight percent of organizations said that vendor pricing for NPM solutions is very important in their selection process. “This shows that organizations are increasingly looking for more flexibility when evaluating NPM solutions and are expecting shorter time-to-value from these deployments.”

On Thursday, February 20, at 8:30 am PST, we’re hosting a webinar on The Changing Landscape in Network Performance Monitoring. TRAC Research Principle Analyst Bojan Simic will join WildPackets to discuss the findings of their research and his insight on the state of the network performance monitoring market. Sign up today to join us. You can register online.

Do you think 10G network performance monitoring tools are too expensive? Think again…

As more and more enterprises make the switch to 10G networks, the ability to perform 24×7 network monitoring is essential. Yet many of the current 10G network monitoring solutions are cost prohibitive because they are designed for recording and analyzing fully utilized, full-duplex, 10G networks.

To overcome this cost obstacle, many organizations try to limp along with their 1G network performance monitoring solutions. But TRAC Research found that there are several key challenges when using this approach, including dropped packets, lack of capabilities for analyzing and searching recorded network traffic, and inability to collect packets at all network locations. Below is a graph from a recent TRAC Research survey that displays the frequency of these problems.

Represented data from TRAC research on network monitoring research

At WildPackets, we know how important it is to have a full-featured network performance monitoring solution in place. And we also know that not every 10G network segment needs a six-figure appliance capable of monitoring a full 20G of network traffic. For this reason, WildPackets created a new midrange 10G solution with our new OmniAdapter 10G MX. This new 10G analysis solution allows network engineers to get visibility into less demanding 10G networks at a reasonable price. It is packed with a ton of capabilities, providing the ability to analyze and report network issues from all network locations.

Below are several areas that OmniAdapter 10G MX addresses, and that other packet-based network performance monitoring solutions often miss.

Collects every packet at all locations 24X7, minimizing network outages
Omnipliance Core with OmniAdapter 10G MX allows you to fully identify and address the conditions causing a network problem, monitoring all data coming in and out of the network. As a result, you are able to better understand why a problem occurred in the first place.

Reliable and deep insight into data collected
WildPackets’ new 10G solution provides organizations with the insight into how their networks are operating, with the additional benefit of evaluating how the network will continue to perform as network demand grows. With this added insight, organizations can easily detect network bottlenecks and remedy the issues in a timely and effective manner.

Rich reporting and search capabilities
Omnipliance Core’s enhanced capabilities help organizations reduce the time it takes to solve 10G network issues. With a new, intuitive user interface and Expert analysis and filters, organizations are able to detect network anomalies faster and more reliably.

In addition to these capabilities, WildPackets new 10G network monitoring solution is able to address the key capabilities organizations need per TRAC’s research. These capabilities are highlighted below.

Represented data from TRAC research on network monitoring research

Interested in learning more? Check out our What’s New in OmniPeek page.

Top Trends in Cyber Security and Attacks

IT security experts have labeled 2011 as the “Year of the Hack,” and appropriately so. Last year saw a diverse group of breaches that were financially and politically motivated. While each attack has its own unique fingerprint, some common elements are emerging – the quiet, persistent and sophisticated nature of today’s attacks.

If you compare a hack like the Microsoft MSBlaster Worm of 2003 to Sony PlayStation’s data breach of April 2011, the motivation, sophistication, and direct cost are in stark contrast. The MSBlaster was a fairly rudimentary Distributed Denial of Service attack, and the motivation behind it was hacker glorification, i.e. penetrating a system just to boast about it over beer. It caused mostly embarrassment to the effected companies, and more annoyance than actual monetary losses (though in some cases significant costs were incurred to wipe out the infections). On the other side, the attack on Sony was financially motivated and garnered credit card numbers, passwords, and other very personal information of 70M users directly costing Sony $170 million dollars and an estimated 10 to 100x that much in indirect costs.

As Distributed Denial of Service (DDoS) attacks and viruses, which are oftentimes associated with the idea of hacking for hacking sake, have steadily gone down in recent years, Advanced Persistent Threats (APT) have gone up. APTs typically have political and financial motivation, and often include an element of revenge. According to a study by Bit9, of the 765 IT executives interviewed for their Endpoint Survey, 60% said that APT is the biggest fear they have with security breaches and 28% feared that theft and disclosure was coming from insiders—APT threats can often be an insider job, or at least aided by risky behavior from within the enterprise network.

Advanced Persistent Threats are what the name implies: a long-term pattern of sophisticated hacking attacks aimed at governments, companies, and political activists. However, that just skims the surface of understanding what APTs are and how they can affect you, so let’s take a look at each of the words that define Advanced Persistent Threat.

Hacking techniques have been continually evolving, becoming more advanced at every turn, and often in APTs hackers combine multiple targeting methods. Since the perpetrators of APTs have strong financial backing and serious motivation, they often take time to focus on operational security, not often done in more opportunistic, less advanced threats. But the methods need not always be advanced. Consider the Citigroup breach of 2011. Though the target and the purpose certainly categorize this attack as an APT, the method turned out to be incredibly simple. The perpetrators identified a security flaw in the web-based banking where once logged in with a known good account, they could simply change the account number in the URL string and immediately gain access to another account. It was then a simple task of writing scripts to first guess account numbers, and whenever a good one was found, to scrape the user information from the compromised account. Though perhaps not “advanced” in this case, the method was highly effective resulting in more than 200,000 compromised customer accounts.

As stated earlier, and as evidenced by the Sony and Citigroup attacks, APTs are not opportunistic, simply seeking an easy in for boasting rights. These are “low and slow” attacks, meaning they are relatively unnoticeable and steal information over a longer period of time. And the perpetrators will maintain long-term access to the target. Should access be broken along the way, every attempt will be made to regain access and continue with the attack. Similar to what Peter Gibbons was attempting to do in the movie Office Space.

APTs are typically backed by powerful, well-funded organizations (think organized crime or rogue governments), with the intent and the capability to achieve their goals. A key element includes coordination and execution by human action vs. automation, at least until a stealthy, automated process can be implemented that has limited risk of being identified. Oftentimes to stay under the radar an APT will remain manual and incorporate minimal automation.

As APTs begin to grow and DDoS attacks and viruses become less of a threat, it is important to ensure that you have security policies in place to protect your network. Even though 28% of IT executives fear theft and disclosure will come from within, 60% of these firms are either using the “honor system” or have no internal security policy whatsoever. In addition, a recent survey by Ponemon Institute reported that although 90% of respondents had at least one breach in 2011, 40% of those surveyed had no clue where the breach stemmed from, and 33% could only identify the source of some attacks. Without a clear understanding of the source, how can you possibly protect yourself from another occurrence?

In addition to the active security systems in place today, you need a security “insurance policy,” since it’s clear that today’s state-of-the-art security systems don’t do a complete job – after all, 90% of survey respondents had at least one breach in 2011, and 70% had two or more! This insurance policy takes the form of a network recorder, which passively records each and every packet traversing your network. When an attack happens, and statistics indicate it will, you’ll have a complete recording of the incident, allowing you to identify how the attack happened, what information was compromised and how tune your existing network security tools to prevent future breaches.

To learn more about the trends and how to protect your network, check out our webcast “Cyber Security – IDS/IPS is Not Enough.”