What is Network Visibility?
2017-02-20 | 6 min read
I just returned from a European press tour talking to editors from different publications about visibility. It was educational, for me. Most people think of visibility as the tools that perform applications performance monitoring, or network performance monitoring, or big data analytics. It is more fundamental than any of that. Network visibility is how data is collected, aggregated, distributed and served to those monitoring and analytics tools. Network visibility is also about creating a stable foundation for your security infrastructure. There is a reason why visibility is becoming a bigger topic, too.
The sheer volume and variety of data carried by a typical enterprise network is growing all the time. It is creating a complex, noisy environment that is becoming increasingly problematic for IT, network and security teams. Keeping up with growing network speeds without sacrificing performance is a critical priority.
The challenges these teams are facing involve ramping-up network speeds, from 10GB to 40GB, and even 100GB. Making sure everything is secure requires deploying a wider array of security and monitoring tools – firewalls, intrusion detection systems, SIEM tools and more – all of which require access to network data if they are to work effectively. Feeding these tools data they can’t use risks overloading them and degrading their performance. Combine this with the rise in encrypted network traffic - which analysts estimate represents up to one-third of all traffic, which means that threats could be hidden by security measures.
This all contributes to a highly complex problem that can easily create ‘blind spots’ on networks. And if you can’t see it, you can’t secure it. Enter network packet brokers (NPBs), which sit at the heart of a good network visibility architecture. Packet brokers are essential to enterprise network monitoring. They aggregate data from multiple tap points, de-duplicate it, and distribute it to network operations, application operations, security administrators and forensics.
What you will find when you dig into the network visibility area, though, is that not all NPBs perform equally. Like with any compute device, performance is about hardware speed and algorithmic intelligence. A low performing packet broker can not only reduce performance but can drop packets and or let data pass by without inspection creating big security risks. So how can figure out which network packet broker is right for your network? The first step would be to see how network visibility fits into your network by visiting our network visibility page.
A recent webinar by our own Taran Singh, Ixia’s director of product management, looked at this specific issue, and described the three key essentials which underpin network packet broker performance. These are:
- High performance, no loss visibility fabric. As traffic speeds and volumes continue to grow, it is vital that NPBs are part of a visibility fabric that is scalable enough to cope with rapid growth and rises and falls in demand. The NPB should also never lose any network packets when processing traffic.
- Intelligent application inspection for smarter analysis. Not all of your security tools need to inspect all traffic. It might be completely irrelevant for your Intrusion Detection System (IDS) to look into certain traffic subsets. Intelligent NPBs should be able to route irrelevant traffic around the tools that doesn’t need to inspect it – helping those tools function optimally, for longer. The NPB should also be able to decrypt encrypted traffic so that it can be inspected in real time, to expose any concealed potential threats.
- Flexibility and ease of use. The NPB should be flexible, with a straightforward GUI to enable users to deploy and change configurations to adapt to their monitoring needs.
To highlight just how NPBs can boost network efficiency, The University of Texas at Austin recently deployed Ixia’s NPBs across its network. Using Ixia’s application filtering capabilities, the University’s IT team was able to send traffic such as Netflix movies and streaming music, around its Intrusion Detection Systems, reducing the load on security tools by 20-30% and delivering a 100% return on investment. Read the full story here, or watch the webinar for more in-depth examples.
Written by Jeff Harris