In the linked SearchNetworking.com article, I outline seven challenges facing network owners. These items all involve a better understanding of one's network. Understanding network traffic helps meet performance, fault, security and compliance goals for large and small enterprises alike. However, it is exceedingly rare to find organizations that truly "understand" their network.
Despite living in an age of exceptionally fast CPUs, creative programmers and market opportunities, real network understanding seems to remain a mainly manual task. IT managers sometimes act as if they can simply buy a product and let it solve their networking problems. Practitioners who must keep the network functioning tend to face several real choices. They include 1) using the most simplistic measures to ensure that enough bandwidth is provisioned; 2) devoting a knowledgeable resource to performing manual analysis of network characteristics; or 3) hoping nothing bad happens but blaming "hackers" or "malware" when anything fails.
None of these options is really acceptable. Simplistic measurement fails to properly account for modern network conditions. Skilled network analysts are expensive and rare. Finally, as General Gordon Sullivan says, "hope is not a method."
Solution providers can address the seven challenges by balancing standard analytics against custom approaches. Standard analytics are important because they can help develop a "language" to describe a network, where certain "nouns, verbs and adjectives" are understood by all parties. With this language in place, unique answers can be described using the words applying to that network.
Solution providers that can meet the seven challenges are likely to build a devoted following, especially if they are flexible enough to meet the seventh item -- not another platform. Network owners do not want to deploy "yet another appliance." They would like to build upon the increasingly popular idea of deploying open solutions.
The term "open platform" refers to an operating system upon which provider code can be compiled and installed. Smart solution providers offer their products in a form that can be deployed on the customer's platform of choice. Tenable Network Security is an example of a company following this practice. Its download page lists links to Microsoft Windows, Mac OS X, Linux, FreeBSD, and Solaris packages of its Nessus vulnerability scanning software. Customers can install the software in virtual machines, on dedicated platforms, or even in suitable cloud providers.
Solution providers that can offer code for open platforms will find their products tested and fielded much faster than alternatives that require shipping, racking, cabling and configuring another 2U server in a remote data center.
Read about the seven challenges facing network owners in this tip from Richard Bejtlich.
About the author
Richard Bejtlich is director of incident response for General Electric and author of the TaoSecurity blog.