Hackers and Trojans are getting wilier. If your network and server monitoring solution is more than a few years old, you might be missing out on some dangerous developments, not to mention spending money on problems without having an accurate assessment of root causes. Two IT leaders have found that the solution lies in network and server monitoring -- and, as with so many things, the devil is in the details.
Marc Seybold, CIO, SUNY College at Old Westbury, was frustrated by a network and server monitoring strategy that wasn't able to bind user identifications back to the source. His team would need significant time to isolate and find problems. When the college regularly exceeded its bandwidth, the reaction was to double the pipe, but with a closer analysis, Seybold switched to SonicWall E-Class Network Security Appliance NSA E7500 in hopes of getting more detail and found unexpected benefits.
"It was a significant step up in function and down in price, which already is making it a significant value on ROI. You're usually oversubscribing your resources, and the SonicWall enables you to mix those things together; we can look at the security point of view and also set policies on groups of IDs. By doing it in a temporal fashion, you're able to use it to maintain the efficient distribution on bandwidth," said Seybold.
Seybold saw his bandwidth problem transform into a bandwidth cost savings. "We're able to cut back on 300 [Mb] of internet bandwidth. Perhaps it was data spikes -- we weren't sure to what extent they were going over 100 [Mb], just that they were, so we tried to solve the problem with bigger pipe. But now after switching, we're hitting about 85, so it's definitely a reduction."
This reduction comes from a newfound ability to dig deep into root causes. "You can put all the antivirus software in the world on the network, but something will still make its way past those defenses. Just being able to look at things from a protocol point of view is just ineffective. I'm now binding it to user IDs, so you can also tell whether the individual machines are infected with malware. When a student supposed to be doing academic work has 30 machines in China hanging off of their ID, you can see that it's not good," said Seybold.
Chris Young, director of IT at Texas Medical Center Library, noticed a similar benefit when he switched to a new network and server monitoring solution, ScriptLogic PacketTrap IT. "We wrote a lot of queries to the PacketTrap database looking for peaks and valleys that correlated with other problems we may have seen in our database. If someone's downloading a movie using BitTorrent, we can throttle them individually rather than making everyone else suffer."
Behavioral analysis is the future
Behavioral analysis is a huge benefit that’s often missing or underpowered in network and server monitoring strategies. However, for midmarket companies that don't have a lot of capital to throw at problems, behavioral analysis can be the Holy Grail. Seybold explained, "You can take a closer look at the things people are doing and associate a user ID. For instance, you can have 500 people trying to look at YouTube traffic and a faculty member in a classroom trying to show a YouTube video. If you blanket the system and restrict YouTube, you're going to block out that faculty member. If you can do behavioral analysis, you can give the faculty member enough bandwidth to be able to do their job while throttling the students."
Network and server monitoring theories often stem from a concern for security, and behavioral analysis is key in the fight against unusual activity on your network. Seybold explained, "You can actually feed data back into Riverbed's Cascade and let it run on autopilot, so that it can build up its own behavioral analysis. Someone uses their own environment Monday through Friday, 9-5, and then suddenly their machine turns on and is being used on a Sunday afternoon. Now it's possible that they're just catching up on work, but it's also possible that it's been hijacked. The system will flag that, and the human can follow up with that."
Both Seybold and Young found that they had problems they couldn't even see with their previous network and server monitoring tools. "Upon flipping the switch to PacketTrap, we immediately found two servers that were on their last legs that no one had noticed. Memory was at 80% to 90% utilization, and we wouldn't have known they were a problem until they shut down and burned out previously. We were able to eliminate them in the first 90 days," explained Young.
Unexpected benefits of network and server monitoring
With new network and server monitoring tools in place, both Seybold and Young are reaping benefits on their bottom line, as well as a reduced stress level.
Now that Seybold has a taste of behavioral analysis, he said he looks toward using it to shape the behavior of his user base, a functionality that will be the next step for the college. "We'd like to give students a certain number of bytes in the bandwidth and allow students to make the decisions in how they use the bandwidth. We're not going to tell [the students] when it's important to get something done; we'll give [them] enough resources to get things done, but then have higher costs at peak parts of the day. If they're going to do something that consumes bandwidth where it will compete with other users, they'll use up their bytes faster and exhaust them before they get another bucket of bytes."
Added Young, "We went from brownouts and panics on the daily basis in the first six months I was here to today's scenario of an evenly managed network, where I had to turn off a switch the other day because it had been on too long. It had been up 377 days and developed a memory leak.
"The difference now is that we noticed the problem before everyone started screaming at me."
Let us know what you think about the story; email Wendy Schuchart, Site Editor.