SlideShare a Scribd company logo

Prepare for the Inevitable: A Best Practice Guide to Network Recording

Emulex Corporation
Emulex Corporation

For organizations that depend critically on their network for business continuity, dedicated network recording infrastructure is fast becoming an essential part of the data center make-up. But not all network recorders are equal. The right choice of recorder can help reduce the risk of unplanned downtime, drive down operational costs, improve time-to-value on new IT investments, manage the risk of security breach and kill off all manner of zombie trouble tickets that just refuse to lie down and die. The wrong choice can leave you more confused than when you started. In this webinar we’ll explore the different infrastructure options that organizations have for recording and mining historical network traffic. We'll explore what matters most when all the lights go off and share some best-practice insights gleaned from working with customers that run some of the largest and most critical data networks on the planet.

Technology
1 of 17
Download to read offline
© 2013 Emulex Corporation Network Recording Best Practice Fail-safe Network and Security Event Analysis Sri Sundaralingam – VP Product Management
2 Emulex Confidential - © 2013 Emulex Corporation Introducing Endace Products A division of Emulex World leader in packet capture and network recording 10+ year history selling network visibility to top-tier customers – Govt, HFT, telco and enterprise Global reputation for accuracy, scalability and performance
3 Emulex Confidential - © 2013 Emulex Corporation Investments in Network Health: 4 Categories 1. Prevention 2. Detection Detect things that may be bad and were missed by prevention tools; generate alerts Sit in the network and stop known bad things from happening 3. Response 4. Root cause Help engineers respond to any kind of network-related problem fast Enable engineers to understand exactly what happened and why 3 4 2 1 NPM APM SIEM Firewall Wan Ops NGF
4 Emulex Confidential - © 2013 Emulex Corporation Standard Corporate Investment Profile 1. Prevention 2. Detection 3. Response 4. Root cause 70% 0% 5% 25% 2 1 3 4 Characteristics • High alert & False +ive rate • Sample driven • Broad view, low granularity • Statistical analysis Characteristics • Signature based • Optimize for known • Static Issues • Hard to isolate problems • Long/indefinite TTR • Tools deployed after event • Intermittent problems Issues • Low bandwidth • Incomplete data • High price / low value
5 Emulex Confidential - © 2013 Emulex Corporation 70% 25% Impact of Investment ‘Imbalance’ 0% 5% Backlog of events in NOC and SOC Slow time-to-resolution on issues Delayed response to events High incidence of zombie tickets No ability to contain real problems Real risk of unplanned downtime
6 Emulex Confidential - © 2013 Emulex Corporation Intelligent Network Recording 60% 10% 10% 20% Improve operational productivity Improve confidence levels Reduce operational costs Ensures effective containment Reduce time-to-value on new IT Reduces risk of downtime
7 Emulex Confidential - © 2013 Emulex Corporation Who Values Accurate Network History? Network operations teams rely on network history for troubleshooting Network planning teams rely on accurate historical data for trending Network security teams need history for breach containment and forensics Compliance, legal and risk teams need history as evidentiary proof
8 Emulex Confidential - © 2013 Emulex Corporation What’s Important in Network Recording? Accuracy of recording Write-to-disk speed Storage capacity and flexibility Richness of indexing Effectiveness of workflow Platform flexibility
9 Emulex Confidential - © 2013 Emulex Corporation EndaceProbe™ INR Appliances Next generation sniffer 100% accurate traffic recording – Real 10 Gbps performance Up to 64 TB of local storage – Extensible via sledding or SAN Full flow-based traffic indexing – Including application classification Open and flexible – Endace Application dock – Programmable RESTful API
10 Emulex Confidential - © 2013 Emulex Corporation Total Datacenter Visibility
11 Emulex Confidential - © 2013 Emulex Corporation Detection ToolsDDoS IDS NPM Core routers and switches (connectivity) Firewalls (prevention) Corenetworkinfrastructure EndaceProbe Intelligent Network Recorders Data Center Network Visibility Stack APM Network Packet Brokers (aggregation) SIM NMS
12 Emulex Confidential - © 2013 Emulex Corporation Traffic Search and Retrieval - EndaceVision™ Web-based collaborative traffic search engine More than 20 indexed flow parameters – Includes application classification Rapid network-wide search Elegant investigation workflow Fast access to raw packets as required Local protocol decoding Integrated collaboration tools
13 Emulex Confidential - © 2013 Emulex Corporation Streamlining Workflow Workflow start with an event detected by 3rd party tool Analysts pivot between 3rd party dashboard and EndaceVision RESTful API integration further streamlines workflow
14 Emulex Confidential - © 2013 Emulex Corporation Network Retention Best Practice Where to record – Data center: aggregation links – DMZ: web and application gateways What to record – Full packet contents vs. headers – Full NetFlow records / metadata – Control plane vs. data plane How long to retain – 3 days complete history – 30+ days select history
15 Emulex Confidential - © 2013 Emulex Corporation Business Benefits Reduces time-to-resolution on events – Reduces impact and costs associated with unplanned network downtime Improves overall network performance and application delivery – Treating causes not symptoms Increases analyst productivity – Reduces opex burden – Allows team to scale for the future Closes a potential compliance loop hole Reduces overall capital exposure – One solution for netops and secops
16 Emulex Confidential - © 2013 Emulex Corporation Conclusions Network recording is essential for mission critical network environments where downtime costs real money Testing the fidelity of recording and the ease of search / retrieval before you invest is key Streamlining the investigation workflow for NetOps and SecOps users generates real measurable business value Dedicated, open recording infrastructure is more valuable and trustworthy than recording as a feature of another solution.
17 Emulex Confidential - © 2013 Emulex Corporation Thank you. sri.sundaralingam@emulex.com www.emulex.com

Recommended

Interop: The 10GbE Top 10
Interop: The 10GbE Top 10Interop: The 10GbE Top 10
Interop: The 10GbE Top 10Emulex Corporation
 
The Great IT Migration
The Great IT MigrationThe Great IT Migration
The Great IT MigrationEmulex Corporation
 
The Top 10 Business Reasons for 10GbE iSCSI
The Top 10 Business Reasons for 10GbE iSCSIThe Top 10 Business Reasons for 10GbE iSCSI
The Top 10 Business Reasons for 10GbE iSCSIEmulex Corporation
 
SC Magazine eSymposium: SIEM
SC Magazine eSymposium: SIEMSC Magazine eSymposium: SIEM
SC Magazine eSymposium: SIEMEmulex Corporation
 
Converged Data Center: FCoE, iSCSI and the Future of Storage Networking
Converged Data Center: FCoE, iSCSI and the Future of Storage NetworkingConverged Data Center: FCoE, iSCSI and the Future of Storage Networking
Converged Data Center: FCoE, iSCSI and the Future of Storage NetworkingEMC
 
Improving Incident Response: Building a More Efficient IT Infrastructure
Improving Incident Response: Building a More Efficient IT InfrastructureImproving Incident Response: Building a More Efficient IT Infrastructure
Improving Incident Response: Building a More Efficient IT InfrastructureEmulex Corporation
 
Acronym Soup – NFV, SDN, OVN and VNF
Acronym Soup – NFV, SDN, OVN and VNFAcronym Soup – NFV, SDN, OVN and VNF
Acronym Soup – NFV, SDN, OVN and VNFEmulex Corporation
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsEmulex Corporation
 

Recommended

Interop: The 10GbE Top 10
Interop: The 10GbE Top 10Interop: The 10GbE Top 10
Interop: The 10GbE Top 10Emulex Corporation
 
The Great IT Migration
The Great IT MigrationThe Great IT Migration
The Great IT MigrationEmulex Corporation
 
The Top 10 Business Reasons for 10GbE iSCSI
The Top 10 Business Reasons for 10GbE iSCSIThe Top 10 Business Reasons for 10GbE iSCSI
The Top 10 Business Reasons for 10GbE iSCSIEmulex Corporation
 
SC Magazine eSymposium: SIEM
SC Magazine eSymposium: SIEMSC Magazine eSymposium: SIEM
SC Magazine eSymposium: SIEMEmulex Corporation
 
Converged Data Center: FCoE, iSCSI and the Future of Storage Networking
Converged Data Center: FCoE, iSCSI and the Future of Storage NetworkingConverged Data Center: FCoE, iSCSI and the Future of Storage Networking
Converged Data Center: FCoE, iSCSI and the Future of Storage NetworkingEMC
 
Improving Incident Response: Building a More Efficient IT Infrastructure
Improving Incident Response: Building a More Efficient IT InfrastructureImproving Incident Response: Building a More Efficient IT Infrastructure
Improving Incident Response: Building a More Efficient IT InfrastructureEmulex Corporation
 
Acronym Soup – NFV, SDN, OVN and VNF
Acronym Soup – NFV, SDN, OVN and VNFAcronym Soup – NFV, SDN, OVN and VNF
Acronym Soup – NFV, SDN, OVN and VNFEmulex Corporation
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsEmulex Corporation
 
Network Forensics for Splunk, an Emulex presentation
Network Forensics for Splunk, an Emulex presentationNetwork Forensics for Splunk, an Emulex presentation
Network Forensics for Splunk, an Emulex presentationEmulex Corporation
 
Using NetFlow to Improve Network Visibility and Application Performance
Using NetFlow to Improve Network Visibility and Application PerformanceUsing NetFlow to Improve Network Visibility and Application Performance
Using NetFlow to Improve Network Visibility and Application PerformanceEmulex Corporation
 
Using Network Recording and Search to Improve IT Service Delivery
Using Network Recording and Search to Improve IT Service DeliveryUsing Network Recording and Search to Improve IT Service Delivery
Using Network Recording and Search to Improve IT Service DeliveryEmulex Corporation
 
Introducing Endace Packets - EndaceVision™ with Protocol Decodes
Introducing Endace Packets - EndaceVision™ with Protocol DecodesIntroducing Endace Packets - EndaceVision™ with Protocol Decodes
Introducing Endace Packets - EndaceVision™ with Protocol DecodesEmulex Corporation
 
Linked in Twitter Facebook Google+ Email Embed Share Flash Across Virtualized...
Linked in Twitter Facebook Google+ Email Embed Share Flash Across Virtualized...Linked in Twitter Facebook Google+ Email Embed Share Flash Across Virtualized...
Linked in Twitter Facebook Google+ Email Embed Share Flash Across Virtualized...Emulex Corporation
 
Tap DANZing - Arista Networks Redefining the Cost of Accessing Network Traffic
Tap DANZing - Arista Networks Redefining the Cost of Accessing Network TrafficTap DANZing - Arista Networks Redefining the Cost of Accessing Network Traffic
Tap DANZing - Arista Networks Redefining the Cost of Accessing Network TrafficEmulex Corporation
 
First Look Webcast: OneCore Storage SDK 3.6 Roll-out and Walkthrough
First Look Webcast: OneCore Storage SDK 3.6 Roll-out and WalkthroughFirst Look Webcast: OneCore Storage SDK 3.6 Roll-out and Walkthrough
First Look Webcast: OneCore Storage SDK 3.6 Roll-out and WalkthroughEmulex Corporation
 
Why I/O is Strategic for Convergence - with 451 Research
Why I/O is Strategic for Convergence - with 451 ResearchWhy I/O is Strategic for Convergence - with 451 Research
Why I/O is Strategic for Convergence - with 451 ResearchEmulex Corporation
 
Emulex and the Evaluator Group Present Why I/O is Strategic for Big Data
Emulex and the Evaluator Group Present Why I/O is Strategic for Big Data Emulex and the Evaluator Group Present Why I/O is Strategic for Big Data
Emulex and the Evaluator Group Present Why I/O is Strategic for Big Data Emulex Corporation
 
Emulex and IDC Present Why I/O is Strategic for the Cloud
Emulex and IDC Present Why I/O is Strategic for the Cloud Emulex and IDC Present Why I/O is Strategic for the Cloud
Emulex and IDC Present Why I/O is Strategic for the Cloud Emulex Corporation
 
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...Emulex Corporation
 
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...Emulex Corporation
 
Emulex and Enterprise Strategy Group Present Why I/O is Strategic for Virtual...
Emulex and Enterprise Strategy Group Present Why I/O is Strategic for Virtual...Emulex and Enterprise Strategy Group Present Why I/O is Strategic for Virtual...
Emulex and Enterprise Strategy Group Present Why I/O is Strategic for Virtual...Emulex Corporation
 
Introducing OneCommand Vision 3.0, I/O management that gives your application...
Introducing OneCommand Vision 3.0, I/O management that gives your application...Introducing OneCommand Vision 3.0, I/O management that gives your application...
Introducing OneCommand Vision 3.0, I/O management that gives your application...Emulex Corporation
 
Emulex Presents Why I/O is Strategic Global Survey Results
Emulex Presents Why I/O is Strategic Global Survey ResultsEmulex Presents Why I/O is Strategic Global Survey Results
Emulex Presents Why I/O is Strategic Global Survey ResultsEmulex Corporation
 
Integrating and Optimizing Suricata with FastStack™ Sniffer10G™
Integrating and Optimizing Suricata with FastStack™ Sniffer10G™Integrating and Optimizing Suricata with FastStack™ Sniffer10G™
Integrating and Optimizing Suricata with FastStack™ Sniffer10G™Emulex Corporation
 
Optimizing Performance of your Oracle Database using 8Gb Fibre Channel
Optimizing Performance of your Oracle Database using 8Gb Fibre ChannelOptimizing Performance of your Oracle Database using 8Gb Fibre Channel
Optimizing Performance of your Oracle Database using 8Gb Fibre ChannelEmulex Corporation
 
An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...
An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...
An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...Emulex Corporation
 
How to Increase Performance and Virtualization Efficiency with Emulex 16Gb FC...
How to Increase Performance and Virtualization Efficiency with Emulex 16Gb FC...How to Increase Performance and Virtualization Efficiency with Emulex 16Gb FC...
How to Increase Performance and Virtualization Efficiency with Emulex 16Gb FC...Emulex Corporation
 
Maximize Server Refresh Revenue with Emulex 8GB Fibre Channel and the Emulex ...
Maximize Server Refresh Revenue with Emulex 8GB Fibre Channel and the Emulex ...Maximize Server Refresh Revenue with Emulex 8GB Fibre Channel and the Emulex ...
Maximize Server Refresh Revenue with Emulex 8GB Fibre Channel and the Emulex ...Emulex Corporation
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 

More Related Content

More from Emulex Corporation

Network Forensics for Splunk, an Emulex presentation
Network Forensics for Splunk, an Emulex presentationNetwork Forensics for Splunk, an Emulex presentation
Network Forensics for Splunk, an Emulex presentationEmulex Corporation
 
Using NetFlow to Improve Network Visibility and Application Performance
Using NetFlow to Improve Network Visibility and Application PerformanceUsing NetFlow to Improve Network Visibility and Application Performance
Using NetFlow to Improve Network Visibility and Application PerformanceEmulex Corporation
 
Using Network Recording and Search to Improve IT Service Delivery
Using Network Recording and Search to Improve IT Service DeliveryUsing Network Recording and Search to Improve IT Service Delivery
Using Network Recording and Search to Improve IT Service DeliveryEmulex Corporation
 
Introducing Endace Packets - EndaceVision™ with Protocol Decodes
Introducing Endace Packets - EndaceVision™ with Protocol DecodesIntroducing Endace Packets - EndaceVision™ with Protocol Decodes
Introducing Endace Packets - EndaceVision™ with Protocol DecodesEmulex Corporation
 
Linked in Twitter Facebook Google+ Email Embed Share Flash Across Virtualized...
Linked in Twitter Facebook Google+ Email Embed Share Flash Across Virtualized...Linked in Twitter Facebook Google+ Email Embed Share Flash Across Virtualized...
Linked in Twitter Facebook Google+ Email Embed Share Flash Across Virtualized...Emulex Corporation
 
Tap DANZing - Arista Networks Redefining the Cost of Accessing Network Traffic
Tap DANZing - Arista Networks Redefining the Cost of Accessing Network TrafficTap DANZing - Arista Networks Redefining the Cost of Accessing Network Traffic
Tap DANZing - Arista Networks Redefining the Cost of Accessing Network TrafficEmulex Corporation
 
First Look Webcast: OneCore Storage SDK 3.6 Roll-out and Walkthrough
First Look Webcast: OneCore Storage SDK 3.6 Roll-out and WalkthroughFirst Look Webcast: OneCore Storage SDK 3.6 Roll-out and Walkthrough
First Look Webcast: OneCore Storage SDK 3.6 Roll-out and WalkthroughEmulex Corporation
 
Why I/O is Strategic for Convergence - with 451 Research
Why I/O is Strategic for Convergence - with 451 ResearchWhy I/O is Strategic for Convergence - with 451 Research
Why I/O is Strategic for Convergence - with 451 ResearchEmulex Corporation
 
Emulex and the Evaluator Group Present Why I/O is Strategic for Big Data
Emulex and the Evaluator Group Present Why I/O is Strategic for Big Data Emulex and the Evaluator Group Present Why I/O is Strategic for Big Data
Emulex and the Evaluator Group Present Why I/O is Strategic for Big Data Emulex Corporation
 
Emulex and IDC Present Why I/O is Strategic for the Cloud
Emulex and IDC Present Why I/O is Strategic for the Cloud Emulex and IDC Present Why I/O is Strategic for the Cloud
Emulex and IDC Present Why I/O is Strategic for the Cloud Emulex Corporation
 
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...Emulex Corporation
 
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...Emulex Corporation
 
Emulex and Enterprise Strategy Group Present Why I/O is Strategic for Virtual...
Emulex and Enterprise Strategy Group Present Why I/O is Strategic for Virtual...Emulex and Enterprise Strategy Group Present Why I/O is Strategic for Virtual...
Emulex and Enterprise Strategy Group Present Why I/O is Strategic for Virtual...Emulex Corporation
 
Introducing OneCommand Vision 3.0, I/O management that gives your application...
Introducing OneCommand Vision 3.0, I/O management that gives your application...Introducing OneCommand Vision 3.0, I/O management that gives your application...
Introducing OneCommand Vision 3.0, I/O management that gives your application...Emulex Corporation
 
Emulex Presents Why I/O is Strategic Global Survey Results
Emulex Presents Why I/O is Strategic Global Survey ResultsEmulex Presents Why I/O is Strategic Global Survey Results
Emulex Presents Why I/O is Strategic Global Survey ResultsEmulex Corporation
 
Integrating and Optimizing Suricata with FastStack™ Sniffer10G™
Integrating and Optimizing Suricata with FastStack™ Sniffer10G™Integrating and Optimizing Suricata with FastStack™ Sniffer10G™
Integrating and Optimizing Suricata with FastStack™ Sniffer10G™Emulex Corporation
 
Optimizing Performance of your Oracle Database using 8Gb Fibre Channel
Optimizing Performance of your Oracle Database using 8Gb Fibre ChannelOptimizing Performance of your Oracle Database using 8Gb Fibre Channel
Optimizing Performance of your Oracle Database using 8Gb Fibre ChannelEmulex Corporation
 
An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...
An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...
An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...Emulex Corporation
 
How to Increase Performance and Virtualization Efficiency with Emulex 16Gb FC...
How to Increase Performance and Virtualization Efficiency with Emulex 16Gb FC...How to Increase Performance and Virtualization Efficiency with Emulex 16Gb FC...
How to Increase Performance and Virtualization Efficiency with Emulex 16Gb FC...Emulex Corporation
 
Maximize Server Refresh Revenue with Emulex 8GB Fibre Channel and the Emulex ...
Maximize Server Refresh Revenue with Emulex 8GB Fibre Channel and the Emulex ...Maximize Server Refresh Revenue with Emulex 8GB Fibre Channel and the Emulex ...
Maximize Server Refresh Revenue with Emulex 8GB Fibre Channel and the Emulex ...Emulex Corporation
 

More from Emulex Corporation (20)

Network Forensics for Splunk, an Emulex presentation
Network Forensics for Splunk, an Emulex presentationNetwork Forensics for Splunk, an Emulex presentation
Network Forensics for Splunk, an Emulex presentation
 
Using NetFlow to Improve Network Visibility and Application Performance
Using NetFlow to Improve Network Visibility and Application PerformanceUsing NetFlow to Improve Network Visibility and Application Performance
Using NetFlow to Improve Network Visibility and Application Performance
 
Using Network Recording and Search to Improve IT Service Delivery
Using Network Recording and Search to Improve IT Service DeliveryUsing Network Recording and Search to Improve IT Service Delivery
Using Network Recording and Search to Improve IT Service Delivery
 
Introducing Endace Packets - EndaceVision™ with Protocol Decodes
Introducing Endace Packets - EndaceVision™ with Protocol DecodesIntroducing Endace Packets - EndaceVision™ with Protocol Decodes
Introducing Endace Packets - EndaceVision™ with Protocol Decodes
 
Linked in Twitter Facebook Google+ Email Embed Share Flash Across Virtualized...
Linked in Twitter Facebook Google+ Email Embed Share Flash Across Virtualized...Linked in Twitter Facebook Google+ Email Embed Share Flash Across Virtualized...
Linked in Twitter Facebook Google+ Email Embed Share Flash Across Virtualized...
 
Tap DANZing - Arista Networks Redefining the Cost of Accessing Network Traffic
Tap DANZing - Arista Networks Redefining the Cost of Accessing Network TrafficTap DANZing - Arista Networks Redefining the Cost of Accessing Network Traffic
Tap DANZing - Arista Networks Redefining the Cost of Accessing Network Traffic
 
First Look Webcast: OneCore Storage SDK 3.6 Roll-out and Walkthrough
First Look Webcast: OneCore Storage SDK 3.6 Roll-out and WalkthroughFirst Look Webcast: OneCore Storage SDK 3.6 Roll-out and Walkthrough
First Look Webcast: OneCore Storage SDK 3.6 Roll-out and Walkthrough
 
Why I/O is Strategic for Convergence - with 451 Research
Why I/O is Strategic for Convergence - with 451 ResearchWhy I/O is Strategic for Convergence - with 451 Research
Why I/O is Strategic for Convergence - with 451 Research
 
Emulex and the Evaluator Group Present Why I/O is Strategic for Big Data
Emulex and the Evaluator Group Present Why I/O is Strategic for Big Data Emulex and the Evaluator Group Present Why I/O is Strategic for Big Data
Emulex and the Evaluator Group Present Why I/O is Strategic for Big Data
 
Emulex and IDC Present Why I/O is Strategic for the Cloud
Emulex and IDC Present Why I/O is Strategic for the Cloud Emulex and IDC Present Why I/O is Strategic for the Cloud
Emulex and IDC Present Why I/O is Strategic for the Cloud
 
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
 
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
Get Better I/O Performance in VMware vSphere 5.1 Environments with Emulex 16G...
 
Emulex and Enterprise Strategy Group Present Why I/O is Strategic for Virtual...
Emulex and Enterprise Strategy Group Present Why I/O is Strategic for Virtual...Emulex and Enterprise Strategy Group Present Why I/O is Strategic for Virtual...
Emulex and Enterprise Strategy Group Present Why I/O is Strategic for Virtual...
 
Introducing OneCommand Vision 3.0, I/O management that gives your application...
Introducing OneCommand Vision 3.0, I/O management that gives your application...Introducing OneCommand Vision 3.0, I/O management that gives your application...
Introducing OneCommand Vision 3.0, I/O management that gives your application...
 
Emulex Presents Why I/O is Strategic Global Survey Results
Emulex Presents Why I/O is Strategic Global Survey ResultsEmulex Presents Why I/O is Strategic Global Survey Results
Emulex Presents Why I/O is Strategic Global Survey Results
 
Integrating and Optimizing Suricata with FastStack™ Sniffer10G™
Integrating and Optimizing Suricata with FastStack™ Sniffer10G™Integrating and Optimizing Suricata with FastStack™ Sniffer10G™
Integrating and Optimizing Suricata with FastStack™ Sniffer10G™
 
Optimizing Performance of your Oracle Database using 8Gb Fibre Channel
Optimizing Performance of your Oracle Database using 8Gb Fibre ChannelOptimizing Performance of your Oracle Database using 8Gb Fibre Channel
Optimizing Performance of your Oracle Database using 8Gb Fibre Channel
 
An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...
An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...
An Introduction to the Emulex Network Xceleration Solution – FastStack™ Sniff...
 
How to Increase Performance and Virtualization Efficiency with Emulex 16Gb FC...
How to Increase Performance and Virtualization Efficiency with Emulex 16Gb FC...How to Increase Performance and Virtualization Efficiency with Emulex 16Gb FC...
How to Increase Performance and Virtualization Efficiency with Emulex 16Gb FC...
 
Maximize Server Refresh Revenue with Emulex 8GB Fibre Channel and the Emulex ...
Maximize Server Refresh Revenue with Emulex 8GB Fibre Channel and the Emulex ...Maximize Server Refresh Revenue with Emulex 8GB Fibre Channel and the Emulex ...
Maximize Server Refresh Revenue with Emulex 8GB Fibre Channel and the Emulex ...
 

Recently uploaded

Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentMahmoud Rabie
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...amber724300
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 

Recently uploaded (20)

Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career Development
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 

Prepare for the Inevitable: A Best Practice Guide to Network Recording

  • 1. © 2013 Emulex Corporation Network Recording Best Practice Fail-safe Network and Security Event Analysis Sri Sundaralingam – VP Product Management
  • 2. 2 Emulex Confidential - © 2013 Emulex Corporation Introducing Endace Products A division of Emulex World leader in packet capture and network recording 10+ year history selling network visibility to top-tier customers – Govt, HFT, telco and enterprise Global reputation for accuracy, scalability and performance
  • 3. 3 Emulex Confidential - © 2013 Emulex Corporation Investments in Network Health: 4 Categories 1. Prevention 2. Detection Detect things that may be bad and were missed by prevention tools; generate alerts Sit in the network and stop known bad things from happening 3. Response 4. Root cause Help engineers respond to any kind of network-related problem fast Enable engineers to understand exactly what happened and why 3 4 2 1 NPM APM SIEM Firewall Wan Ops NGF
  • 4. 4 Emulex Confidential - © 2013 Emulex Corporation Standard Corporate Investment Profile 1. Prevention 2. Detection 3. Response 4. Root cause 70% 0% 5% 25% 2 1 3 4 Characteristics • High alert & False +ive rate • Sample driven • Broad view, low granularity • Statistical analysis Characteristics • Signature based • Optimize for known • Static Issues • Hard to isolate problems • Long/indefinite TTR • Tools deployed after event • Intermittent problems Issues • Low bandwidth • Incomplete data • High price / low value
  • 5. 5 Emulex Confidential - © 2013 Emulex Corporation 70% 25% Impact of Investment ‘Imbalance’ 0% 5% Backlog of events in NOC and SOC Slow time-to-resolution on issues Delayed response to events High incidence of zombie tickets No ability to contain real problems Real risk of unplanned downtime
  • 6. 6 Emulex Confidential - © 2013 Emulex Corporation Intelligent Network Recording 60% 10% 10% 20% Improve operational productivity Improve confidence levels Reduce operational costs Ensures effective containment Reduce time-to-value on new IT Reduces risk of downtime
  • 7. 7 Emulex Confidential - © 2013 Emulex Corporation Who Values Accurate Network History? Network operations teams rely on network history for troubleshooting Network planning teams rely on accurate historical data for trending Network security teams need history for breach containment and forensics Compliance, legal and risk teams need history as evidentiary proof
  • 8. 8 Emulex Confidential - © 2013 Emulex Corporation What’s Important in Network Recording? Accuracy of recording Write-to-disk speed Storage capacity and flexibility Richness of indexing Effectiveness of workflow Platform flexibility
  • 9. 9 Emulex Confidential - © 2013 Emulex Corporation EndaceProbe™ INR Appliances Next generation sniffer 100% accurate traffic recording – Real 10 Gbps performance Up to 64 TB of local storage – Extensible via sledding or SAN Full flow-based traffic indexing – Including application classification Open and flexible – Endace Application dock – Programmable RESTful API
  • 10. 10 Emulex Confidential - © 2013 Emulex Corporation Total Datacenter Visibility
  • 11. 11 Emulex Confidential - © 2013 Emulex Corporation Detection ToolsDDoS IDS NPM Core routers and switches (connectivity) Firewalls (prevention) Corenetworkinfrastructure EndaceProbe Intelligent Network Recorders Data Center Network Visibility Stack APM Network Packet Brokers (aggregation) SIM NMS
  • 12. 12 Emulex Confidential - © 2013 Emulex Corporation Traffic Search and Retrieval - EndaceVision™ Web-based collaborative traffic search engine More than 20 indexed flow parameters – Includes application classification Rapid network-wide search Elegant investigation workflow Fast access to raw packets as required Local protocol decoding Integrated collaboration tools
  • 13. 13 Emulex Confidential - © 2013 Emulex Corporation Streamlining Workflow Workflow start with an event detected by 3rd party tool Analysts pivot between 3rd party dashboard and EndaceVision RESTful API integration further streamlines workflow
  • 14. 14 Emulex Confidential - © 2013 Emulex Corporation Network Retention Best Practice Where to record – Data center: aggregation links – DMZ: web and application gateways What to record – Full packet contents vs. headers – Full NetFlow records / metadata – Control plane vs. data plane How long to retain – 3 days complete history – 30+ days select history
  • 15. 15 Emulex Confidential - © 2013 Emulex Corporation Business Benefits Reduces time-to-resolution on events – Reduces impact and costs associated with unplanned network downtime Improves overall network performance and application delivery – Treating causes not symptoms Increases analyst productivity – Reduces opex burden – Allows team to scale for the future Closes a potential compliance loop hole Reduces overall capital exposure – One solution for netops and secops
  • 16. 16 Emulex Confidential - © 2013 Emulex Corporation Conclusions Network recording is essential for mission critical network environments where downtime costs real money Testing the fidelity of recording and the ease of search / retrieval before you invest is key Streamlining the investigation workflow for NetOps and SecOps users generates real measurable business value Dedicated, open recording infrastructure is more valuable and trustworthy than recording as a feature of another solution.
  • 17. 17 Emulex Confidential - © 2013 Emulex Corporation Thank you. sri.sundaralingam@emulex.com www.emulex.com