Network Traffic Analysis: 6 ways to make things smoother within your organisation

In today’s e-world, Network monitoring is a difficult and a very demanding task that is a vital part of a Network Administrators job. Network Administrators are constantly striving to maintain smooth operation of their networks. If a network were to be down even for a small period of time productivity within a company would decline not to mention all sorts of private and public services getting effected.

Thus, to be proactive rather than reactive, administrators need to monitor traffic movement and performance throughout the network and verify that security breaches do not occur within the network and if they do then how to quickly contain the damage and rectify it.

One of the most useful things to have in an organisation’s network monitoring toolkit is Network Traffic Analysis (NTA). What is does is collect and process network flow data (commonly available through features such as Cisco’s NetFlow) to give an x-ray vision into the complete network traffic. This would include: Port level analysis of applications consuming Bandwidth, End-points (‘talkers’) consuming bandwidth by port and Bandwidth consumption by end-point or application over time

Pretty easy to see how this would be useful one would think right? But just in case you are way past your last energy drink and lacking in imagination at the moment, here are 6 ways one could bring NTA to make things smoother:

#1: Your bosses think you’re pretty smart

Network Traffic Analysis enables in-depth application monitoring and bandwidth utilization capabilities. This new visibility lets you provide insights to management you just can’t get with network device monitoring thus positively impacting day-to-day operations.

For instance, you can accumulate data for a week and verify bandwidth utilization between your corporate headquarters and branch offices. Let it run for a month and you have a good picture of just how much of the bandwidth you are paying for is actually being used. Undeniably, management would always like to know that its IT teams are contributing to the business and this level of visibility just makes you look a lot smarter.

#2: You see who is playing games or watching videos

Some of your peers may see you as “Big Brother” once they realize you can produce reports that show who is playing games, visiting porn sites or streaming movies when they are supposed to be working. Research has shown that when employees know someone is watching, they misbehave a lot less and productivity goes up. It’s only fair to let people know you have this capability before you actually start using it.

#3: You optimize performance

Maybe you already know who is streaming video or playinggames. But do you know how that impacts key applications and services? Network Traffic Analysis shows you how much bandwidth is consumed by which users/apps at what times.

It is a simple matter to see spikes in video usage stealing bandwidth from a core business application. If users complain about response times at the same time that someone is streaming videos, you have a simple path to a clear win. And, oh BTW, this also makes you look pretty sharp to your bosses.

#4: You blast through traffic jams

Network Traffic Analysis gives you a ready tool for a quick deep dive into the underlying causes of network slowdowns;especially if you are continuously collecting and analyzing traffic data.

To site a case:One IT pro we know set up a new company-wide, anti-Spam software solution with the most up-to-date signature libraries stored on their corporate servers. After the installation was complete, they noticed that the link to the branch office was experiencing high utilization nearly every hour. Their NTA software quickly detected that client machines from the remote sites were all communicating with the anti-Spam server for updates at the same time. Problem solved! They staggered the update requests over the span of a few minutes and eliminated the utilization bottleneck.

#5: You gain move/adds/changes superpowers

A very relevant and crucial common situation in organisations is when their finance and accounts staff get relocated from one floor to another.

This move would require a different subnet and in the process they decommission an old router in the process. Unfortunately, a few of the workstations may still remain configured to be part of the old network. Right after the move they may see an increase in the amount of bounced traffic between these workstations and the default gateway.

With Network Traffic Analysis they would know exactly which workstation was part of the routing loops and that would make it easy to rectify the configuration and get the new network to settle down smoothly.

#6: You spot cyber-attacks as they happen

Imagine arriving at work one morning and seeing there are a large number of failed connections on your main router. You also note that this pattern had persisted for a couple of hours. Network Traffic Analysis shows you that all of the transmissions are from a few IP addresses outside your network. It’s a classic case of a portscan–which is an external attack looking for vulnerable open ports on your router firewall.

At this stage you would be able to quickly block the offending IP addresses as a start and then call in internal/ external security team for additional support.

Make sure you add Network Traffic Analysis to your network management toolkit. Here is a quick link to evaluate Network Traffic Analysis in your environment.

Authored article by: Alessandro Porro, Senior Vice President, Ipswitch