Rami Rammaha, Senior Product Marketing ManagerMay 4, 2020
The only thing certain about today’s work environment is uncertainty and change. One primary inhibitor for organizations embracing any kind of transformation is network complexity. Complex networks are too expensive to operate and audit, and often have too many outages. According to a recent global survey of about 1,600 IT professionals by the Uptime Institute, network failure is rivaling power failure as a cause of downtime.1
Figure 1. Network failure versus power failure as a cause of downtime. Source: Uptime Institute 2019 Global Survey of Data Center Operators.
And the cost of outages is astronomical: According to the Cisco 2020 Global Networking Trends Report, the average cost per network outage is US$402,542 in the United States and US$212,254 in the United Kingdom.2 Further, the Uptime Institute survey found that one in ten major outages cost over $1 million.1
Figure 2. Reported cost of downtime incidents. Source: Uptime Institute 2019 Global Survey of Data Center Operators.
What Is the Correlation Between Visibility and Network Outages?
Outages are increasingly spanning multiple data centers as
users adopt hybrid infrastructure. Outages can be the result of breaches or attacks,
or network or application performance-related issues. Also, outages can be simply
the result of network misconfiguration. NetOps and SecOps agree that you can’t
manage, operate and troubleshoot what you can’t see — especially in a mixed
physical, virtual and cloud-based environment. So visibility must be
context-aware L3–7, delivering a multi-dimensional overview of
applications: visualization, identification and filtering of applications
running on the network, with rich attributes/metadata extraction and analysis
that examines the behavior of network, app and user.
How Does Pervasive Visibility Reduce Network Outages?
The lack of visibility, transparency and accountability are
key roadblocks to providing enhanced business productivity and quality of user
experience. In order to reduce outages, pervasive visibility must provide deep
and granular insight into the application or data in motion gaining critical
Identifying and Analyzing Data in Motion
Identification of data in motion goes beyond relying on TCP
port information. The visibility platform must offer deep packet inspection into
Layer 7 that automatically identifies thousands of common business, IT and
consumer applications as well as thousands of HTTP web applications. Identification
of traffic must include encrypted traffic, where decryption and encryption may be
required without disruption or performance impact to the network. Furthermore,
the visibility platform must provide rich attributes and metadata that shed
light on security and network status and help prevent breaches and poor
performance where NetFlow falls short. These rich sets of metadata include:
DNS parameters: Request/response,
queries and device identifiers HTTP: URL
identification, command response codes Identification: Social media user,
file and video names, SQL requests IMAP and SMTP: Email-based communications with sender and receiver addresses Service identification: Audio, video, chat and file transfers for VoIP
and messagingSIP and RTP: Session control and media transport for VoIP and messaging
By providing granular insight into the applications running
throughout the network, the visibility platform uncovers blind spots and reduces
the time and effort to capture and deliver relevant data for network, security,
compliance, IT audit and application teams.
The Gigamon Factor
Speed and deep packet visibility in extracting rich and meaningful metadata are key factors in reducing network outages. This includes decrypting and encrypting SSL/TLS flows where needed. Without these capabilities, the performance and security tools won’t be able to process the sheer volume of data crossing the network and identify the root cause(s) quickly and efficiently. For example, a network can be down due to DNS, but without extracting and providing the right DNS parameters to PCAP tools, it will take IT hours or days to determine and restore network availability.
Part of the Gigamon Visibility Platform, Application
Filtering Intelligence offers Layer 7 visibility and automatically
identifies application traffic from a growing list of more than 3,000
applications. With individual application traffic identification, security and
network teams can also zero in on performance issues more quickly and make the
distinction between high-value apps and ones needing fewer tools for coverage.
Application Filtering Intelligence doesn’t rely on Layer 4 (for example, TCP) port information, which can be easily spoofed. Instead, it’s powered by deep packet inspection. The classification is based on flow pattern matching, bi-directional flow correlation, heuristics and statistical analysis. Packet data is matched against analysis from researchers, which is constantly kept up to date. Of course, a significant portion of traffic on a modern network originates within users’ web browsers, so Application Filtering Intelligence also offers deep insights into HTTP traffic, identifying traffic from thousands of web applications.
Figure 3. Adopting Gigamon solutions can result in many benefits. Source: “ESG Economic Validation Report: Network Agility and Cost Management with Gigamon.”
The paper “Keep Networks Responsive and Secure with Gigamon Application Metadata Intelligence” highlights detailed network and security use cases.
ESG Economic Validation
As seen in Figure 3, ESG’s Economic Validation found that customers deploying Gigamon recognized substantial benefits including lower hardware costs, less time needed to analyze traffic for security, reduction in overall complexity, and improved business enablement.3 Customers looking to better manage and secure network traffic should consider deploying the Gigamon platform.
Network-related downtime is frequently estimated to be between 16 to 20 hours per end user per year. Companies deploying Gigamon find their downtime numbers reduced by 30–50 percent due to the efficiency and intuitiveness of the platform. While downtime hours recovered are not always fully measurable to the bottom line, a company of 5,000 employees that recovers just two hours per employee per year will recognize a savings of $290K annually.
2019 Annual Data Center Industry Survey Results. 2019. Uptime Institute. https://uptimeinstitute.com/2019-data-center-industry-survey-resultsCisco 2020 Global Networking Trends Report. 2020. Cisco. https://www.cisco.com/c/dam/m/en_us/solutions/enterprise-networks/networking-report/files/GLBL-ENG_NB-06_0_NA_RPT_PDF_MOFU-no-NetworkingTrendsReport-NB_rpten018612_5.pdfEconomic Validation: Analyzing the Economic Benefits of Gigamon. 2019. The Enterprise Strategy Group. https://www.gigamon.com/resources/resource-library/analyst-industry-reports/ar-esg-evv-gigamon.html
Hear from our experts on the latest trends and best practices to optimize your network visibility and analysis.
Continue the Discussion
People are talking about this in the Gigamon Community’s Networking group. Share your thoughts today.