A recent report predicts that home networks, remote working software and cloud systems will be at the center of a new wave of attacks in 2021.
Cybercriminals in 2021 will particularly look to home networks as a critical launch pad to compromising corporate IT and IoT networks.
To select a suitable network monitoring solution for your business, you need to think about a variety of factors. We’ve talked to several industry professionals to get their insight on the topic.
Richard Barretto, Director, Information Security, Progress
Network monitoring is essential for any organization with a network. Requirements may vary, but in general any IT team is going to need a single, comprehensive solution that shows the entire network in context and makes diagnosing network issues fast and easy.
An effective solution should be able to discover every device connected to the network, automatically generate a network map showing connections and give administrators an easy way to run device inventories and determine what should be monitored.
The solution should generate alerts for a myriad of network issues and support customizable thresholds, so the IT team can proactively respond before end users are impacted. It should monitor the entire network infrastructure (physical, virtual and cloud) while also supporting network traffic analysis, network and application performance monitoring, configuration management and log management. As well, the ability to automate common administrative tasks or implement self-healing actions will drastically reduce the workload of the IT team.
The importance of ease-of-use cannot be overstated! The solution also needs to be able to scale to meet future needs and should support widely geographically distributed networks. Integration with 3rd-party systems is also a key requirement, whether by out-of-the-box connectors or via a robust API.
John Paul Blaho, Director Product Marketing, Catchpoint
When approaching a network monitoring strategy, it’s important to first recognize that the specific technologies, mechanism, or policies within the network layer are not as important when viewed as individual components. What network operators must focus on is the collective experience and the effects that these components have on an end-user.
The key impacts that the network has on a customer or employee experience is on delayed or lost/hijacked/stolen performance and data. The best performing networks are secured and have absolute minimal disruption. A properly focused network performance management strategy is designed to ensure that they are kept to a minimum.
Many different components affect network performance, and a comprehensive network monitoring solution must not only be able to capture data on all, but also alert in real-time and provide the ability to quickly troubleshoot:
- Device / link availability
- Latency or delay
- Packet loss and retransmissions
- Errors and discards
- Device starving for resources
- Bandwidth / traffic
- Configuration changes
- Device link traffic
- Application architecture/design
- Network topology
- Number of transmitting nodes
Collecting and analyzing data for these is a key part of network management, which in turn is a vital component of any company that has a digital presence. The user’s digital experience is one of the most important areas of focus, measure and optimize in this ever-changing world. Network performance is the core to an excellent digital experience.
Yael Goldstein, Product Manager, Datadog
The shift from on-premise monolith applications to distributed microservices in the cloud introduces new monitoring challenges. When selecting a network monitoring solution, you need a tool that adapts to the complexity of your environment and is flexible enough to support your ongoing and future investments.
The following criteria are crucial to consider:
Application topology: In the cloud, network monitoring must be able to account for TCP and UDP application traffic over managed hardware. To quickly validate the health of this traffic and pinpoint suspicious, noncompliant, or inefficient dependencies, you need end-to-end visibility of your on-premise, hybrid, and cloud traffic — from physical datacenter equipment to virtual application communication.
Tagging for modern infrastructure: While traditional network monitoring tools focus on datacenter device health, a modern solution should enable you to troubleshoot communication between all network endpoints by autodetecting internal and cloud services, orchestrated containers, VPCs, and external APIs.
Unified Troubleshooting: Network issues can be the cause or consequence of poor application or infrastructure performance. For quick root cause analysis, select a tool that consolidates application, infrastructure, network, and security telemetry in a single pane of glass. Tools that present network data in terms that every engineer can understand, alongside application traces, logs, and stats about your third-party software and DNS health, can empower your team to reduce finger pointing and increase collaboration.
The first question is obviously checking the monitoring scope of the monitoring system – how comprehensive picture does it give you about your IT ecosystem’s health? Does it help you improve the MTTR of your team, keep your SLAs or verify SLAs from your service providers?
Two other criteria are often neglected, although they in fact validate if the product is doing its job in the long run.
One is – how fast can your team implement and run it – is it predefined, rule-based monitoring that is fast to install? How automated is network discovery and monitoring setup – to what extent it requires a manual, one-by-one implementation that comes with high initial consulting fees and training? Will you need a team member to tune it full-time in the long run as your network changes? How easy is it to transfer the system to be used by someone else? Is the system know-how kept in the software or in the human brain?
The third point is how well does it manage the monitoring noise – does it support event correlation, hierarchy, and grouping of incoming alerts, alerts escalation? You need to monitor everything, but you want to be bothered only about the critical events – everything else should be resolved automatically. This is what we expect from software today.
Steve Petryschuk, Technology Advocate, Auvik Networks
Through the years, IT teams have also become accustomed to their monitoring solution performing additional tasks, such as configuration management and network topology mapping. While there are no one-size-fits-all solutions in the world of network management, there are several key features you should keep in mind in the decision-making process.
- Ease of use: Network monitoring doesn’t need to be complicated. There are a range of network monitoring tools that vary from on-prem open source to cloud-based monitoring tools. When evaluating monitoring platforms, understand what level of investment you’re looking to make in managing the monitoring platform itself.
- Broad hardware and protocol support: The more hardware devices work “out of the box” with your network traffic monitor, the less complex initial configuration will be. Additionally, the more protocols the software supports, the more data you capture on traffic flows.
- Network mapping: By creating a network map, you’re better able to visualize and document your network’s layout. This enables better network visibility and allows for a deeper understanding of traffic flows.
- Robust security features: Keep security in mind when evaluating network monitoring software. Favor solutions that use secure protocols for monitoring, encrypt data at rest, support single sign-on (SSO) and multi-factor authentication (MFA), and can detect anomalies in network traffic (e.g., by using geolocation data).
Tej Redkar, Chief Product Officer, LogicMonitor
Today’s enterprise networks are built with multi vendor products and network services that span remote offices, data centers, and multiple cloud providers including Azure, Amazon Web Services and Google Cloud Platform. The legacy approach of relying on on-premises, appliance-based monitoring has proven to be highly inefficient and prone to security challenges due to the constant need to update software.
To modernize your networking monitoring approach, look for a comprehensive cloud-based network and IT infrastructure monitoring solution. A SaaS-based approach to IT monitoring, rather than a solution that requires agents to be installed, means your organization will have dramatically less overhead to maintain and will also require fewer headcount to run the solution on a day-to-day basis.
Choose a monitoring solution that is highly extensible, so that it can accommodate changing needs and a wide variety of current and future technology integrations. That means a rich API to easily ingest data from any type of resource (on-premises or cloud-based).
Other key features to look for include highly customizable dashboards, reporting, role-based access control, flow-based traffic visibility, topology and configuration monitoring. Make sure that your solution also has AIOps capabilities built in, such as root cause analysis, dynamic thresholds and automation to save your team time and help the organization reduce outages and unnecessary alerts.
AJ Singh, VP, Product Management, NinjaRMM
When choosing a network monitoring solution, it should fit within a multi-layered approach to security. Businesses have never faced such risks and there is no silver bullet, so each solution in the CISOs toolbox needs to provide both intelligence to act on and analysis to understand the problem.
Here are a few things to consider in your search for a network monitoring tool:
Cloud-based vs. On-prem
With the flexibility and low overhead of cloud-based tools, organizations can rapidly deploy new technology across increasingly multicloud environments at scale. On the other hand, on-prem tools can offer somewhat greater control and security in the event of a cloud-outage.
Support for multi-tenancy
If your infrastructure is spread out geographically, a good network monitoring solution can separate each location to provide visibility into how they are performing. Support for multi-tenancy will help pin-point problem devices so your team can remediate faster.
Traffic-flow monitoring
This is a critical feature that will help your organization stay compliant with security guidelines by identifying the users going to forbidden sites, the rogue endpoints that might be consuming too much bandwidth, configuration errors on endpoints or potential compromises, and help with capacity planning.
from Help Net Security https://ift.tt/3aCGW6t
0 comments:
Post a Comment