<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2975524&amp;fmt=gif">
BLOG

The Essential Network Visibility Triad

March 28, 2019

Glowing blue matrix falling in data center-1

Today’s hybrid networks challenge complete network visibility. Traditional data centers, virtual machines, and the Cloud serve to obscure and leave networks vulnerable to operational inefficiency and security risks. The critical triad of tools for network visibility are: Packet Capture & Processing, Metadata Capture, and Streaming Analytics. These tools provide a holistic understanding of all the network activities of an organization, whether it is a communications service provider or enterprise, while retaining forensic evidence for performance or security investigations.

 

The most fundamental element of data capture is raw packet capture, providing the most complete source of understanding. Packet capture enables comprehensive forensic investigation with the ability to drill through layers 2 -- 7 of each packet. This data can be stored for examination and analysis to solve application/network performance issues and security breaches. Using physical or virtual TAPs to access this rich source of data, combined with the efforts of analysts armed with tools like Wireshark/Cirries PacketViewer gives a forensic view of network activity. The ability to pinpoint cause and trace the activity of bad actors is revealed in packet capture. This does not always meet the immediate need to address on-going issues and can extend MTTR of network failure or security breaches.

A more immediate solution to achieve faster discovery and resolution in real time is provided through metadata.  Metadata can be generated from packets or collected from network elements in the form of NetFlow, IPFIX, SNMP or Syslog records and then fed into real time Streaming Analytics engines.  Metadata has been used for years to provide network monitoring tools the necessary information data for Performance Monitoring, Security, Compliance and Business Analytics. Today one of the primary forces behind its rise in popularity is the ability to do real time streaming analysis on the network to identify a performance issue or security breach.  Advancements in machine learning are now providing promise in the ability to predict performance issues or security breaches.

It is the combination of raw packet data and metadata that provides the value of real-time anomaly detection combined with the ability to view the payload and being able to identify the root cause of an issue. When used with a streaming analytics application that provides real time automated anomaly detection and response, network MTTR is reduced significantly.  Cirries Technologies works with Garland Technology to empower networks for their full potential, letting Cirries Network Visibility Tools see every bit, byte, and packet.® Cirries PacketPoint, MetaPoint and PMC Streaming Analytics give networks the power of visibility put to action, enabling optimal network security, performance, compliance and analytics. Cirries Technologies provides near real-time visualization of the network with customized workflows to automate detection and response fueled by Garland Technology suite of products.

Garland Technology + Cirries Technologies

[Want to learn more about how Cirries Technologies partners with Garland Technology to provide complete network visibility to service providers and enterprises? Contact us to get a deeper dive into the joint solution.]

See Everything. Secure Everything.

Contact us now to secure and optimized your network operations
Contact Us

Heartbeats Packets Inside the Bypass TAP

If the inline security tool goes off-line, the TAP will bypass the tool and automatically keep the link flowing. The Bypass TAP does this by sending heartbeat packets to the inline security tool. As long as the inline security tool is on-line, the heartbeat packets will be returned to the TAP, and the link traffic will continue to flow through the inline security tool.

If the heartbeat packets are not returned to the TAP (indicating that the inline security tool has gone off-line), the TAP will automatically 'bypass' the inline security tool and keep the link traffic flowing. The TAP also removes the heartbeat packets before sending the network traffic back onto the critical link.

While the TAP is in bypass mode, it continues to send heartbeat packets out to the inline security tool so that once the tool is back on-line, it will begin returning the heartbeat packets back to the TAP indicating that the tool is ready to go back to work. The TAP will then direct the network traffic back through the inline security tool along with the heartbeat packets placing the tool back inline.

Some of you may have noticed a flaw in the logic behind this solution!  You say, “What if the TAP should fail because it is also in-line? Then the link will also fail!” The TAP would now be considered a point of failure. That is a good catch – but in our blog on Bypass vs. Failsafe, I explained that if a TAP were to fail or lose power, it must provide failsafe protection to the link it is attached to. So our network TAP will go into Failsafe mode keeping the link flowing.

Glossary

  1. Single point of failure: a risk to an IT network if one part of the system brings down a larger part of the entire system.

  2. Heartbeat packet: a soft detection technology that monitors the health of inline appliances. Read the heartbeat packet blog here.

  3. Critical link: the connection between two or more network devices or appliances that if the connection fails then the network is disrupted.

NETWORK MANAGEMENT | THE 101 SERIES