Are you managing your security and monitoring tools or are they managing you? We all want to say that WE are in control, right? Unfortunately, data from two recent Enterprise Management Associates (EMA) investigations indicate that this might not be the case.
The number of security and monitoring tools that IT personnel use is increasing. According to the EMA Network Management Megatrends 2016 Report, the average number of security and monitoring tools used by a “typical” enterprise (1,000 to 4,999 employees) ranges from four to 15 different tools. In 2014, the average enterprise used three to 10 different tools according to EMA. So in two years, there has been an increase of up to 30 percent in the number of tools.
This creates a number of challenges for IT, including proper access to quality monitoring data, and management complexities based on the volume and mixture of virtual and physical tools, as well as increased operational issues and costs.
An Ixia sponsored EMA survey last year showed that despite all of the tools, most (60 percent) enterprises felt they were not able to monitor their entire network. There were several reasons for this lack of coverage, but the number one reason stated (35 percent of respondents) was a shortage of data access (tap & SPAN) ports.
Getting access to monitoring data is important. But more tools means more contention for data feeds. When using SPAN ports, there could be a serious SPAN port contention issue due to an increased number of tools that are all vying for the same port and data. Directly connecting to the taps can also present geographic and logistic problems with respect to ensuring access to the data needed.
The growing volume of tools is also causing operational issues and increased costs. The 2016 survey by EMA indicated that 23 percent of respondents could not keep pace with the number of tools they currently use. This is understandable, as more tools increase maintenance activities like software updates, patch management, configuration for monitoring data, and network configurations for proper data filtering. For example, 49 percent of respondents said they change the locations from where they mirror traffic to their network tools more than 3 times per month. This creates lots of extra work and reduces productivity.
A third concern is that cloud networking is introducing a unique set of challenges. According to the 2016 Right Scale State of the Cloud Report, the average enterprise uses six cloud networks. Trying to monitor each of these networks is complicated. In fact, an Ixia survey found that 76 percent of respondents were either ‘concerned’ or ‘very concerned’ about the security of their cloud networks resulting from a lack of visibility into their cloud networks.
Aggregating data across physical and virtual networks can be even more frustrating. First, how do you access the cloud data, especially if you have six networks? Once you solve that issue, how are you going to analyze the data – physical tools or virtual tools? Then, how do you combine monitoring data from the virtual and physical networks to that you can see true performance and cost impacts for both networks? These are tough questions but management expects you to have an answer.
The survey also highlighted that close to 45 percent of the respondents spent more than half of their time configuring monitoring tools. Even worse is that while over 75 percent of the respondents think that complete visibility to their monitoring tools is important, almost 1/3 are not confident this is actually happening.
All of this impacts the long term cost of ownership, the ability to get proper data analytics, and adherence to regulatory compliance standards. So, what can you do about it? That is simpler than you might think. It’s called a visibility architecture.
A visibility architecture is an organized plan to understand what monitoring data you need, where it is coming from, and how best to optimize the flow of that data. A visibility architecture addresses these issues by ensuring that your security and monitoring tools get the right data at the right time, every time. In fact, in that same Ixia survey over 50 percent of respondents indicated that they most often discover a security breach through their network visibility solution.
Physical taps, virtual taps, and network packet brokers, the elements of a visibility architecture, are used to capture, organize, filter, and distribute data to the tools that need it most. This allows you to see into your physical or cloud networks and better understand what is really happening, while letting your monitoring and security tools to their job. It’s that easy.
Phil Trainor, Head of Security Business, APAC, Ixia