Pipeline Publishing, Volume 5, Issue 5
This Month's Issue:
What's New in
Performance Management?
download article in pdf format
last page next page

Gateway to Traffic Intelligence
Providing Intelligence for Traffic Management & Security
back to cover

article page | 1 | 2 | 3 | 4 |

significance as they hit the SEM, and alerts and notifications can be immediately sent out to interested parties as warranted. Unfortunately, SEMs provide only basic correlation using security events, logs, and SNMP traps. Current SEMs are not designed to process millions of events per second, as they were designed and built for enterprise networks.

Finally, NBADs enable SOC efficiency by correlating and analyzing raw traffic flows and routing events, and are complementary to an SEM system. NBADs are capable of detecting a wide range of abnormalities and threats targeting data and routing, and are designed to correlate and process millions of events per second in real-time. Due to the wider and more complete view of the traffic activity and the associated network responsiveness, the NBAD system provides a unique insight into the attack preparation, propagation, and real breadth of the attack. Unfortunately, current NBADs are solely based on SNMP data, traffic flow records and routing events. They lack the deep visibility into traffic packets (as offered by DPI), the flexibility in creating customer policies (as offered by firewalls) and the knowledge of the attacker's identity.

Each of these solutions brings something novel and important from an operational perspective, either as a useful tool to better manage the traffic itself or as a fundamental security shield against an ever-growing number of threats. Although each of these products is needed to carry out a specific type of analysis and function, a system that leverages the strengths of each can dramatically improve operational efficiencies. A system that can correlate and analyze all the information captured and processed, interpret and cluster associated alerts, and manage the overall infrastructure as a whole (monitor, diagnose, act on the data collected from a large pool of such solutions) from a single console is even more powerful. This type of system is truly a "Gateway to Traffic Intelligence" (GTI).

Characteristics of a Comprehensive GTI System

A comprehensive GTI system is designed to offer a series of fundamental operational values that ensure a secure, scalable, and high-performance network. Firstly, it offers deep insight into the behavior of network protocols, applications and services from a network-wide perspective. With a GTI system in place, the operator has the ability to understand which services, applications, and even end users consume the most bandwidth, along with the performance metrics with which services are delivered. This function is typically provided by today's DPI products at a network link level. With a GTI, the operator is able to extend this knowledge to many links at the same time, thus gaining the global "network-wide" perspective.

A comprehensive GTI system is designed to offer a series of fundamental operational values that ensure a secure, scalable, and high-performance network.

.

The system also offers flexible normalization, scalable correlation and sophisticated statistical analysis of multi-typed information. It leverages the network infrastructure to provide the operator with 24/7 traffic monitoring and a prompt detection of traffic abnormalities. Such events are displayed with enriched records of information to enable the operator to carry out a thorough, easy and guided troubleshooting process.

A comprehensive GTI system provides extensive forensic analysis of traffic abnormalities, facilitated by close interaction with the underlying network infrastructure. It enables the operator to understand the nature of the anomaly; the life-cycle of the anomaly; the impact of such anomaly to protocol, services and applications being delivered (in terms of QoS) and customers affected (in terms of service-level agreements, or SLAs); the packet-payload; and the data, all by providing a fast query engine and extensive reporting to organize and distill data as required.

Powerful contextualization of information for easy identification of the cause of the problem is essential to a GTI system, as well. Usually, a problem manifests itself in many different shapes and forms. One problem can generate tens or even hundreds of alerts, making the troubleshooting process time-consuming for the operational personnel. The GTI system distills the vast amount of information, clusters alerts associated to the same problem, and pinpoints the cause of the problem for the operator. The operator is then able to take prompt action against the cause of the problem, thus saving precious time and diminishing the negative impact of the problem to the network and the associated customer perception.

A comprehensive GTI system offers the operator a complete view of the anomaly and provides a vast set of actions from which to choose. The system has an inherent ability to identify which actions can be executed on a given network element, which elements the operator should act on, and guides the operator as to what kind of actions to take.

A GTI system is also able to scale depending on the size of the network. It has the ability to process large volumes of data captured from many network elements in real-time.

Finally, a GTI system is highly modular, easy to manage to accommodate fast integration with third-party network infrastructure, and substantially cuts operational costs. It provides


article page | 1 | 2 | 3 | 4 |
last page back to top of page next page
 

© 2006, All information contained herein is the sole property of Pipeline Publishing, LLC. Pipeline Publishing LLC reserves all rights and privileges regarding
the use of this information. Any unauthorized use, such as copying, modifying, or reprinting, will be prosecuted under the fullest extent under the governing law.