Solera Networks Deep-Packet Capture Review

Solera Networks Deep-Packet CaptureThey say the success rate of the Network Operations or Security Engineers is measured by how much they are invisible to the rest of the organization.

Business processes rely on the services provided by the network infrastructure and these services rely on network traffic. Since the network traffic is the informational blood stream of an organization, monitoring this traffic plays a crucial role in sustaining the business processes and operations.

Maintaining the availability and security of today’s enterprise networks is a process which never ends and in order to manage this process effectively, one needs the right set of tools. The biggest challenge in real-time traffic monitoring is the volatility of traffic. Many times following a security incident I wished I had a network traffic capture to answer a very simple problem: What happened in my network?

Real-time sniffers offer comprehensive traffic analysis and one can deploy complex architectures of sniffers because they are so effective. Provided one crucial condition: that somebody actually is watching the sniffer logs and takes appropriate actions.

This is where the sponsors of this post, Solera Networks brilliantly fill the gap. The Solera Networks DS series Packet Capture Appliance is a high performance system designed to provide deep-packet capture and stream-to-storage for 100 percent of network traffic.

My main criteria in evaluating a deep-packet capture system are (in no particular order):

  •  Scalability
  •  Impact on existing infrastructure
  •  Easy to use management interface
  •  Rapid access to data
  •  Business benefits

Scalability
In order to cope with different volumes of traffic, Solera Networks provides many appliance models which suit most of the topologies and deployment scenarios of today’s networks.

The range of appliances varies from CALEA Appliance: 1U / 1Gbps Capture rate / 1TB storage up to 3U / 10Gbps capture rate / 16 TB storage capacity which is the DS 5100 high-end deep-packet capture appliance.

Impact on existing infrastructure
The impact of deploying Solera Networks appliances is minimal because one can deploy the product in many non-intrusive ways:

  • Attached to a SPAN (or mirrored) port off of a router.
  • "in-line" IP-less deployment, even via an optical splitter for splicing into a fiber network.
  • "hub mode" if you don’t have a switched network so that all traffic is visible for capturing.

Besides the appliance presentation, you can use Solera Networks Virtual Appliance which can be deployed on any server platform supported by VMware.

Management Interface
To ensure maximum portability, the Solera Networks solutions are managed using a Web-based Control Center which allows the administrator to fully manage all components:

  • Start / Stop, virtual replay of captured data
  • Applying powerful filters to incoming traffic before capture or to outgoing traffic when replaying traffic.
  • System monitoring trough graphical and numerical status of key system metrics
  • Complete user management


Rapid access to data

Ok, so you’ve got tons of captured network traffic but what is the value delivered to the organization? Solera Networks offers DeepSee , a revolutionary traffic analysis tool which enables the users to rapidly locates network "flows" that are meaningful for IT and business users. A flow is a set of data packets that were sent during a TCP session such as web browsing, SMTP, POP3, etc. DeepSee enables the users to extract and index "artifacts" such as files, IM dialogue, VoIP call, and VPN sessions. These features are extremely valuable when doing any forensic investigations.

Business benefits
There are many business drivers to deploy deep-packet capture technology depending on the organization’s business area. If your business must adhere to strict regulations on lawful data intercept, then Solera Networks offers the special CALEA (Communications Assistance for Law Enforcement Act) appliance. This appliance delivers a powerful, yet simple CALEA compliance solution with full communications monitoring and detail logging.

One of the first Network Security benefits of deploying Solera Networks devices has to do with internal threat and data leakage. Sometimes the impact of an insider attack is so devastating that it can’t even be accurately measured and it’s always easier to prevent than to cure. Having access to all the volatile network traffic allows the HR and Security investigators to identify suspicious activity and take appropriate actions before a malicious user impacts the organization.

The Network Management benefits of using a deep-packet capture device such as Solera Networks reside in the diagnosis value of these tools. Detecting traffic anomalies and under-performance network services enables the system engineers to align the IT objectives to the overall business objectives.

Conclusion
Solera Networks DS series Packet Capture Appliances fill the gap between the value of instant traffic analysis (high-performance sniffers) and the reliability of long term traffic storage enabling you to replicate the instantaneous traffic analysis at any given moment in past or present.



Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback. Print This Post Print This Post


Subscribe without commenting


Leave a Reply

Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.

CommentLuv badge