Delivering a Digital Experience That Doesn’t Compromise Security
How to get NetOps and SecOps working from the same data for shared goals.
There is no shortage of challenges for organizations in our increasingly digital universe. One of them is maintaining a high quality digital experience that customers and employees have come to expect without compromising security the organization needs to survive and thrive. This means aligning the interests of network and security operations teams who often find themselves in opposing corners as they try to do their jobs.
Every organization has to invest in security solutions to mitigate growing threats from increasingly sophisticated cyber criminals. The problem is that the security infrastructure you need to detect intrusions, block unwanted traffic, filter content, segment traffic, etc. can have a detrimental impact on network performance and undermine the user experience.
Consider the situation at one of our customers, where users started to complain that the performance of a critical application was becoming untenable. The application performance monitoring solution blamed the network, indicating that the application kept stalling because there was no available bandwidth to carry the application workloads to a cloud-based grid computing service for processing and then return the results.
NetOps team was stymied because the network monitoring within the datacenter indicated no capacity constraints during the events and neither did the VPN metrics from their service provider. This isolated the problem to somewhere within the DMZ security infrastructure — which was a big black hole from a network analytics perspective.
The symptoms and error messages visible to the SecOps team from logs led them to make changes that didn’t solve the problem. Therefore, the problem would reoccur, again and again — becoming more frequent over a period of 60 days without real resolution. Meanwhile, resentment across application, network and security teams grew and grew.
Bridging the Visibility Gap
This type of challenge is a sweet spot for Corvil’s network analytics platform. The same multi-hop visibility used to isolate degradation across load balancers, web servers, middleware, application services and databases, can be applied to firewalls and other complex, multi-vendor security infrastructure. Network Operations teams can measure the performance impact, pinpoint the source of degradation, provide latency targets by device or stack, and quickly troubleshoot errant behaviors.
In the case discussed above, Corvil Analytics measured the precise latency across firewalls, VPN proxy servers, and other devices in both directions, identified several unusual patterns and spikes in latency, microburst measurements and TCP retransmission errors. With all three teams looking at the same data and packet captures with their different skillsets, the problem was permanently resolved in short order. Interestingly, there wasn’t a single root cause. A bug in the anti-replay feature used to protect against DDoS attacks, some odd infrastructure configurations and application data being sent between 10GB and 1 GB ports had combined to wreak havoc on user experience. Therefore, it seems like fate or karma that security, networking and application skills had to align to resolve it — and that network data was the best place to start troubleshooting.
Assuring user experience and performance troubleshooting are not the only examples of the power of a shared data source. Corvil’s continuous packet capture and L2-L7 analysis data creates a rich source of information that can be used in multiple ways, incorporated into multiple workflows and integrated with different tools.
For example, SecOps teams can use Corvil Analytics to identify ‘leaks’ in firewalls and traffic anomalies that could indicate vulnerabilities or the first signs of a security breach that needs to be blocked. Going one step further, Corvil’s Security Analytics module expands on the security use cases supported by that single data source — enabling SecOps to see a prioritized list of suspicious user accounts, examine cloud usage, detect threats in real-time and rapidly investigate alerts.
With an open data sharing architecture, reduction of capital cost and operating expense of managing multiple, similar network-based tools can be achieved. By consolidating on Corvil, a global financial technology firm reduced the physical footprint of its network analytics by 71%.
We’re not saying we have all the solutions at Corvil, but we do provide a unique view of the network that underpins all other activity. We believe that as more and more digital transformations happen, the more they’ll understand that the siloed network and security tools they used in the old world are ill equipped for the new one. The reality is assuring performance without compromising security requires a solution that captures, decodes, and learns from network data, transforming it into intelligence for business, security and IT teams.
Download our ‘Service Assurance Through The DMZ’ data sheet to find out more.