Computer networks today are cheaper and easier to manage than before, driven by the sheer affordability of Gigabit Ethernet on the wired front, and the ubiquity of gadgets and laptops enabled with Wi-Fi wireless networking. Moreover, backward compatibility means that upgrading is often a matter of swapping in the newer hardware, followed by a bare minimum of tests in most organizations.
Against this backdrop of convenience and compatibility, it is no wonder that businesses are reluctant to spend any of their limited IT budgets to more proactively manage what is increasingly perceived as a “low-end” infrastructure. As a one-time system administrator, I strongly feel that leaving the network completely unmonitored is myopic however, and represents a missed opportunity to advance multiple agendas for the IT department.
With this in mind, I want to highlight three compelling reasons to monitor your business network.
Detecting malware and botnets
One important tenet behind network traffic analysis is the ability to leverage it as an additional layer of security against the presence of malware. This is worth mentioning because the recent Target breach involved the use of a custom malware that could not apparently be detected by 40 different antimalware products. However, many modern botnets and malware report back to a command and control (C&C) server for new instructions, or to upload confidential data that have been pilfered.
[box type=”info”]“Keeping a close eye on [the] who and what of your network helps you quickly spot anomalies, identify issues and fix them.”[/box]
“Monitor network bandwidth and avoid network disasters. An intruder in the network is capable of causing heavy damages by means of data theft and bandwidth hog issues that impact network productivity,” says Praveen Manohar, Head Geek at SolarWinds. “Keeping a close eye on [the] who and what of your network helps you quickly spot anomalies, identify issues and fix them.”
It is hence evident that an analysis of network traffic with a competent deep-packet inspection tool could possibly detect a malware infection, or at least identify the presence of anomalous network traffic. For the latter, proper monitoring tools allows for the affected nodes to be swiftly identified, isolated, and investigated.
Eliminate bottlenecks and traffic hogs
Like how most real-life traffic gridlocks on the road develop, slow network performance may take a while before it is felt. Keeping a close tab on it allows the network administrator to be alerted to deteriorating network conditions before it is felt. This makes it possible for preemptive tweaks to be affected before employee productivity is impacted – and complains start pouring in.
Another advantage would be the ability to better manage day-to-day operations such as throttling certain classes of network traffic and selectively blocking some websites. Moreover, having access to detailed network statistics is also invaluable when seeking management for upgrading the network infrastructure, be it to purchase new hardware such as proxy server or WAN acceleration solution, or simply to increase the size of the Internet pipe.
Manohar has another take on this subject. “Warning users on occasions of trailing connectivity and providing a valid reason for non-availability of connection, aids in adding value to the user’s experience,” he noted. “To be able to achieve this, continuous Web monitoring is mandatory.”
To facilitate post-intrusion investigations
One final reason for keeping a close eye on the network would be to shed additional light in the event of a security breach. Depending on how they are deployed, network-monitoring tools can offer an independent take on the network activities leading up to a compromise, and to more precisely ascertain the extent of the damages.
Ultimately, the data can also be used to corroborate with digital forensics conducted on compromised hosts, where data could be deliberately deleted or tempered with to make backtracking difficult.
This is a sponsored post in conjunction with SolarWinds