Traffic Filtering: The ABCs of Network Visibility

Originally posted by Jeff Harris.

How do you find a needle in a haystack? In MythBusters Episode 23, Jamie and Adam each ended up destroying the hay in order to find the needle. But this is not an option for network and security administrators.

Monitoring and securing modern networks requires finding “the needle” without destroying the network, or even the network traffic. Very sophisticated and automated analytics tools make this possible. Specialized tools like:

It is simply not possible to manually monitor and secure our networks without these automated tools.

But these tools are expensive. How do we get the most from our monitoring and security investments?

This is when most companies start investigating the use of network packet brokers (NPB). Intelligent NPBs have a whole host of features, such as those listed below.

Network Packet Broker Features

Traffic filtering and application filtering (traffic filtering by Layer 7 application) are features that directly help get more visibility and security from less monitoring and security tools capacity.

Purpose of Traffic Filtering

Seeing more with less. Securing more with less. Traffic filtering is all about delivering on these promises. Traffic filtering allows the user to define:

Each approach is designed to limit the amount of data sent to monitoring and security tools making the individual tools much more efficient. After all, it is easier to find a needle in half a haystack than in a whole haystack.

Traffic filtering allows us to reduce the amount of tool capacity needed. Or we can use the saved budget dollars to purchase additional tools that we might not have had the funds for otherwise.

In short, the purpose of filtering traffic for our monitoring and security tools is to:

Typical Use Cases

Here are some real life use cases where traffic filtering is beneficial.

1. Reducing Security Tool Costs

The University of Texas at Austin recently deployed intelligent NPB’s in their network. Using Ixia’s application filtering, they were easily able to send some traffic, like student Netflix movies and streaming music around their IDSs. This simple step reduced the load on their security tools by 20-30% and delivered a 100% return on investment.

2. Improving Voice and Video Monitoring

Citrix unified communication services are a critical productivity application for many organizations. Monitoring quality of experience can require analyzing SIP based and PSTN originated call data. However, the VoIP call data and PSTN call data are analyzed on different tools. Traffic filtering easily sends only the relevant traffic to each tool for analysis.

3. Filtering Encrypted Traffic for Decryption

Although there are variations by platform and browser, most metrics show well over 50% of web traffic is encrypted. Unfortunately, this prevents monitoring and security tools from inspecting the traffic. So SSL decryption is required. With an intelligent NPB, companies can use application filtering to identify SSL traffic and send only this traffic to SSL decryption tools or internal SSL decryption capabilities. Here application filtering saves as much as 80% of the capacity of SSL decryption tools.

4. Expediting “On-the-Fly” Troubleshooting

Reducing trouble resolution times is a critical metric for IT organizations. Filtering traffic “on the fly” for forensics tools or built-in packet capture is an important troubleshooting feature on NPBs that helps significantly speed trouble isolation and reduce resolution times. In fact, customers have experienced as much as 80% reduction in troubleshooting times.

Considerations When Researching Network Packet Brokers

Traffic filtering can be one of the most complex operations performed on any NPB. So it is critical to know what to look for when evaluating these tools. Below are some important NPB traffic filtering selection criteria.

Finding a Needle in a Haystack with Ixia

Finding a needle in a haystack is difficult. Network packet broker traffic filtering capabilities help monitoring and security tools do the job much more efficiently. But choose wisely. Not all traffic filtering capabilities on NPBs are the same.

Ixia’s entire series of blogs on visibility are available now in the e-book Visibility Architectures: The ABCs of Network Visibility.

limit
3