Network Forensics in a World of Faster Networks
April 18, 2014

Jay Botelho
LiveAction

Share this

Enterprises are relying more on their networks than ever before, but the volume of traffic on faster, higher bandwidth networks is outstripping the data collection and analysis capabilities of traditional network analysis tools. Yesterday's network analyzers – that were designed originally for 1G or slower networks – can't handle the increased amount of traffic, resulting in dropped packets and erroneous reports.

Earlier this year, WildPackets surveyed more than 250 network engineers and IT professionals to better understand how network forensics solutions were being used within the enterprise. Respondents hailed from organizations of all sizes and industries – with the plurality (30%) coming from the technology industry. Furthermore, 50% of all respondents identified themselves as network engineers, with 28% at the director-level or above.

According to the survey, 72% of organizations have increased their network utilization over the past year, resulting in slower problem identification and resolution (38%), less real-time visibility (25%) and more dropped packets leading to inaccurate results (15%).

What we found most interesting was that even though 66% of the survey respondents supported 10G or faster network speeds, only 40% of respondents answered affirmatively to the question "Does your organization currently have a network forensics solution in place?"

So what's the big deal? Not only do faster network speeds make securing and troubleshooting networks difficult, but also traditional network analysis solutions simply cannot keep up with the massive volumes of data being transported.

Organizations need better visibility of the data that are traversing their networks, and deploying a network forensics solution is the only way to gain 24/7 visibility into business operations while also analyzing network performance and IT risks with 100% reliability. Current solutions rely on sampled traffic and high-level statistics, which lack the details and hard evidence that IT engineers need to quickly troubleshoot problems and characterize security attacks.

With faster networks leading to a significant increase in the volume of data being transported - 74% of survey respondents have seen an increase in the volume of data traversing their networks over the last year - network forensics has become an essential IT capability to be deployed at every network location. The recent increase in security breaches is a perfect example of how the continued adoption of network forensics within the security operations center of organizations can be used to pinpoint breaches and infiltrations.

In the past, folks used to think that network forensics was synonymous with security incident investigations. But the results of our survey show that organizations are using these solutions for a variety of reasons. While 25% of respondents said they deploy network forensics for troubleshooting security breaches, almost an equal number (24%) cited verifying and troubleshooting transactions as the key function. 17% percent said analyzing network performance on 10G and faster networks was their main use for forensics, another 17% reported using the solution for verifying VoIP or video traffic problems, and 14% for validating compliance.

In addition, organizations said the biggest benefits of network forensics include: improved overall network performance (40%), reduced time to resolution (30%), and reduced operating costs (21%).

Enterprises recognize that network forensics provides them with the necessary visibility into their business operations, and with increased 40G and 100G network deployments forecast in the next year, network forensics will be a critical tool to gain visibility into these high-performing networks and troubleshoot issues when they arise. Based on the many uses of network forensics, it is expected that the gap between those deploying high speed networks and those deploying network forensics will shrink over the coming years.

Jay Botelho is Director of Product Management at WildPackets.

Jay Botelho is Senior Director of Product Management at LiveAction
Share this

The Latest

December 07, 2023

Part 4 covers OpenTelemetry: Next year, we're going to see more embrace of OpenTelemetry across the entire industry — opening up the future of instrumentation ...

December 06, 2023

Part 3 covers even more on Observability: Observability will move up the organization to support the sustainability and FinOps drive. The combined pressure of needing to adopt more sustainable practices and tackle rising cloud costs will catapult observability from an IT priority to a business requirement in 2024 ...

December 05, 2023

Part 2 covers more on Observability: In 2024, observability platforms will embrace and innovate with new technologies like GenAI for real-time analytics, becoming the fulcrum for digital experience management ...

December 04, 2023

The Holiday Season means it is time for APMdigest's annual list of Application Performance Management (APM) predictions, covering IT performance topics. Industry experts — from analysts and consultants to the top vendors — offer thoughtful, insightful, and often controversial predictions on how APM, Observability, AIOps and related technologies will evolve and impact business in 2024. Part 1 covers APM and Observability ...

November 30, 2023

To help you stay on top of the ever-evolving tech scene, Automox IT experts shake the proverbial magic eight ball and share their predictions about tech trends in the coming year. From M&A frenzies to sustainable tech and automation, these forecasts paint an exciting picture of the future ...

November 29, 2023
The past few years have presented numerous challenges for businesses: a pandemic, rising interest rates, supply chain disruptions, and geopolitical conflict that sent shockwaves across the global economy. But change may finally be on the horizon. According to a recent report by Endava ... a majority of executives confirmed they are feeling optimistic about the current business climate, and as a result, are forecasting larger IT budgets, increased technology funding and rollout, and prioritized innovation in the coming year ...
November 28, 2023

Incident management processes are not keeping pace with the demands of modern operations teams, failing to meet the needs of SREs as well as platform and ops teams. Results from the State of DevOps Automation and AI Survey, commissioned by Transposit, point to an incident management paradox. Despite nearly 60% of ITOps and DevOps professionals reporting they have a defined incident management process that's fully documented in one place and over 70% saying they have a level of automation that meets their needs, teams are unable to quickly resolve incidents ...

November 27, 2023

Today, in the world of enterprise technology, the challenges posed by legacy Virtual Desktop Infrastructure (VDI) systems have long been a source of concern for IT departments. In many instances, this promising solution has become an organizational burden, hindering progress, depleting resources, and taking a psychological and operational toll on employees ...

November 22, 2023

Within retail organizations across the world, IT teams will be bracing themselves for a hectic holiday season ... While this is an exciting opportunity for retailers to boost sales, it also intensifies severe risk. Any application performance slipup will cause consumers to turn their back on brands, possibly forever. Online shoppers will be completely unforgiving to any retailer who doesn't deliver a seamless digital experience ...

November 21, 2023

Black Friday is a time when consumers can cash in on some of the biggest deals retailers offer all year long ... Nearly two-thirds of consumers utilize a retailer's web and mobile app for holiday shopping, raising the stakes for competitors to provide the best online experience to retain customer loyalty. Perforce's 2023 Black Friday survey sheds light on consumers' expectations this time of year and how developers can properly prepare their applications for increased online traffic ...