The Changing Landscape in Network Performance Monitoring

www.wildpackets.com © WildPackets, Inc. Copyright 2014 – All rights reserved

Show us your tweets! Use today’s webinar hashtag:

#wp_networkperformance with any questions, comments, or feedback.

Follow us @wildpackets

Bojan Simic President and Principal Analyst TRAC Research

The Changing Landscape in Network Performance Monitoring

Jay Botelho Director of Product Management WildPackets

© WildPackets, Inc. Changing Landscape in Network Performance Monitoring #wp_networkperformance

Administration

• All callers are on mute ‒ If you have problems, please let us know via the Chat window

• There will be Q&A ‒ Feel free to type a question at any time

• Slides and recording will be available ‒ Notification within 48 hours via a follow-up email

2


Agenda

• NPM by the Numbers • Network Forensics for NPM • Configuring Your Network for Forensics • Customer Use Cases • Best Practices in Network Forensics • WildPackets Corporate Overview • WildPackets Product Line Overview

3


Network Performance Monitoring By The Numbers

4


NPM research- demographics

406 participants Company type: 70% - Enterprise 28% - Service Providers

Company size: 41% - Large organizations 38% - Medium 21% - Small

TRAC Research, Inc

Geography 56% - North America 24% - EMEA 14% - APAC


Top strategic goals for managing network performance

TRAC Research, Inc

22%

23%

42%

43%

53%

Reduce OPEX

Meet compliance requirements

Improve user experience

Improve ability to dynamically adapt tochanges in IT environments

Enable networks to support roll-outs of newtechnologies


Key IT initiatives impacting network performance

TRAC Research, Inc

48%

54%

59%

65%

66%

69%

72%

BYOD

Public Cloud services

Video conferencing

Virtual desktops

Enterprise Mobility

Big Data

VoIP


Ability to assess impact of new technology roll outs on network performance

41%

38%

21%

Fully meets goals Partially meets goals Doesn't meet goals

TRAC Research, Inc


Key challenges for network performance management

TRAC Research, Inc

29%

29%

35%

36%

41%

46%

Inability to identify potential performanceissues when designing the network

Difficulty determining next steps to take whena problem is detected

Oversubscribed network monitoring tools

Lack of visibility into the business impact ofnetwork performance

Lack of visibility into application performance

Inability to identify root cause of performanceproblems in a timely manner


31%

28%

25%

16%

0-20% 21-50% 51-80% 81-100%

Percent of performance incidents that are proactively prevented

TRAC Research, Inc


Key capabilities organizations are looking to deploy

TRAC Research, Inc

24%

27%

30%

30%

34%

39%

Ability to monitor VM-to-VM communications

Single platform for managing networkperformance and security

Access to network performance data based onjob role and level of responsibility

Ability to monitor impact of routing changeson network traffic activity

End-to-end visibility into applicationtransactions

Ability to analyze and report performanceissues at 10Gbps line rate


Key challenges for using packet capture solutions

TRAC Research, Inc

34%

40%

41%

51%

59%

Inability to collect packets at all networklocations

Lack of capabilities for analyzing / searchingrecorded network traffic

Inability to support 10Gb networks

Reliability of captured data

Number of dropped packets


Executive Summary

32%

38%

42%

61%

63%

Number of false alerts

UI is difficult to use

Number or "false positives"

Amount of performance data that is not relevant

Time spent correlating performance data

Key challenges for making data actionable

TRAC Research, Inc


31%

38%

48%

49%

59%

Better align IT with business strategies/goals

Improve utilization of existing IT resources

Reduce cost of managing IT

Improve flexibility of IT infrastructure

Increase amount of IT resources available forinvesting in innovation and new services

Key strategic goals of CIOs

TRAC Research, Inc


By the numbers... 64% of organizations reported that managing

network performance has become more complex over last 12 months Organizations are losing on average $72,000 per

minute of unplanned network downtime 48% of organizations reported that, on average,

they spend more than 60 minutes on repairing performance issues - per incident

TRAC Research, Inc


Summary and key takeaways Network is becoming more of a strategic asset Traditional tools are not as effective in managing

high speed networks Proactive management of network performance

results in measurable business benefits Organizations are looking to improve their ability

for managing performance of VoIP and other real-time applications Quality of user experience is becoming a key metric

for monitoring network performance

TRAC Research, Inc


Network Forensics NPM at 10G and Beyond

17


What is Network Forensics ? • Marcus Ranum is credited with defining Network

Forensics as “the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents.” (wikipedia)

• It’s not like TV – employ forensics before the “crime” - network traffic is transmitted and then lost, leaving no clues behind

• Other names: packet mining, packet forensics, digital forensics


Network Forensics Drivers

• Faster networks/greater data volumes ‒ 10/40G adoption grew 62% in 2012 ‒ 75% of the investments in networking are for 10G1

• Richer data • Subtler and more malicious security threats

‒ Zero-day attacks ‒ APTs (Advanced Persistent Threats) ‒ 75% of data breaches financially motivated ‒ 66% of breaches took months or longer to discover2

• Sampled data and high-level stats ‒ Flow-based network monitoring vs. detailed DPI analysis

19

1 http://www.infonetics.com/pr/2013/2H12-Networking-Ports-Market-Highlights.asp 2 http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2013_en_xg.pdf

http://www.infonetics.com/pr/2013/2H12-Networking-Ports-Market-Highlights.asp

http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2013_en_xg.pdf


Why Forensics?

• Validate what your logs are telling you • Generate alarms/alerts on data you’ll never find in

logs • Invest time analyzing, not reproducing • Immediately begin investigating the issue – you have

a recording of the incident! • Isolate key data – from multi-TB archives - rapidly

and intuitively • Understand the depth of penetration for any incident


Configuring Your Network for Forensics

21


Requirements for a Network Forensics Solution

• Capturing and recording data ‒ 10/40G network support ‒ No dropped packets – 100% fidelity ‒ Continuously available ‒ Always test in your environment

• Discovering data ‒ Timely results delivery ‒ Filtering for IP addresses, applications, etc.

• Analyzing data ‒ Automated analysis – Expert events ‒ Simple, intuitive workflow ‒ Data visualization from multiple perspectives

22


10G Network Analysis Workflow

Identify Key Analysis Pts

Deploy 24x7 Monitoring

Alarms/ Alerts

Problem?

Rewind Data Analyze Tune if

Necessary

NO

YES


A Solution for Every Network

24


Forensic Analysis – Capturing An Attack IDS/IPS System

1. Attack bypasses firewall

3. Event logged, attack partially tracked by IDS

2. Data Recorder records and aggregates data throughout attack

4. Post event analysis reveals attacker, method, damage!

Servers


Customer Use Cases

26


Tracing a Server Attack Security solution raises alert about unusual server

activity on 10.4.3.248

27


Tracing a Server Attack (cont.)

Network forensics records all network traffic, providing detail at the time of the CIFS burst, and its

consequences

28

Three more systems now need to be added to the

quarantine list


Demonstrating Security Compliance • Sensitive data should never be sent in the clear • “Negative” filters can be used to capture only

packets that display a given set of characteristics – like numeric strings with a format xxx-xx-xxxx

29

You hope to never see

this!


Transaction Verification

• Verify transactions that are called into question ‒ All routing information is preserved ‒ All data is preserved

• Verify online transactions ‒ Capture and store traffic containing credit card

transactions ‒ Easily determine whether an authorization of

denial was transmitted correctly ‒ Easily determine if guidelines are being

properly followed in authorizations or denials

30


Best Practices in Network Forensics

31


Best Practices for Network Forensics

Capturing Network Traffic 1. Capture traffic continuously 2. Deploy a solution that captures traffic reliably 3. Set up filters to catch anomalies Storing Traffic 4. Allocate sufficient storage for the volume of data

being collected 5. Adjust file sizes for the desired performance

optimization

32


Best Practices for Network Forensics (cont.)

Analyzing Traffic 6. Select a network forensics solution that supports

filters and searches that are fast, flexible, and precise

7. Record baseline measurements of network performance

8. Use filters to zoom in on the problem at hand

33


Q&A

Show us your tweets! Use today’s webinar hashtag:

#wp_networkperformance with any questions, comments, or feedback.

Follow us @wildpackets

Follow us on SlideShare! Check out today’s slides on SlideShare

www.slideshare.net/wildpackets


WildPackets Corporate Overview

Optimizing Network and Application Performance


Corporate Background • Experts in network monitoring, analysis, and troubleshooting

‒ Founded: 1990 / Headquarters: Walnut Creek, CA ‒ Offices throughout the US, EMEA, and APAC

• Customers spanning leading edge organizations ‒ Mid-market and enterprise lines of business ‒ Financial, manufacturing, ISPs, major federal agencies,

state and local governments, universities ‒ Over 7,000 customers / 60+ countries / 80% of Fortune 1,000

• Award-winning solutions that improve network performance ‒ Internet Telephony, Network Magazine, Network Computing awards ‒ United States Patent 5,787,253 issued July 28, 1998

• “Apparatus and Method of Analyzing Internet Activity”

Presenter

Presentation Notes

Founded in 1990, WildPackets develops network and application analysis solutions that enable organizations of all sizes to analyze, troubleshoot, optimize, and secure their wired and wireless networks, improving network and application performance. Our patented technology emerged in the early nineties with the award-winning EtherPeek network protocol analyzer. Today OmniPeek encompasses troubleshooting and analysis, of wired and wireless networks including 10 gigabit, 802.11n, and as well as VoIP and application performance analysis. WildPackets products are sold in over 60 countries through a broad network of channel and strategic partners. Our customers span all industrial sectors, including 80% of the Fortune 1000, including Boeing, Chrysler, Cisco, Comcast, EDS, Hewlett-Packard, Microsoft, Motorola, Nationwide, Siemens, Qualcomm, and Deutsche Bank. Strategic partners include Aruba, Atheros, Cisco, 3Com, Intel, Net Optics, and Gigamon.


Why Our Customers Need Us

• VoIP, video, cloud, virtualization, and key business applications are saturating critical network services

• Evolving network technologies create discontinuities ‒ 1 Gig 10 Gig 40 Gig 100 Gig networks ‒ Wireless, BYOD initiatives

• Users and business can not tolerate network problems for mission critical services

Increasing demand for better real-time network visibility, network analytics, network forensics, and DPI


How We Create Value

We provide innovative, industry-leading, real-time network performance management solutions

‒ Easy-to-use, easy-to-learn user interface ‒ Uniquely extensible solutions ‒ Wireless network leadership ‒ Detailed analytics related to network applications ‒ Fastest network traffic capture appliance in its class ‒ Technical superiority at competitive price point

WildPackets has continually advanced its solution to meet the needs of its customers


Unprecedented Network Visibility

ROOT-CAUSE ANALYSIS

OmniPeek network analyzer performs deep packet inspection and can reconstruct all network activity, including e-mail and IM, as well as analyze VoIP and video traffic quality.

PINPOINT NETWORK ISSUES ANYWHERE

Omnipliance Portable can rapidly identify and troubleshoot issues before they become major problems—wired or wireless—down the hall or across the globe.

UNDERSTAND END-USER PERFORMANCE Omnipliance network analysis and recorder appliances monitor and analyze performance across critical network segments, virtual environments, and remote sites.

NETWORK HEALTH

WatchPoint can manage and report on key device performance and availability across the entire network, from anywhere on the network.

GLOBAL

DISTRIBUTED

PORTABLE

DPI


A History of Innovation

2003 Distributed real-time

troubleshooting

2001 • First 802.11 wireless analyzer • First network analyzer with automated expert analysis

2005 Combined distributed network and VoIP network analysis

2008 Enterprise-wide

Monitoring and Reporting

2009 Innovative dashboard with drill-down for VoIP and video

2012 • Capture, record, and

analyze from 40G network segments

• First wireless network analyzer to support

801.11ac, k, r, u, v, w

2011 • Total visibility with zero packet loss • First wireless network analyzer to support capture and analysis of 802.11n 3-stream wireless

2010 First to achieve 11

Gbps sustained capture-to-disk

2013 Industry leading

network analysis and

recorder appliances


Product Line Overview


Omni Distributed Analysis Platform OmniPeek

Enterprise Packet Capture, Decode and Analysis

• Ethernet,1/10 Gigabit, 802.11, and voice and video over IP • Portable capture and OmniEngine console • Aggregate analysis data across multiple capture points

Omnipliance Network Analysis and Recorder Appliances

• High-performance packet capture and real-time analysis • Stream-to-disk for forensics analysis • Integrated OmniAdapter network analysis cards up to 40G

WatchPoint Centralized Enterprise Network Monitoring Appliance

• Aggregation and graphical display of network data • WildPackets OmniEngines • NetFlow and sFlow

Presenter

Presentation Notes

The OmniPeek Product Family offers both portable and distributed solutions for troubleshooting and optimizing enterprise networks and applications. OmniPeek network analyzers are used for portable analysis and troubleshooting, and the OmniPeek console connects to distributed OmniEngines, which analyze data at remote locations on the network. WatchPoint brings the data collection and Expert Analysis capabilities of the OmniPeek Product Family to an entirely new level by offering unprecedented visibility into network traffic trends and behavior across the entire enterprise.


Omni Distributed Analysis Platform Software and Turnkey Solutions

• Enterprise monitoring and reporting ‒ WatchPoint Server ‒ OmniFlow, NetFlow, and sFlow Collectors

• Network Analysis and Recorder Appliances ‒ Omnipliance CX, MX, TL ‒ Optional OmniStorage ‒ OmniAdapter analysis cards

• Distributed analysis software ‒ OmniPeek – Enterprise, Professional, Basic, Connect ‒ OmniPeek Remote Assistant ‒ OmniEngine Enterprise

• Portable solutions ‒ OmniPeek network analyzer ‒ Omnipliance Portable


OmniPeek Network Analyzer • Distributed analysis manager

– Connect to and configure distributed OmniEngines and Omnipliances,

• Comprehensive dashboards present network traffic in real-time – Vital statistics and graphs display trends on network and application

performance – Visual peer-map shows conversations and protocols – Intuitive drill-down for root-cause analysis of performance bottlenecks

• Visual Expert diagnosis speeds problem resolution – Packet and payload visualizers provide business-centric views

• Automated analytics and problem detection 24/7 – Easily create filters, triggers, scripting, advanced alarms, and alerts


OmniPeek Remote Assistant Distributed, End-user Packet Capture Made Simple

• Simple to deploy, simple to use ‒ Remote push, download from server, or even

email ‒ Simple user interface - eliminates confusion for

end user ‒ Full fidelity capture - see exactly what the PC

sees ‒ Wired or wireless

• Encrypted file ‒ Only the analyst can open it ‒ Different encryption keys for different locations

or customers

• Detailed client-side/end-user experience analysis

• Perfect for Tech Support or IT Desktop support

Trouble call from remote site - network response is slow.

User downloads and installs OmniPeek Remote. Encrypted capture

data sent back for analysis.

Network analyst uses OmniPeek Enterprise to quickly troubleshoot problem without leaving the office.


OmniWiFi USB WLAN Capture Adapter • A single device for all WLAN packet capture needs

• Driver included with Omni v7.9 CDs

• Tested and supported with OmniPeek and OmniEngine

• Product features: • USB device with extension cable • Dual band operation – 2.4GHz and 5GHz • Supports all standard international 802.11 channels (a/b/g/n) • Supports 802.11n - 3 transmit/receive streams (450Mbps) • Supports 802.11n 20MHz and 40MHz channel operation • Supports multi-channel aggregation and roaming

• Technical Details: ‒ Size (LWH): 6 inches, 1.5 inches, 5.5 inches ‒ Weight: 5.6 ounces

• Available via Amazon - $99/each

NOTE: • Capture ONLY – no network services • Does not capture 802.11ac


New Network Analysis and Recorder Appliances

Powerful Precise Affordable

The new family of WildPackets Network Analysis and Recorder appliances gives IT organizations powerful and precise analysis of

high-speed networks in an affordable solution with half the hardware footprint of rival offerings.


Powerful

‒ Fastest network recorder in its class! Captures traffic up to 20Gbps of real-world traffic (all size packet distribution)

‒ Scales up to 128 TB of storage ‒ Provides simultaneous real-time analysis and a comprehensive Forensic

Search that rapidly searches through terabytes of captured traffic for the details relevant to an investigation

Precise ‒ Captures complete network traffic, so you can analyze everything, not just

samples or high-level statistics ‒ Doesn’t drop packets or sacrifice accuracy for speed ‒ Supports rich, detailed analysis, including VoIP and video-over-IP traffic

Affordable ‒ Delivers outstanding price/performance (lower price; half the rack space) ‒ Allows mix of 1G/10G/40G interfaces without buying extra appliances ‒ Solutions start at $16,995

Your network is bigger and faster. Now your analysis solution is, too.


Omnipliance TL Industry Leading Network Analysis and Recorder Appliance

• Sets a new standard in capture-to-disk speeds ‒ 20Gbps sustained capture to disk rate with zero packet drop

• Best price/performance Network Analysis Appliance in the market ‒ 20Gbps with only one Omnipliance TL + OmniStorage ‒ Consuming less rack space, less cooling, less electrical power

• Most flexible network interface offering ‒ 1G/10G/40G interfaces supported in a single unit eliminates

additional unit requirement

• Most accurate real-time analytics ‒ Packet-based processing and analysis vs. inaccurate sample-

based calculation


WildPackets Network Analysis Recorder Appliances Price/Performance Solutions for Every Application

Portable Omnipliance CX Omnipliance MX Omnipliance TL

Ruggedized Troubleshooting

Less Demanding Networks Remote Offices

Datacenter Workhorse Easily Expandable

Enterprise, Highly-Utilized Networks

Aluminum chassis / 17” LCD 1U rack mountable chassis 3U rack mountable chassis 3U rack mountable chassis

24GB RAM 16GB RAM 32GB RAM 64GB RAM

2 PCI-E Slots 2 PCI-E Slots 4 PCI-E Slots 4 PCI-E Slots

2 Built-in Ethernet Ports 2 Built-in Ethernet Ports 2 Built-in Ethernet Ports 2 Built-in Ethernet Ports

6TB Storage 4/8/16TB Storage 16/32TB Storage 32/48/64TB Storage Optional OmniStorage: 32/48/64TB Up to 128TB total Storage

OmniAdapter 1G and 10G OmniAdapter 1G/10G MX OmniAdapter 1G/10G MX OmniAdapter 1G/10G/40G

6.5Gbps CTD 3.8Gbps CTD 8.8Gbps CTD 20Gbps CTD with OmniStorage


WatchPoint Centralized Monitoring for Distributed Enterprise Networks

• High-level, aggregated view of all network segments

– Monitor per campus, per region, per country

• Wide range of network data

– NetFlow, sFlow, OmniFlow • Web-based, customizable

network dashboards • Flexible detailed reports • Direct link to detailed,

packet-based analysis


Comprehensive Support and Services Standard Support Maintenance and upgrades Telephone and email contacts Knowledgebase MyPeek Portal

Premier Support 24 x 7 x 365 Dedicated escalation manager 2 customer contacts per site Plug-in reconfiguration assistance

WildPackets Training Academy Public, web-based, and on-site classes Complete curriculum: technology and product focused Practical applications and labs covering network analysis,

wireless, VoIP monitoring and advanced troubleshooting

Consulting and Custom Development Services Deployment, configuration, and assessment engagement Systems integration and testing Application integration, driver, decode, interface development


WildPackets Key Differentiators • Visual Expert intelligence with intuitive drill-down

– Let computer do the hard work, and return results, real-time – Packet /payload visualization is faster than packet-per-packet diagnostics – Experts and analytics can be memorized and automated

• Automated capture analytics – Filters, triggers, scripting, and advanced alarming system combine to provide

automated network problem detection 24x7 • Multiple issue network forensics

– Can be tracked by one or more people simultaneously – Real-time or post capture

• User-extensible platform – Plug-in architecture and SDK

• Aggregated network views and reporting – NetFlow, sFlow, and OmniFlow

Presenter

Presentation Notes

Expert intelligence… real-time… automate alarms and actions. Verbally give examples: Here is what we actually do. TOOT! More highly evolved analytics than any other product.


24x7 Network Monitoring, Analysis, and Troubleshooting

Presenter

Presentation Notes

Simply put, at WildPackets we’ve created an extensible, scalable network platform that illuminates every part of your network. We show you what’s happening on every network segment--wired or wireless, LAN and WAN, even Gigabit. We’re not just capturing packets; we’re providing real-time expert analysis that identifies problems such as unresponsive servers, poor application performance for end users, DoS attacks, and more. The analysis is performed locally everywhere you have a network. At headquarters. In remote offices. WatchPoint and The OmniPeek Product Family: • Provides real-time troubleshooting of mission-critical network services • Covers entire enterprise networks, including network segments at remote offices • Gives engineers powerful analysis relevant to today’s networks • Secures diagnostic communications so analysis never compromises security • Optimizes diagnostic communications to minimize impact on networks using Intelligent Data Transport™ • Is flexible, scalable, and extensible to grow with network needs • Monitors and troubleshoots Voice and Video over IP applications without having to invest in stand-alone troubleshooting tools or special hardware • Monitors and analyzes remote network segments • Analyzes application performance in the context of overall network activity


Thank You!

WildPackets, Inc. 1340 Treat Boulevard, Suite 500 Walnut Creek, CA 94597 (925) 937-3200

The Changing Landscape in Network Performance Monitoring

Education

network performance

network performance

network locations34

performance data63

numbers network forensics

network traffic activity30

recorded network traffic40

potential performance