© 2013 Emulex Corporation
Network Recording Best Practice
Fail-safe Network and Security Event Analysis
Sri Sundaralingam ...
2 Emulex Confidential - © 2013 Emulex Corporation
Introducing Endace Products
A division of Emulex
World leader in packet ...
3 Emulex Confidential - © 2013 Emulex Corporation
Investments in Network Health: 4 Categories
1. Prevention
2. Detection
D...
4 Emulex Confidential - © 2013 Emulex Corporation
Standard Corporate Investment Profile
1. Prevention
2. Detection 3. Resp...
5 Emulex Confidential - © 2013 Emulex Corporation
70%
25%
Impact of Investment ‘Imbalance’
0%
5%
Backlog of events in NOC ...
6 Emulex Confidential - © 2013 Emulex Corporation
Intelligent Network Recording
60%
10%
10%
20%
Improve operational produc...
7 Emulex Confidential - © 2013 Emulex Corporation
Who Values Accurate Network History?
Network operations teams rely on
ne...
8 Emulex Confidential - © 2013 Emulex Corporation
What’s Important in Network Recording?
Accuracy of recording
Write-to-di...
9 Emulex Confidential - © 2013 Emulex Corporation
EndaceProbe™ INR Appliances
Next generation sniffer
100% accurate traffi...
10 Emulex Confidential - © 2013 Emulex Corporation
Total Datacenter Visibility
11 Emulex Confidential - © 2013 Emulex Corporation
Detection
ToolsDDoS IDS NPM
Core routers and switches (connectivity)
Fi...
12 Emulex Confidential - © 2013 Emulex Corporation
Traffic Search and Retrieval - EndaceVision™
Web-based collaborative tr...
13 Emulex Confidential - © 2013 Emulex Corporation
Streamlining Workflow
Workflow start with an event detected by 3rd part...
14 Emulex Confidential - © 2013 Emulex Corporation
Network Retention Best Practice
Where to record
– Data center: aggregat...
15 Emulex Confidential - © 2013 Emulex Corporation
Business Benefits
Reduces time-to-resolution on events
– Reduces impact...
16 Emulex Confidential - © 2013 Emulex Corporation
Conclusions
Network recording is essential for mission critical network...
17 Emulex Confidential - © 2013 Emulex Corporation
Thank you.
sri.sundaralingam@emulex.com
www.emulex.com
Upcoming SlideShare
Loading in...5
×

Prepare for the Inevitable: A Best Practice Guide to Network Recording

297

Published on

For organizations that depend critically on their network for business continuity, dedicated network recording infrastructure is fast becoming an essential part of the data center make-up.

But not all network recorders are equal. The right choice of recorder can help reduce the risk of unplanned downtime, drive down operational costs, improve time-to-value on new IT investments, manage the risk of security breach and kill off all manner of zombie trouble tickets that just refuse to lie down and die. The wrong choice can leave you more confused than when you started.

In this webinar we’ll explore the different infrastructure options that organizations have for recording and mining historical network traffic. We'll explore what matters most when all the lights go off and share some best-practice insights gleaned from working with customers that run some of the largest and most critical data networks on the planet.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
297
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Prepare for the Inevitable: A Best Practice Guide to Network Recording

  1. 1. © 2013 Emulex Corporation Network Recording Best Practice Fail-safe Network and Security Event Analysis Sri Sundaralingam – VP Product Management
  2. 2. 2 Emulex Confidential - © 2013 Emulex Corporation Introducing Endace Products A division of Emulex World leader in packet capture and network recording 10+ year history selling network visibility to top-tier customers – Govt, HFT, telco and enterprise Global reputation for accuracy, scalability and performance
  3. 3. 3 Emulex Confidential - © 2013 Emulex Corporation Investments in Network Health: 4 Categories 1. Prevention 2. Detection Detect things that may be bad and were missed by prevention tools; generate alerts Sit in the network and stop known bad things from happening 3. Response 4. Root cause Help engineers respond to any kind of network-related problem fast Enable engineers to understand exactly what happened and why 3 4 2 1 NPM APM SIEM Firewall Wan Ops NGF
  4. 4. 4 Emulex Confidential - © 2013 Emulex Corporation Standard Corporate Investment Profile 1. Prevention 2. Detection 3. Response 4. Root cause 70% 0% 5% 25% 2 1 3 4 Characteristics • High alert & False +ive rate • Sample driven • Broad view, low granularity • Statistical analysis Characteristics • Signature based • Optimize for known • Static Issues • Hard to isolate problems • Long/indefinite TTR • Tools deployed after event • Intermittent problems Issues • Low bandwidth • Incomplete data • High price / low value
  5. 5. 5 Emulex Confidential - © 2013 Emulex Corporation 70% 25% Impact of Investment ‘Imbalance’ 0% 5% Backlog of events in NOC and SOC Slow time-to-resolution on issues Delayed response to events High incidence of zombie tickets No ability to contain real problems Real risk of unplanned downtime
  6. 6. 6 Emulex Confidential - © 2013 Emulex Corporation Intelligent Network Recording 60% 10% 10% 20% Improve operational productivity Improve confidence levels Reduce operational costs Ensures effective containment Reduce time-to-value on new IT Reduces risk of downtime
  7. 7. 7 Emulex Confidential - © 2013 Emulex Corporation Who Values Accurate Network History? Network operations teams rely on network history for troubleshooting Network planning teams rely on accurate historical data for trending Network security teams need history for breach containment and forensics Compliance, legal and risk teams need history as evidentiary proof
  8. 8. 8 Emulex Confidential - © 2013 Emulex Corporation What’s Important in Network Recording? Accuracy of recording Write-to-disk speed Storage capacity and flexibility Richness of indexing Effectiveness of workflow Platform flexibility
  9. 9. 9 Emulex Confidential - © 2013 Emulex Corporation EndaceProbe™ INR Appliances Next generation sniffer 100% accurate traffic recording – Real 10 Gbps performance Up to 64 TB of local storage – Extensible via sledding or SAN Full flow-based traffic indexing – Including application classification Open and flexible – Endace Application dock – Programmable RESTful API
  10. 10. 10 Emulex Confidential - © 2013 Emulex Corporation Total Datacenter Visibility
  11. 11. 11 Emulex Confidential - © 2013 Emulex Corporation Detection ToolsDDoS IDS NPM Core routers and switches (connectivity) Firewalls (prevention) Corenetworkinfrastructure EndaceProbe Intelligent Network Recorders Data Center Network Visibility Stack APM Network Packet Brokers (aggregation) SIM NMS
  12. 12. 12 Emulex Confidential - © 2013 Emulex Corporation Traffic Search and Retrieval - EndaceVision™ Web-based collaborative traffic search engine More than 20 indexed flow parameters – Includes application classification Rapid network-wide search Elegant investigation workflow Fast access to raw packets as required Local protocol decoding Integrated collaboration tools
  13. 13. 13 Emulex Confidential - © 2013 Emulex Corporation Streamlining Workflow Workflow start with an event detected by 3rd party tool Analysts pivot between 3rd party dashboard and EndaceVision RESTful API integration further streamlines workflow
  14. 14. 14 Emulex Confidential - © 2013 Emulex Corporation Network Retention Best Practice Where to record – Data center: aggregation links – DMZ: web and application gateways What to record – Full packet contents vs. headers – Full NetFlow records / metadata – Control plane vs. data plane How long to retain – 3 days complete history – 30+ days select history
  15. 15. 15 Emulex Confidential - © 2013 Emulex Corporation Business Benefits Reduces time-to-resolution on events – Reduces impact and costs associated with unplanned network downtime Improves overall network performance and application delivery – Treating causes not symptoms Increases analyst productivity – Reduces opex burden – Allows team to scale for the future Closes a potential compliance loop hole Reduces overall capital exposure – One solution for netops and secops
  16. 16. 16 Emulex Confidential - © 2013 Emulex Corporation Conclusions Network recording is essential for mission critical network environments where downtime costs real money Testing the fidelity of recording and the ease of search / retrieval before you invest is key Streamlining the investigation workflow for NetOps and SecOps users generates real measurable business value Dedicated, open recording infrastructure is more valuable and trustworthy than recording as a feature of another solution.
  17. 17. 17 Emulex Confidential - © 2013 Emulex Corporation Thank you. sri.sundaralingam@emulex.com www.emulex.com
  1. Gostou de algum slide específico?

    Recortar slides é uma maneira fácil de colecionar informações para acessar mais tarde.

×