More Related Content Similar to The Changing Landscape in Network Performance Monitoring (20) More from Savvius, Inc (20) The Changing Landscape in Network Performance Monitoring 1. The Changing Landscape in
Network Performance Monitoring
Bojan Simic
President and Principal Analyst
TRAC Research
Show us your tweets!
Use today’s webinar hashtag:
Jay Botelho
Director of Product Management
WildPackets
#wp_networkperformance
with any questions, comments, or feedback.
Follow us @wildpackets
Copyright 2014 – All rights reserved
© WildPackets, Inc.
www.wildpackets.com
2. Administration
• All callers are on mute
‒ If you have problems, please let us know via the Chat window
• There will be Q&A
‒ Feel free to type a question at any time
• Slides and recording will be available
‒ Notification within 48 hours via a follow-up email
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
2
3. Agenda
•
•
•
•
•
•
•
NPM by the Numbers
Network Forensics for NPM
Configuring Your Network for Forensics
Customer Use Cases
Best Practices in Network Forensics
WildPackets Corporate Overview
WildPackets Product Line Overview
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
3
5. NPM research- demographics
406 participants
Geography
Company type:
70% - Enterprise
28% - Service Providers
56% - North America
24% - EMEA
14% - APAC
Company size:
41% - Large organizations
38% - Medium
21% - Small
TRAC Research, Inc
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
6. Top strategic goals for managing network
performance
Enable networks to support roll-outs of new
technologies
53%
Improve ability to dynamically adapt to
changes in IT environments
43%
Improve user experience
Meet compliance requirements
Reduce OPEX
42%
23%
22%
TRAC Research, Inc
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
7. Key IT initiatives impacting network performance
VoIP
72%
Big Data
69%
Enterprise Mobility
66%
Virtual desktops
65%
Video conferencing
59%
Public Cloud services
BYOD
54%
48%
TRAC Research, Inc
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
8. Ability to assess impact of new technology roll
outs on network performance
41%
21%
38%
Fully meets goals
Partially meets goals
Doesn't meet goals
TRAC Research, Inc
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
9. Key challenges for network performance
management
Inability to identify root cause of performance
problems in a timely manner
46%
Lack of visibility into application performance
41%
Lack of visibility into the business impact of
network performance
36%
Oversubscribed network monitoring tools
35%
Difficulty determining next steps to take when
a problem is detected
29%
Inability to identify potential performance
issues when designing the network
29%
TRAC Research, Inc
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
10. Percent of performance incidents that are
proactively prevented
16%
31%
25%
28%
0-20%
21-50%
51-80%
81-100%
TRAC Research, Inc
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
11. Key capabilities organizations are looking to
deploy
Ability to analyze and report performance
issues at 10Gbps line rate
39%
End-to-end visibility into application
transactions
34%
Ability to monitor impact of routing changes
on network traffic activity
30%
Access to network performance data based on
job role and level of responsibility
30%
Single platform for managing network
performance and security
Ability to monitor VM-to-VM communications
27%
24%
TRAC Research, Inc
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
12. Key challenges for using packet capture
solutions
Number of dropped packets
59%
Reliability of captured data
51%
Inability to support 10Gb networks
41%
Lack of capabilities for analyzing / searching
recorded network traffic
40%
Inability to collect packets at all network
locations
34%
TRAC Research, Inc
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
13. Executive Summary
Key challenges for making data actionable
Time spent correlating performance data
63%
Amount of performance data that is not relevant
61%
Number or "false positives"
UI is difficult to use
Number of false alerts
42%
38%
32%
TRAC Research, Inc
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
14. Key strategic goals of CIOs
Increase amount of IT resources available for
investing in innovation and new services
59%
Improve flexibility of IT infrastructure
49%
Reduce cost of managing IT
48%
Improve utilization of existing IT resources
Better align IT with business strategies/goals
38%
31%
TRAC Research, Inc
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
15. By the numbers...
64% of organizations reported that managing
network performance has become more complex
over last 12 months
Organizations are losing on average $72,000 per
minute of unplanned network downtime
48% of organizations reported that, on average,
they spend more than 60 minutes on repairing
performance issues - per incident
TRAC Research, Inc
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
16. Summary and key takeaways
Network is becoming more of a strategic asset
Traditional tools are not as effective in managing
high speed networks
Proactive management of network performance
results in measurable business benefits
Organizations are looking to improve their ability
for managing performance of VoIP and other realtime applications
Quality of user experience is becoming a key metric
for monitoring network performance
TRAC Research, Inc
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
17. Network Forensics
NPM at 10G and Beyond
Copyright 2014 – All rights reserved
© WildPackets, Inc.
www.wildpackets.com
17
18. What is Network Forensics ?
• Marcus Ranum is credited with defining Network
Forensics as “the capture, recording, and analysis of
network events in order to discover the source of
security attacks or other problem incidents.”
(wikipedia)
• It’s not like TV – employ forensics before the “crime”
- network traffic is transmitted and then lost, leaving
no clues behind
• Other names: packet mining, packet forensics, digital
forensics
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
19. Network Forensics Drivers
• Faster networks/greater data volumes
‒ 10/40G adoption grew 62% in 2012
‒ 75% of the investments in networking are for 10G1
• Richer data
• Subtler and more malicious security threats
‒
‒
‒
‒
Zero-day attacks
APTs (Advanced Persistent Threats)
75% of data breaches financially motivated
66% of breaches took months or longer to discover2
• Sampled data and high-level stats
‒ Flow-based network monitoring vs. detailed DPI analysis
1
http://www.infonetics.com/pr/2013/2H12-Networking-Ports-Market-Highlights.asp
2 http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2013_en_xg.pdf
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
19
20. Why Forensics?
• Validate what your logs are telling you
• Generate alarms/alerts on data you’ll never find in
logs
• Invest time analyzing, not reproducing
• Immediately begin investigating the issue – you have
a recording of the incident!
• Isolate key data – from multi-TB archives - rapidly
and intuitively
• Understand the depth of penetration for any incident
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
21. Configuring Your Network for
Forensics
Copyright 2014 – All rights reserved
© WildPackets, Inc.
www.wildpackets.com
21
22. Requirements for a Network Forensics Solution
• Capturing and recording data
‒
‒
‒
‒
10/40G network support
No dropped packets – 100% fidelity
Continuously available
Always test in your environment
• Discovering data
‒ Timely results delivery
‒ Filtering for IP addresses, applications, etc.
• Analyzing data
‒ Automated analysis – Expert events
‒ Simple, intuitive workflow
‒ Data visualization from multiple perspectives
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
22
23. 10G Network Analysis Workflow
Deploy 24x7
Monitoring
Identify Key
Analysis Pts
NO
Alarms/
Alerts
Problem?
YES
Rewind
Data
#wp_networkperformance
Analyze
Changing Landscape in Network Performance Monitoring
Tune if
Necessary
© WildPackets, Inc.
24. A Solution for Every Network
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
24
25. Forensic Analysis – Capturing An Attack
2. Data Recorder records
and aggregates data
throughout attack
IDS/IPS System
3. Event logged, attack
partially tracked by IDS
Servers
1. Attack
bypasses firewall
#wp_networkperformance
4. Post event analysis reveals
attacker, method, damage!
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
27. Tracing a Server Attack
Security solution raises alert about unusual server
activity on 10.4.3.248
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
27
28. Tracing a Server Attack (cont.)
Network forensics records all network traffic,
providing detail at the time of the CIFS burst, and its
consequences
Three more systems now
need to be added to the
quarantine list
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
28
29. Demonstrating Security Compliance
• Sensitive data should never be sent in the clear
• “Negative” filters can be used to capture only
packets that display a given set of characteristics –
like numeric strings with a format xxx-xx-xxxx
You hope to
never see
this!
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
29
30. Transaction Verification
• Verify transactions that are called into
question
‒ All routing information is preserved
‒ All data is preserved
• Verify online transactions
‒ Capture and store traffic containing credit card
transactions
‒ Easily determine whether an authorization of
denial was transmitted correctly
‒ Easily determine if guidelines are being
properly followed in authorizations or denials
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
30
32. Best Practices for Network Forensics
Capturing Network Traffic
1. Capture traffic continuously
2. Deploy a solution that captures traffic reliably
3. Set up filters to catch anomalies
Storing Traffic
4. Allocate sufficient storage for the volume of data
being collected
5. Adjust file sizes for the desired performance
optimization
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
32
33. Best Practices for Network Forensics
(cont.)
Analyzing Traffic
6. Select a network forensics solution that supports
filters and searches that are fast, flexible, and
precise
7. Record baseline measurements of network
performance
8. Use filters to zoom in on the problem at hand
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
33
34. Q&A
Show us your tweets!
Use today’s webinar hashtag:
Follow us on SlideShare!
#wp_networkperformance
Check out today’s slides on SlideShare
www.slideshare.net/wildpackets
with any questions, comments, or feedback.
Follow us @wildpackets
Copyright 2014 – All rights reserved
© WildPackets, Inc.
www.wildpackets.com
36. Corporate Background
• Experts in network monitoring, analysis, and troubleshooting
‒ Founded: 1990 / Headquarters: Walnut Creek, CA
‒ Offices throughout the US, EMEA, and APAC
• Customers spanning leading edge organizations
‒ Mid-market and enterprise lines of business
‒ Financial, manufacturing, ISPs, major federal agencies,
state and local governments, universities
‒ Over 7,000 customers / 60+ countries / 80% of Fortune 1,000
• Award-winning solutions that improve network performance
‒ Internet Telephony, Network Magazine, Network Computing awards
‒ United States Patent 5,787,253 issued July 28, 1998
• “Apparatus and Method of Analyzing Internet Activity”
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
37. Why Our Customers Need Us
• VoIP, video, cloud, virtualization, and key business
applications are saturating critical network services
• Evolving network technologies create discontinuities
‒ 1 Gig 10 Gig 40 Gig 100 Gig networks
‒ Wireless, BYOD initiatives
• Users and business can not tolerate network
problems for mission critical services
Increasing demand for better real-time network visibility,
network analytics, network forensics, and DPI
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
38. How We Create Value
We provide innovative, industry-leading, real-time
network performance management solutions
‒ Easy-to-use, easy-to-learn user interface
‒ Uniquely extensible solutions
‒ Wireless network leadership
‒ Detailed analytics related to network applications
‒ Fastest network traffic capture appliance in its class
‒ Technical superiority at competitive price point
WildPackets has continually advanced its solution to meet the needs of its
customers
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
39. Unprecedented Network Visibility
NETWORK HEALTH
GLOBAL
WatchPoint can manage and report on key
device performance and availability across
the entire network, from anywhere on the network.
UNDERSTAND END-USER PERFORMANCE
DISTRIBUTED
Omnipliance network analysis and recorder appliances monitor
and analyze performance across critical network
segments, virtual environments, and remote sites.
PINPOINT NETWORK ISSUES ANYWHERE
PORTABLE
Omnipliance Portable can rapidly identify and troubleshoot
issues before they become major problems—wired or
wireless—down the hall or across the globe.
ROOT-CAUSE ANALYSIS
DPI
#wp_networkperformance
OmniPeek network analyzer performs deep packet inspection
and can reconstruct all network activity, including e-mail and
IM, as well as analyze VoIP and video traffic quality.
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
40. A History of Innovation
2001
2005
2009
2011
• First 802.11
wireless analyzer
• First network
analyzer with
automated expert
analysis
Combined
distributed
network and
VoIP
network
analysis
Innovative
dashboard
with drill-down for
VoIP
and video
• Total visibility with
zero packet loss
• First wireless
network analyzer to
support capture and
analysis of 802.11n
3-stream wireless
2008
2010
2012
2013
Distributed real-time
Enterprise-wide
troubleshooting Monitoring and Reporting
First to achieve 11
Gbps sustained
capture-to-disk
• Capture, record, and
analyze from 40G
network segments
• First wireless network
analyzer to support
801.11ac, k, r, u, v, w
Industry
leading
network
analysis and
recorder
appliances
2003
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
42. Omni Distributed Analysis Platform
OmniPeek
Enterprise Packet Capture, Decode and Analysis
• Ethernet,1/10 Gigabit, 802.11, and voice and video over IP
• Portable capture and OmniEngine console
• Aggregate analysis data across multiple capture points
Omnipliance
Network Analysis and Recorder Appliances
• High-performance packet capture and real-time analysis
• Stream-to-disk for forensics analysis
• Integrated OmniAdapter network analysis cards up to 40G
WatchPoint
Centralized Enterprise Network Monitoring Appliance
• Aggregation and graphical display of network data
• WildPackets OmniEngines
• NetFlow and sFlow
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
43. Omni Distributed Analysis Platform
Software and Turnkey Solutions
• Enterprise monitoring and reporting
‒ WatchPoint Server
‒ OmniFlow, NetFlow, and sFlow Collectors
• Network Analysis and Recorder Appliances
‒ Omnipliance CX, MX, TL
‒ Optional OmniStorage
‒ OmniAdapter analysis cards
• Distributed analysis software
‒ OmniPeek – Enterprise, Professional, Basic, Connect
‒ OmniPeek Remote Assistant
‒ OmniEngine Enterprise
• Portable solutions
‒ OmniPeek network analyzer
‒ Omnipliance Portable
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
44. OmniPeek Network Analyzer
• Distributed analysis manager
– Connect to and configure distributed OmniEngines and Omnipliances,
• Comprehensive dashboards present network traffic in real-time
– Vital statistics and graphs display trends on network and application
performance
– Visual peer-map shows conversations and protocols
– Intuitive drill-down for root-cause analysis of performance bottlenecks
• Visual Expert diagnosis speeds problem resolution
– Packet and payload visualizers provide business-centric views
• Automated analytics and problem detection 24/7
– Easily create filters, triggers, scripting, advanced alarms, and alerts
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
45. OmniPeek Remote Assistant
Distributed, End-user Packet Capture Made Simple
• Simple to deploy, simple to use
‒ Remote push, download from server, or even
email
‒ Simple user interface - eliminates confusion for
end user
‒ Full fidelity capture - see exactly what the PC
sees
‒ Wired or wireless
Trouble call from remote site network response is slow.
• Encrypted file
‒ Only the analyst can open it
‒ Different encryption keys for different locations
or customers
User downloads and installs
OmniPeek Remote. Encrypted capture
data sent back for analysis.
• Detailed client-side/end-user experience
analysis
• Perfect for Tech Support or IT Desktop
support
#wp_networkperformance
Network analyst uses OmniPeek
Enterprise to quickly troubleshoot
problem without leaving the office.
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
46. OmniWiFi USB WLAN Capture Adapter
• A single device for all WLAN packet capture needs
• Driver included with Omni v7.9 CDs
• Tested and supported with OmniPeek and OmniEngine
• Product features:
•
•
•
•
•
•
USB device with extension cable
Dual band operation – 2.4GHz and 5GHz
Supports all standard international 802.11 channels (a/b/g/n)
Supports 802.11n - 3 transmit/receive streams (450Mbps)
Supports 802.11n 20MHz and 40MHz channel operation
Supports multi-channel aggregation and roaming
• Technical Details:
‒ Size (LWH): 6 inches, 1.5 inches, 5.5 inches
‒ Weight: 5.6 ounces
NOTE:
• Capture ONLY – no network services
• Does not capture 802.11ac
• Available via Amazon - $99/each
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
47. New Network Analysis and Recorder Appliances
Powerful
Precise
Affordable
The new family of WildPackets Network Analysis and Recorder
appliances gives IT organizations powerful and precise analysis of
high-speed networks in an affordable solution with half the
hardware footprint of rival offerings.
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
48. Powerful
‒ Fastest network recorder in its class! Captures traffic up to 20Gbps of realworld traffic (all size packet distribution)
‒ Scales up to 128 TB of storage
‒ Provides simultaneous real-time analysis and a comprehensive Forensic
Search that rapidly searches through terabytes of captured traffic for the
details relevant to an investigation
Precise
‒ Captures complete network traffic, so you can analyze everything, not just
samples or high-level statistics
‒ Doesn’t drop packets or sacrifice accuracy for speed
‒ Supports rich, detailed analysis, including VoIP and video-over-IP traffic
Affordable
‒ Delivers outstanding price/performance (lower price; half the rack space)
‒ Allows mix of 1G/10G/40G interfaces without buying extra appliances
‒ Solutions start at $16,995
Your network is bigger and faster. Now your analysis solution is, too.
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
49. Omnipliance TL
Industry Leading Network Analysis and Recorder Appliance
• Sets a new standard in capture-to-disk speeds
‒ 20Gbps sustained capture to disk rate with zero packet drop
• Best price/performance Network Analysis Appliance
in the market
‒ 20Gbps with only one Omnipliance TL + OmniStorage
‒ Consuming less rack space, less cooling, less electrical power
• Most flexible network interface offering
‒ 1G/10G/40G interfaces supported in a single unit eliminates
additional unit requirement
• Most accurate real-time analytics
‒ Packet-based processing and analysis vs. inaccurate samplebased calculation
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
50. WildPackets Network Analysis Recorder Appliances
Price/Performance Solutions for Every Application
Portable
Omnipliance CX
Omnipliance MX
Omnipliance TL
Ruggedized
Troubleshooting
Less Demanding Networks
Remote Offices
Datacenter Workhorse
Easily Expandable
Enterprise, HighlyUtilized Networks
Aluminum chassis / 17” LCD
1U rack mountable chassis
3U rack mountable chassis
3U rack mountable chassis
24GB RAM
16GB RAM
32GB RAM
64GB RAM
2 PCI-E Slots
2 PCI-E Slots
4 PCI-E Slots
4 PCI-E Slots
2 Built-in Ethernet Ports
2 Built-in Ethernet Ports
2 Built-in Ethernet Ports
2 Built-in Ethernet Ports
6TB Storage
4/8/16TB Storage
16/32TB Storage
32/48/64TB Storage
Optional OmniStorage:
32/48/64TB
Up to 128TB total Storage
OmniAdapter 1G and 10G
OmniAdapter 1G/10G MX
OmniAdapter 1G/10G MX
OmniAdapter 1G/10G/40G
6.5Gbps CTD
3.8Gbps CTD
8.8Gbps CTD
20Gbps CTD with
OmniStorage
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
51. WatchPoint
Centralized Monitoring for Distributed Enterprise Networks
•
High-level, aggregated
view of all network
segments
– Monitor per campus, per
region, per country
•
Wide range of network
data
– NetFlow, sFlow, OmniFlow
•
•
•
#wp_networkperformance
Web-based, customizable
network dashboards
Flexible detailed reports
Direct link to detailed,
packet-based analysis
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
52. Comprehensive Support and Services
Standard Support
Maintenance and upgrades
Telephone and email contacts
Knowledgebase
MyPeek Portal
Premier Support
24 x 7 x 365
Dedicated escalation manager
2 customer contacts per site
Plug-in reconfiguration assistance
WildPackets Training Academy
Public, web-based, and on-site classes
Complete curriculum: technology and product focused
Practical applications and labs covering network analysis,
wireless, VoIP monitoring and advanced troubleshooting
Consulting and Custom Development Services
Deployment, configuration, and assessment engagement
Systems integration and testing
Application integration, driver, decode, interface development
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
53. WildPackets Key Differentiators
• Visual Expert intelligence with intuitive drill-down
– Let computer do the hard work, and return results, real-time
– Packet /payload visualization is faster than packet-per-packet diagnostics
– Experts and analytics can be memorized and automated
• Automated capture analytics
– Filters, triggers, scripting, and advanced alarming system combine to provide
automated network problem detection 24x7
• Multiple issue network forensics
– Can be tracked by one or more people simultaneously
– Real-time or post capture
• User-extensible platform
– Plug-in architecture and SDK
• Aggregated network views and reporting
– NetFlow, sFlow, and OmniFlow
#wp_networkperformance
Changing Landscape in Network Performance Monitoring
© WildPackets, Inc.
55. Thank You!
WildPackets, Inc.
1340 Treat Boulevard, Suite 500
Walnut Creek, CA 94597
(925) 937-3200
Copyright 2014 – All rights reserved
© WildPackets, Inc.
www.wildpackets.com