There’s nothing worse than needing a connection to be fast whilst it remains stubbornly slow. Increasingly, in our walled-in realities and virtual workplaces, this is a regular occurrence. Every organisation now depends upon a set of tools to operate. Workforces use Microsoft 365 for a myriad of daily tasks and communications. When it drops, so does productivity – and frustration ensues.
For newly digitally transformed organisations, performance drops are the nightmare lurking behind the dream. They’re the limp in your otherwise confident stride; the thing that you hope will simply disappear, but, wretched as it is, does not.
Similarly, however, there’s the news of global security threats, such as the recent attack on the Microsoft Exchange Server. The attack was reportedly state-sponsored, and involved a Chinese hacking group using four zero-day hacks – which we discussed in a recent piece – to infiltrate the email systems of companies around the world. Many are still reeling: it was recently announced that 3,000 email servers within the UK remain unsecured.
The attack also cements a greater fear: that these attacks, the first being the SolarWinds hack, are the first of many.
Network managers are faced with two priorities: the need for security – and a means to guard against the unknown – and the need to maintain performance. These priorities are not mutually exclusive, but they do compete, both in resources and attention. A team of network managers can only concern themselves with so much. Fear may stoke the need for action, but does not necessarily lead to a solution.
The performance-security balancing act
Network management is a balancing act. Fortunately, much of that balance is maintained through solutions that monitor and analyse network traffic, and provide context-rich reporting of data packets. A network must use solutions to cover their needs, and provide a programmable baseline of automation to maximise a manager’s time. These should include the monitoring of specific application traffic, such as Microsoft 365 or Zoom, as well as provide the metadata necessary to understand when and how attacks have taken place. Zero-day attacks are dangerous because there is no existing defence. The next best thing to prevention, however, is mitigation. This means using the tools that have gathered data during an attack to limit its impact, understanding and analysing what happened and preemptively shutting down parts of the network.
Collection, made possible by ntop’s nBox Recorder, which uses the industry PCAP file format to prepare data-rich files for subsequent dissection, needs to then be paired with monitoring and analysis solutions. It’s here that, using tools such as Scrutinizer by Plixer and ntop’s nBox Probe, threshold alerts can be set, and network managers alerted to anomalous traffic.
The greatest advantage of a comprehensive suite of network solutions is that it relieves network managers’ time. Priorities must be balanced because time is finite, and attention even more so. The more of the performance-security balancing act a solution can handle, the better.
As already mentioned, monitoring specific applications usually yields the greatest benefit to a workforce. Increasingly, reported problems are related to specific applications running slowly – those crucial to job functions – rather than unresponsive networks. Scrutinizer can be used to identify and name traffic – for example, by grouping IPs – to make monitoring of that traffic easier, creating a clear path to optimisation.
Priorities always require balance and review. The best network managers can do is identify risks and overall impact, and incorporate network solutions to help them maintain a clear vigil of network traffic and security threats.
Network security should be a priority for all digital organisations – which represent an increasing majority. But that shouldn’t take attention away from performance monitoring, and specifically ensuring work-critical applications are not suffering from preventable drops. Performance, after all, defines the day-to-day experience and productivity of workforces.
For more information on protecting your network against emerging threats and maintaining the performance of critical applications, contact us today.