Presentation: Maintaining "Link Layer Visibility" in Network Monitoring

Speaker: Tony Zirnoon, CISSP

Topic: Most network monitoring tools do not have access to the real physical and link layer of the network, since they are using techniqies such as spanned ports, aggregators and/or netflow. These techniques can introduce aggregation and do not address the issue of losing Link Layer Visibility!

So there you are, you've just bought an analytic tool and you want to get more coverage, say to a few other local network segments - after you realize it's not running at capacity, and you buy an aggregator to place between your network segments and your tool. Guess what... You've lost Link Layer Visibility... You've lost critical information about the nature of the data you're trying to monitor.

You don't know which network segment your tool is looking at, or what your tool does when looking at multiple different network segments, tool results are not correct and you start losing packets because there are now collisions introduced at the ingress, again by the aggregator, in fact - it's worse than that. Sessions are now mixed together and your tool may not be able to differentiate between one session and another - from packets arriving on one port and packets arriving on a different port.

There's nothing wrong with adding an aggregator, that's fine, but next time you're in need - take a look at the VSS line of products which preserve Link Layer Visibility, through advanced features such as Port & Time stamping, High data burst buffers, Microburst detection & Session aware load balancing. Multiply that with the industry's only true Mesh deployment architecture, as opposed to the far less reliable Hub & Spoke approach - and not only do you benefit from seeing multiple network segments with the same, or with multiple different tools, but you also get much more resilient monitoring with a network wide view that self-learns, self-heals and never loses a packet!

What's the upshot to this discussion - I'm glad you asked! Only by preserving Link Layer Visibility can you guarantee you'll be able to find and process the packet that will lead to getting the network back up again. Using an aggregator that doesn't preserve Link Layer Visibility will help to conceal the problem, hide the packet at issue and keep your network down longer / impeding a resolution.

Add in an 80% reduction in Capex by introducing the Network Intelligence Optimization layer, a 50% reduction in Opex - as tools can be concentrated and you're looking in good shape to invest in more tools or facilities that will allow you to offer a differentiation to your end customer - and that's a good thing, so's a promotion because the Network's always up

BIO: Tony Zirnoon, CISSP is the Global Director of Security Strategy & Enterprise Marketing at VSS Monitoring where he's focused on solidifying the company's presence and momentum in the emerging network security and intelligence optimization segment through a comprehensive strategy, joint solutions with technology alliance partners, evangelism and building thought leadership. Tony has more than 15 years IT experience at Fortune 500 companies, bringing a customer-focused perspective as well as delivery of consulting solutions in various industry verticals, and has led numerous information and data security risk assessments, and developments in IT security architecture, security and privacy design and implementations. He has also been regularly involved in helping clients identify and manage their compliance with various state and federal regulations (Sarbanes-Oxley, HIPAA, GLBA, FFIEC, ITAR, PCI, etc). Tony graduated from the CSU, Sacramento with a Bachelor of Science in Computer Science, and holds the CISSP and CCSA, PCI-QSA certifications. He is an active member of the ISC2, IAPP, InfraGard, OWASP and Silicon Valley chapter of ISSA. Linkedin: http://www.linkedin.com/in/zirnoon Twitter: @SecurEvangelist

Lunch Menu:
Appetizer: Hale Koa Salad with Tarragon Dressing
Main Course: Herb Marinated Grilled Sirloin Steak and Citris Honey Mustrad Glazed Chicken Breast
Fresh Mashed Potatoes and Herb Roasted Garden Vegetables
Dessert:  Red Velvet Cake