Security and networking professionals agree that having comprehensive access to network packets traversing critical infrastructure is the gold standard when it comes to gathering intelligence for security and monitoring tools.
Gaining access to packet-level data within a public cloud environment presents a new set of challenges for NetOps and SecOps teams. Hardware-based approaches for packet access such as TAPs or SPAN ports no longer work. Multi-tenant public cloud environments require software agents and tunneling technology to capture and deliver packet streams to monitoring tools.
With this in mind, let's take a look at some of the use cases in which packet-level visibility in the cloud should be considered:
Flow logs made available by public cloud providers typically lack the ability to provide the actual data transferred in the suspect conversation. It's this payload visibility that is vital to "on-the-fly" forensics investigations. For example, in the event of a data breach, you need to be able to quickly understand what happened, how it happened and what systems or data sources were compromised. Packet-level information provides a complete and accurate historical record of network traffic, allowing you to reconstruct events and drill down to the actual network packets and pinpoint exactly what took place.
Security and Application Monitoring
An area where packet-level data is used extensively is for application performance and security monitoring. Techniques like Deep Packet Inspection (DPI) can be used to understand and interpret network messages between clients, web servers, and back-end services. DPI can be adapted to find the right messages, analyze the content and remove malformed or malicious content that was injected in order to break into the application. Similar techniques are applicable for security monitoring, where packet-level data can be leveraged to proactively detect suspicious activity and thwart potential cyber-attacks.
Packet Monitoring for Performance and Trouble Shooting
The key benefit of network packet visibility solutions is that they can provide deep network information that can be used in network diagnostics. If there is a problem, the packet-based approach is completely passive, so it doesn't burden the network or interfere with existing operations or services. This is very important, especially because nobody wants to overcomplicate existing problems by adding more network traffic to it.
Packet-based analysis has been designed specifically to reveal the "how" of the network. Rather than being about just the volume of traffic that flow records provide, these solutions expose vital details about performance and application response. Users can compare network latency with application latency. They can see the efficiency of TCP communications on their network. They can evaluate the performance of VoIP and video over the network and determine if these real time protocols are prioritized correctly.
Questions packet visibility can help answer:
- Is it the network or the application?
- Is the issue isolated to a single user, a single server, or the network overall?
- Are critical applications using network resources efficiently?
- Are critical functions, for example, user authentication, failing due to protocol issues?
Illuminate with IntellaCloud
Achieving packet-level visibility from the public cloud is possible with APCON's IntellaCloud. It offers elastic packet-level network visibility for public cloud environments. With IntellaCloud, you can access East-West cloud traffic and deliver optimized data streams to security and monitoring tools in the cloud and on-premise. IntellaCloud eliminates visibility gaps and enables your hybrid cloud initiatives.
To learn how to secure your hybrid network with elastic cloud visibility, visit www.apcon.com/software/intellacloud.