When Done Right, Network Visibility Can Pay For Itself

 

Over the years, I’ve met people that seem to think that investing in network visibility is either unnecessary, too expensive, or too complicated. None of these preconceptions could be further from the truth.

When done right, a visibility architecture (consisting of taps, packet brokers, and network tools) is absolutely essential to your ability to detect security threats and optimize both network and application performance. You can’t prevent or fix what you can’t see. This lack of visibility is why successful security attacks go undetected for days, weeks, and months. Literally, no one sees them.

When it comes to expenses, while visibility components do cost money, the right investment choices pay for themselves. A new brief was recently added to www.getnetworkvisibility.com that illustrates the value of network visibility. This paper (When Done Right – Visibility Pays For Itself) explains how you can achieve a return on investment (ROI) of 100% or more if you correctly install network visibility.

Before you dismiss the concept — read the brief. The savings come about because of several features and functions including: the delay (or elimination of tool expense) while you upgrade your network to 40, 100 or higher GE speeds, load balancing of critical data across multiple tools for more cost-effective redundancy, and a faster mean time to repair (MTTR) that results in less downtime or degraded operational functionality due to network and application problems.

Additional complexity due to visibility is a complete misconception. Network visibility helps reduce complexity, especially as business move towards cloud and multi-cloud networks. A properly constructed visibility architecture allows you to capture the right kind of data that your security and monitoring tools need to optimize performance and security. This is definitely important for Day 2 operational costs.

Another resource (The Technical and Financial Impact of Ease of Use on Network Visibility Solutions) how you reduce long term operational cost for visibility simply by picking the right type of solutions. The right solution will naturally be easy to use and maintain. This is why ease of use, explained in that paper, is so important and beneficial to IT teams.

This ease-of-use report also looks at two of the fundamental components of any visibility architecture — data access and network packet brokers. In addition, the report shows you why taps and packet brokers are superior to SPAN ports and some of the cost savings that you can realize by deploying this type of technology. In addition, the report also looks at a few of the network packet broker solutions on the market and provides critical insight into different product solutions.

Not many solutions can truthfully boast that they can save you money. Keysight’s visibility solution does. In addition to the When Done Right – Visibility Pays For Itself brief mentioned earlier, there are several case studies from Keysight that illustrate the cost savings as well.

Check out all of the materials at www.getnetworkvisbility.com to see how you can implement a network visibility solution that pays for itself.

Show the Value of What You Do by Patricia and Jack Phillips - A Review

 

Bragging at work, even the humble kind, is generally not looked upon favorably. In performance appraisals where I have been required to rate myself, I feel I am treading on dangerous ground – too high and I’ll appear arrogant, too low and my superiors will suspect I know something that they don’t. In Show the Value of What You Do, authors Patricia and Jack Phillips offer a detailed process for showcasing the tangible value of your work product. Their short (~ 140 pp.) book makes use of numerous stories from their consulting practice to illustrate each step. Whether you are proposing a new program to senior management, or merely calling attention to your own value, there are many useful tips to be found here.

The best way to avoid being dismissed as a braggart is to back up claims and promises with compelling, credible evidence. The book is aimed at individuals trying to rescue a stalled career as well as team leaders who are gathering resources for a wider reaching goal. Though we live in a “show me” world”, the process for building a compelling case is often unclear. The authors state right up front that they will show individuals and teams how to measure success, how to change their thinking from merely completing activities to making significant, impactful investments, and how to project results to obtain future support.

We get a first glimpse of how difficult projects can be handled with the story of a Hospital Chaplain, a profession which most of us believe should be immune from bottom line accountability. The ultimate value of this activity will lie with the answer to “Was it worth it?”, and clear measures of patient outcomes are the aim here. The importance of good leadership is highlighted, as buy-in from those involved is key to a successful result. Critics can be deterred by considering several perspectives – hospital accountants may be focused on length of patient stays, while friends and family might care about less tangible things like spiritual support. This first chapter provides an overview of the process for showing value.

In the ensuing 5 chapters, the authors walk through the process in detail, covering Why?, How?, What?, How Much? and then wrapping up with “What’s It Worth?”. Connecting a project to a business need, and thus establishing impact, is an essential place to start. Each of us needs to be aware that we operate with competing mindsets - either an inward facing one (our own personal goals) or one that is outward facing (collective results and the challenges faced by others). An excellent way of answering “Why?” and thereby assessing impact is to ask, “What happens if we do nothing?”. Even with good intentions and planning, some stories still don’t end as expected.

In April of 2018, Starbucks Coffee responded to a racial bias incident at one of its locations by closing over 8,000 stores for an entire day, giving up millions in sales, and providing special training to its employees. Pundits noted that numerous studies show this type of training doesn’t actually work. Although the story drew lots of positive press coverage, the actual ROI has never been clear. The book suggests numerous ways of measuring tangible and even intangible results which can help in improving similar projects.

Some of the concepts introduced in the book, like the measurement of those intangibles, can seem a bit nebulous, but there is always a story to relate to, followed by some diagnostic tools to stimulate thinking and planning. Examples like building a traffic round-a-bout, improving police-community relations, or the Starbucks story above are clear and introduce situations we can all relate to. Objectives, critical for guiding any project, are explained using concrete definitions and multiple examples. One of the data-gathering considerations that caught my attention was “culture” - associated with trust, openness, transparency, and inclusivity – that can have a profound effect on information collection.

A very relevant contemporary example where culture plays a role is in the on-boarding process for millennials. Yet another timely example deals with the business case for working from home. It’s one thing to acknowledge that the world is changing and businesses need to adapt, but it’s not always obvious how to proceed. The book helps frame the process as an investment, and not just another cost.

The authors conclude with a discussion guide which can jump-start team collaboration and buy-in, both of which are important elements in a successful project. It is often said that “change is inevitable, but progress is optional”. I would add that change can be frightening but Show the Value of What You Do will benefit both individuals and groups in navigating the process.

Author Profile - Paul W. Smith - leader, educator, technologist, writer - has a lifelong interest in the countless ways that technology changes the course of our journey through life. In addition to being a regular contributor to NetworkDataPedia, he maintains the website Technology for the Journey and occasionally writes for Blogcritics. Paul has over 40 years of experience in research and advanced development for companies ranging from small startups to industry leaders. His other passion is teaching - he is a former Adjunct Professor of Mechanical Engineering at the Colorado School of Mines. Paul holds a doctorate in Applied Mechanics from the California Institute of Technology, as well as Bachelor’s and Master’s Degrees in Mechanical Engineering from the University of California, Santa Barbara.

Ok, I'm Guilty..

 A few years ago my garage door died after a lightning storm. Lesson learned, i now have a whole home surge protection system installed. Since I was on the road, my wife called "the professionals" to install a new unit.

When I returned home, I was pleasantly surprised that there was one less thing for me to do. The first time I used it I knew something wasn't quite right but I had no time or energy to look into it. And like all IT implementations "It works, so move on.".

Over the past few years, I would comment to my wife that the garage opener looked misaligned but was quickly reminded that i had a ton of other stuff to worry about.

One day i went to use the garage door opener and heard a "crack and snap". Watching the chain dangling was a sure sign that something wasn't right ;)

I got the ladder to check things out hoping the chain just jumped the sprocket and I could fix it quickly. Nope... to my surprise, the shaft that the sprocket was connected to had snapped. upon closer inspection, I could see a pile of metal filings (see photo below) indicating that the shaft had been wearing away for a while.

This reminded me of the countless network equipment, applications, computer configurations and installs where I'm always preaching to make sure you test and check things out before you leave.

In this case, I am willing to accept being guilty, lazy, and putting off something I knew wasn't working correctly.

I purchased a new garage door opener and noticed all the shortcuts the 'professionals' took with the previous installation explaining the misaligned unit. Now I know why my wife and I prefer to do our own home renovations or check any work done by anyone other than us.

Cost of being lazy and procrastinating; $350 and a half a day to purchase/install the new unit.

The Importance of In-Line Network TAPs

 

Your security tools are as good as the data that is put into them.

The effectiveness of any system, including your cloud environment, analytics tools, IPS (Intrusion Prevention System), and IDS (Intrusion Detection System), depends on the information provided to it. It has never been more crucial to know where you are getting your data from and if you are seeing the whole data stream.

So having complete visibility into your network traffic is critical, however, it might not be as easy as merely mirroring your traffic to another SPAN port on a switch. Many modern firewalls and switches will, by default, discard or change a large portion of the network traffic that they perceive to be errors. For some applications, this is acceptable and is done to reduce bandwidth/latency. But when it comes to supplying network traffic for security-related applications, all the raw data is needed.

Given the high possibility that they are a sign that your network is being scanned or fingerprinted, fragmented packet visibility is crucial for any security appliance or application. For example, to protect TCP packets from firewall filters, IP fragments might be employed. Typically, a firewall will attempt to reassemble these packets before forwarding them. However, this raw traffic should be examined by your network security appliance or application, but if you position your network TAP on a switch behind the firewall, you risk missing it. IP fragmentation may also be an indication of an ongoing DoS (Denial of Service) or DDoS (Distributed Denial of Service) attack directed at your network or a device connected to it.

Critical Role of Network TAPs

So the critical question is: Where can I get data that can capture all of it without jeopardizing my network security? The answer to this is by placing network TAPs where, in case of a failure, it would not affect network functionality.

TAPs are independent devices that connect network security and monitoring appliances to network links safely and securely. Network traffic flows into the TAP. A mirror copy of the traffic is then passed on to an appliance that is also connected to ports on the TAP. While the mirror traffic is passed to the appliance, live network traffic continues to pass back into the network without significant delay. TAPs also provide network fail-safe technology which will keep network traffic flowing even if power to the TAP or connected appliance is lost. Therefore, multiple security appliances can safely be connected to links using TAPs without impacting the reliability or availability of the live network.

TAPs can be deployed out-of-band or in-line. Monitoring appliances generally use out-of-band mode which, as noted above, sends a mirror copy of the data to the appliance for analysis but does not interact with live data. Deploying TAPs in-line means that live data travels from the TAP through the appliance and then back into the live network. This method allows security appliances to interact in real-time with live data allowing the appliance to immediately isolate and block malware before damage is done to the network. In-line TAPs automatically bypass an appliance if it is taken offline for any reason. This feature keeps live traffic flowing even if an appliance is down simplifying maintenance windows and troubleshooting.

Advanced features that are found in intelligent TAPs offer aggregation, filtering, and port mapping. These features also provide economic efficiencies allowing flexibility in determining traffic flows to the appliances. By aggregating underutilized links, appliances can support multiple links providing CAPEX savings. Filtering unneeded traffic also lessens the traffic burden on appliances allowing more efficient operation and faster response times to threats. Port mapping provides a simple method of directing traffic from the TAP to the appliance and back into the network.

When developing a network protection strategy, it is important to deploy the right monitoring and security appliances. It is critical, however, to include TAPs in the architecture plan from the beginning. Appliance connectivity with TAPs will allow maximum protection and budget discipline without compromising network reliability or availability. To learn more about network monitoring and visibility, contact Network Critical’s expert team at networkcritical.com