3 Benefits of Application Intelligence in Visibility Networks
A visibility network connects both your active monitoring devices (firewall, IPS) and passive monitoring tools (IDS, Forensics) to the data on your production network. At Ixia, we call this a Security Fabric. But, giving these inline and out-of-band tools data access is only part of the equation. It’s also about control. When you deploy a Security Fabric, you can filter the network traffic each device gets by application type. It works like this: The Context-Aware Data Processing Engine looks at each packet and identifies the application that sent it. Here are some examples of what you can do with it.
- Want to send only Box and Dropbox traffic to a data loss prevention device? No problem.
- Want to send all traffic except streaming media (Netflix, Amazon, Hulu) to your IDS? Easy.
- Want to send only your company’s email traffic to your data recorder and not any other email provider (Yahoo!, Gmail)? Piece of cake.
- Notice some suspicious traffic and want to send it to a specific tool? Just point and click.
Real application intelligence goes beyond using port numbers to identify applications because that approach has problems. Real application intelligence uses a variety of contextual clues to identify known and unknown applications on your network. Some visibility companies peddle a feature called Application Filtering. Beware. Application Filtering and Application Intelligence are not the same and you can read more about their differences starting on page 6 in How Context-Aware Data Makes Security Threat Detection Better.
Real Application Intelligence has many benefits to your visibility network. Here are three.
Benefit 1: It’s Already Smart, But It Learns Too
Programming your own application intelligence is difficult and very time-consuming. You shouldn’t have to capture packets, analyze them, and build your own application signatures from scratch. Not to mention keeping up with any changes. Thankfully, you don’t have to. Ixia’s Application Intelligence comes with hundreds of signatures to the most common applications already built-in. And when new ones appear or old ones change, a service feed will ensure your application intelligence is always up-to-date. For applications not in the database, the Context-Aware Data Processing Engine will use clues (like SSL certificate details, ports, protocol) to start building a dynamic signature. And it’s easy to turn dynamic signatures into custom application signatures, too.
Benefit 2: Dashboard View of Applications
Do you know what applications are on your network? Can you account for 100% of your network traffic? Probably not. But if you had Application Intelligence, you could get much closer (the degree of which depends on how much of your network is visible). Application Intelligence visually shows you what applications are on your network and how much bandwidth they are using. The Context-Aware Data Processing Engine can even combine it with geo-location and device data to provide a view of where traffic is moving and what devices are generating it. For instance, on October 21, 2016, you could have checked your dashboard to see if your network was participating in the Dyn DDoS attack.
Benefit 3: Take Action Based on Layer 7
Real application intelligence must be actionable. Identifying specific application traffic and filtering it to your tools gives you a lot more control over the security and monitoring tools used to perform analyses. Whether you have a specific type of application traffic you want to monitor constantly, or you want to analyze application traffic that looks suspicious, it is easy to get specific traffic to a tool.