Network Forensics in a World of Faster Networks
April 18, 2014

Jay Botelho

Share this

Enterprises are relying more on their networks than ever before, but the volume of traffic on faster, higher bandwidth networks is outstripping the data collection and analysis capabilities of traditional network analysis tools. Yesterday's network analyzers – that were designed originally for 1G or slower networks – can't handle the increased amount of traffic, resulting in dropped packets and erroneous reports.

Earlier this year, WildPackets surveyed more than 250 network engineers and IT professionals to better understand how network forensics solutions were being used within the enterprise. Respondents hailed from organizations of all sizes and industries – with the plurality (30%) coming from the technology industry. Furthermore, 50% of all respondents identified themselves as network engineers, with 28% at the director-level or above.

According to the survey, 72% of organizations have increased their network utilization over the past year, resulting in slower problem identification and resolution (38%), less real-time visibility (25%) and more dropped packets leading to inaccurate results (15%).

What we found most interesting was that even though 66% of the survey respondents supported 10G or faster network speeds, only 40% of respondents answered affirmatively to the question "Does your organization currently have a network forensics solution in place?"

So what's the big deal? Not only do faster network speeds make securing and troubleshooting networks difficult, but also traditional network analysis solutions simply cannot keep up with the massive volumes of data being transported.

Organizations need better visibility of the data that are traversing their networks, and deploying a network forensics solution is the only way to gain 24/7 visibility into business operations while also analyzing network performance and IT risks with 100% reliability. Current solutions rely on sampled traffic and high-level statistics, which lack the details and hard evidence that IT engineers need to quickly troubleshoot problems and characterize security attacks.

With faster networks leading to a significant increase in the volume of data being transported - 74% of survey respondents have seen an increase in the volume of data traversing their networks over the last year - network forensics has become an essential IT capability to be deployed at every network location. The recent increase in security breaches is a perfect example of how the continued adoption of network forensics within the security operations center of organizations can be used to pinpoint breaches and infiltrations.

In the past, folks used to think that network forensics was synonymous with security incident investigations. But the results of our survey show that organizations are using these solutions for a variety of reasons. While 25% of respondents said they deploy network forensics for troubleshooting security breaches, almost an equal number (24%) cited verifying and troubleshooting transactions as the key function. 17% percent said analyzing network performance on 10G and faster networks was their main use for forensics, another 17% reported using the solution for verifying VoIP or video traffic problems, and 14% for validating compliance.

In addition, organizations said the biggest benefits of network forensics include: improved overall network performance (40%), reduced time to resolution (30%), and reduced operating costs (21%).

Enterprises recognize that network forensics provides them with the necessary visibility into their business operations, and with increased 40G and 100G network deployments forecast in the next year, network forensics will be a critical tool to gain visibility into these high-performing networks and troubleshoot issues when they arise. Based on the many uses of network forensics, it is expected that the gap between those deploying high speed networks and those deploying network forensics will shrink over the coming years.

Jay Botelho is Director of Product Management at WildPackets.

Jay Botelho is Director of Engineering at LiveAction
Share this

The Latest

July 09, 2020

Enterprises that halted their cloud migration journey during the current global pandemic are two and a half times more likely than those that continued their move to the cloud to have experienced IT outages that negatively impacted their SLAs, according to Virtana's latest survey report The Current State of Hybrid Cloud and IT ...

July 08, 2020

Every business has the responsibility to do their part against climate change by reducing their carbon footprint while increasing sustainability and efficiency. Harnessing optimization of IT infrastructure is one method companies can use to reduce carbon footprint, improve sustainability and increase business efficiency, while also keeping costs down ...

July 07, 2020

While the adoption of continuous integration (CI) is on the rise, software engineering teams are unable to take a zero-tolerance approach to software failures, costing enterprise organizations billions annually, according to a quantitative study conducted by Undo and a Cambridge Judge Business School MBA project ...

June 25, 2020

I've had the opportunity to work with a number of organizations embarking on their AIOps journey. I always advise them to start by evaluating their needs and the possibilities AIOps can bring to them through five different levels of AIOps maturity. This is a strategic approach that allows enterprises to achieve complete automation for long-term success ...

June 24, 2020

Sumo Logic recently commissioned an independent market research study to understand the industry momentum behind continuous intelligence — and the necessity for digital organizations to embrace a cloud-native, real-time continuous intelligence platform to support the speed and agility of business for faster decision-making, optimizing security, driving new innovation and delivering world-class customer experiences. Some of the key findings include ...

June 23, 2020

When it comes to viruses, it's typically those of the computer/digital variety that IT is concerned about. But with the ongoing pandemic, IT operations teams are on the hook to maintain business functions in the midst of rapid and massive change. One of the biggest challenges for businesses is the shift to remote work at scale. Ensuring that they can continue to provide products and services — and satisfy their customers — against this backdrop is challenging for many ...

June 22, 2020

Teams tasked with developing and delivering software are under pressure to balance the business imperative for speed with high customer expectations for quality. In the course of trying to achieve this balance, engineering organizations rely on a variety of tools, techniques and processes. The 2020 State of Software Quality report provides a snapshot of the key challenges organizations encounter when it comes to delivering quality software at speed, as well as how they are approaching these hurdles. This blog introduces its key findings ...

June 18, 2020

For IT teams, run-the-business, commodity areas such as employee help desks, device support and communication platforms are regularly placed in the crosshairs for cost takeout, but these areas are also highly visible to employees. Organizations can improve employee satisfaction and business performance by building unified functions that are measured by employee experience rather than price. This approach will ultimately fund transformation, as well as increase productivity and innovation ...

June 17, 2020

In the agile DevOps framework, there is a vital piece missing; something that previous approaches to application development did well, but has since fallen by the wayside. That is, the post-delivery portion of the toolchain. Without continuous cloud optimization, the CI/CD toolchain still produces massive inefficiencies and overspend ...

June 16, 2020

The COVID-19 pandemic has exponentially accelerated digital transformation projects. To better understand where IT professionals are turning for help, we analyzed the online behaviors of IT decision-makers. Our research found an increase in demand for resources related to APM, microservices and dependence on cloud services ...