IT Security News & Blog

Six Reasons to Monitor Netflow with Network Traffic Analysis

Posted: 31 July 2018

One of the most useful things to have in your network monitoring toolkit is Network Traffic Analysis. It collects and processes network flow data, commonly available through features such as Cisco’s NetFlow as well as other network device manufacturers.

It provides three key insights:

  • Port level analysis of applications consuming bandwidth.
  • End-point consumption of bandwidth by port.
  • Bandwidth consumption by end-point or application over time.

Pretty easy to see how this would be useful, right? But just in case you need a little more persuading...here are seven benefits to using network traffic analysis for netflow.

Do you use a network monitoring solution? Take a look at our blog entitled "Ten Reasons why Network Monitoring Software is a Must Have".

 

1. Unparalleled Insight

Network Traffic Analysis gives you in-depth application monitoring and bandwidth utilisation capabilities. This provides insights to management you just can’t get with network device monitoring alone.

These insights can positively impact day-to-day operations. For instance, you can accumulate data for a week and verify bandwidth utilisation between your corporate headquarters and branch offices. Let it run for a month and you have a good picture of just how much of the bandwidth you are paying for is actually being used.

Management likes to know that IT pros are contributing to the business and this level of visibility just makes you look a lot smarter.

 

2. Find Unwanted Traffic

With network traffic analysis for netflow, you can produce reports that show who are playing games, visiting recreational sites and/or streaming movies when they are supposed to be working. Research has shown that when employees know someone is watching, they misbehave a lot less and productivity increases.

 

3. Optimize Performance

Maybe you already know who is streaming video or playing games. But, do you know how that impacts key applications and services? Network Traffic Analysis shows you how much bandwidth is consumed by which users and which apps at which times.

It is as simple as looking for spikes in video usage, which could indicate that bandwidth is being taken away from a core business application.

Interested to learn a little more about netflow? Read out blog post "What is Netflow and Why Should I Monitor it?".

 

4. Reduce Bottlenecks

Network Traffic Analysis gives you a ready tool for a quick deep dive into the underlying causes of network
slowdowns.

In one case we have been involved in, a new company-wide, anti-Spam software solution was deployed with the most up-to-date signature libraries. After the installation was complete, they noticed that
the link to the branch office was experiencing high utilisation nearly every hour. Their NTA software quickly
detected that client machines from the remote sites were all communicating with the anti-Spam server for updates at the same time. Problem solved!

They staggered the update requests over the span of a few minutes and eliminated the utilisation bottleneck.

Want to learn more about network monitoring solutions? Take a look at our definitive guide to network monitoring and incident response

 

5. Correct Configuration Mistakes

How about the user that relocated their finance and accounts staff from one floor to another?

The move required a different subnet and they decommissioned an old router in the process. Unfortunately, a few of the workstations were still configured to be part of the old network. Right after the move they saw an increase in the amount of bounced traffic between these workstations and the default gateway.

With Network Traffic Analysis they knew exactly which workstation was part of the routing loops and that made it easy to rectify the configuration and get the new network to settle down smoothly.

 

6. See Cyber Attacks as they Happen

Imagine arriving at work one morning and seeing there are a large number of failed connections on your main router.

You also note that this pattern had persisted for a couple of hours. Network Traffic Analysis shows you that all of the transmissions are from a few IP addresses outside your network. It’s a classic port scan, an external attack looking for vulnerable open ports on your router firewall. With this attack visible to you, you can defend the network by blocking an offending IP address or closing an exposed port.

Ipswitch WhatsUp Gold Network Monitoring includes a network traffic analysis for netflow feature, as  well as many other useful network management capabilities. If you would like to see a demonstration of this solution, book a short call with one of our consultants today.

 

Nine Best Practices for Monitoring Cloud Infrastructure

Topics: Network Monitoring, Incident Response, WhatsUp Gold, NetFlow

Chris Payne

Written by Chris Payne

Managing Director - Advanced Cyber Solutions