How can you do needle in a haystack? In the "Mythbusters" 23 focus, Jamie and Adam in order to find the needle, each destroyed hay. But this is not selected network and security administrators. Monitor and protect modern networks need to find the "needle" in the case without damaging the network, or even destroy the network traffic. Very advanced and automated analysis tools make this possible.
Special tools , such as:
• Network performance monitoring and diagnostics (NPMD)
• Application Performance Monitoring (APM)
• Next Generation Firewall (NGFW)
• Intrusion Detection System (IDS)
• Intrusion Prevention System (IPS)
Without these automated tools, impossible to manually monitor and protect our network. But these tools are expensive. How do we get the most out of our investment in surveillance and security?
This is the time most companies began investigating agency network packets (NPB) usage. NPB has many intelligent functions, such as functions listed below.
Traffic filtering, and filtering applications (the flow rate was filtered through a layer seven application flow) is for more visibility and safety from an amount less monitoring and security tools.
Traffic filtering purposes
Seeing more with less. Traffic filtering is to honor these commitments. Traffic filtering allows the user to customize:
- I want to see the specific flow excluding all other traffic (conditional pass)
- I do not want to see specific traffic receives all other traffic (conditional denial)
Each way are intended to limit the amount of data sent to the monitoring and security tools, so each tool more efficient. After all, to find a needle in a haystack semi easier than in a whole heap haystack to find the needle.
Traffic filtering enables us to reduce the amount of tools required. The budget savings can be used to purchase other tools.
In short, the purpose of filtering traffic to our monitoring and security tools are:
-
The tool run more efficiently
-
Full use of the tool capacity
-
Reduce our total investment in a single tool set
-
It allows us to purchase other tools
Typical Applications
The following is a traffic filtering actual use cases:
Reduce the cost of security tools - a university deployed in a network of intelligent NPB, Cubro use application filtering, load security tools is reduced by 20-30%, to achieve a 100% return on investment.
Improve voice and video surveillance --Citrix unified communications service is the key to productivity applications in many organizations. Monitoring the quality of experience may need to analyze data based on SIP call and the PSTN. However, VoIP calls and PSTN call data is data analysis on the different tools. Flow filter can easily send traffic to each relevant tool for analysis.
Filter encrypted traffic to be decrypted - According to Gartner, Secure Sockets Layer (SSL) traffic accounts for a large proportion of all outbound Web traffic, and growing. It accounted for an average of 15-25% Web traffic, there will be very different according to different vertical markets. Unfortunately, it prevents monitoring and security tools to check traffic. Requiring SSL decryption. With intelligent NPB, companies can use the application to identify the filter SSL traffic, and only send this traffic to SSL decryption tool or internal SSL decryption functions. Here, the application filter saves up to 80% of SSL decryption tool capacity.
Speed up the "real-time" Troubleshooting - reduce troubleshooting time is an important indicator of the IT organization. Significant failure on the NPB exclusion is "fast" filter forensic tools or built-in packet capture flow, which helps to significantly accelerate fault isolation speed and reduce time to resolution. In fact, customer troubleshooting time by up to 80%.
Research network packets Agent Considerations
One of the most complex traffic filtering operations may be performed on any NPB. Therefore, when evaluating these tools, it is important to understand what to look for. Here are some important NPB traffic filtering selection criteria.
Filter Layer 7 applications
Can easily flow network routing applications is essential for visibility and safety. Many only 2-4 NPB layer protocol is routed traffic. Consider a deep packet inspection (DPI) and the intelligent application NPB, each filter can be simplified even RegEx filtering application.
Easy to operate
Configuring traffic filter can be complicated. Consider a NPB, it can automate the entire flow filtration process, thus eliminating any complexity.
No loss
If not well implemented in the NPB, then traffic filtering may be difficult in the calculations. Consider retaining only the NPB complete packet flow when you enable filtering. Even if the user while the plurality of traffic filter NPB configuration changes, NPB not packets should be dropped.
use simultaneously
NPB is often used by multiple teams in the IT organization. Consider a NPB, which supports the use of multiple team members at the same time without causing any problems and traffic filtering configuration errors. Without this feature, the team may be a problem in an emergency.
Precautions
Needle in a haystack is difficult. Network packet filtering proxy traffic monitoring and security tools can help do their jobs more effectively. But to choose wisely. Not all traffic filtering functions on the NPB are the same.
