Network Security Solutions

Detect, Identify, and Remediate Security Breaches with Network Intelligence

You are here

Network security intelligence offers real-time threat detection and post-event assurance for enterprise networks by analyzing traffic behavior over time and storing conversations for post-event investigations.

Reinforce Threat Prevention Strategies with Network Security Forensics

Recent high-profile network attacks have underscored the need for more robust network security products, specifically technology that analyzes actual network conversations and monitors supporting infrastructure to strengthen existing threat prevention solutions.

Observer accomplishes this by a powerful combination of comprehensive wire data analytics and enriched-flow records that deliver complete visibility into network traffic and supporting infrastructure. With these rich data sources, real-time threat detection and post-event security investigation capabilities are enhanced. Breaches and compromised resources can be quickly identified, and remediation activities begun.

Observer Puzzle

Now, with the release of Observer v18, packet and enriched flow data now coexist in Observer Apex. By compiling Layer 2 to Layer 3 insights into a single enriched flow record, Observer can produce unique, interactive visualizations that illustrate the relationships between User, IP, MAC, and application usage in the network. A NetOps or SecOps user can simply enter a name in the username field and immediately find all devices, interfaces, and applications associated with it. Finding out what’s connected and who’s communicating across your network has never been easier.

SecOps Network Security Workflow

  • Analyst Paper

    2021 State of the Network Study

    Transformation from the Ashes of Global Pandemic

    Nearly 800 IT professionals weigh in on the workloads, challenges, data sources, and team collaboration required to drive service delivery in this year of digital transformation.

    Download Study
  • White Paper

    Every Second Counts in the Battle Against Bad Actors

    Download the Paper
  • Analyst Paper

    Tested by Tolly

    Only VIAVI delivers 60 Gbps network monitoring with lossless packet capture.

    Get the Report
  • Packet Pushers Podcast
    Podcast

    Security Weekly Podcast Library

    Identify and Resolve Security Threats with High-Fidelity Wire Data

    Learn More
  • Video

    Watch VIAVI Live from Cisco Live

    VIAVI Sr. Director of Product Management, Charles Thompson, presented and fielded questions from panel of industry experts at Cisco Live US. 

    Watch On Demand
  • Webinar

    4 Gaps to Fix in Your Security Detection and Response

    Strategies from expert threat hunters designed for NetOps & SecOps teams

    View Recording
  • Product Release

    Introducing Observer GigaFlow

    Master performance and security challenges with insight from every perspective.

    Learn More

  • Security Spends

    Enterprises dedicate 50x more budget to prevention than investigation, but is it working?

    Watch the Video

Cybersecurity Can Never be Too Strong

Defending complex hybrid IT networks with IoT and remote user devices requires a multifaceted data protection strategy. For example, the network perimeter has never been so expansive and potentially vulnerable. Along with firewalls, IDS, and DLP, effective security solutions must include network security intelligence derived from in-depth knowledge of the network traffic and supporting assets.

NetOps and SecOps should connect to deliver outstanding business value and deliver an exceptional end-user experience for IT stakeholders using these Observer capabilities:

  • Global Threat ID with Scope and Impact - Apex supports full access to the power of GigaFlow enriched-flow records. From the Apex Welcome Screen, search by MAC address, IP address, subnet, or launch GigaFlow directly. Updated blacklists continuously check against enriched records over time. Network and security teams can quickly assess whether devices or applications are exhibiting aberrant behavior using this network security solution.
  • Advanced Traffic Profiling - Quickly identify anomalous activity and monitor acceptable use through sophisticated traffic profiling included in Observer’s network security protection. Every host and device across the IT environment directly from GigaFlow can be accessed via simple navigation from Apex. Characterize traffic by type, usage, application, and communication activity. Profiles are maintained in real time and then stored with all future network traffic and evaluated against past behavior.
  • Security Forensics and Reconstruction - Tight integration with GigaStor means Apex serves as an eyewitness to every network conversation, offering intuitive dashboards with summary information of every transaction over time. It also maintains ready access to individual packets for extended back-in-time investigations of suspicious activity. As a part of an investigation process, traffic can be quickly filtered and shared with third-party security and analysis tools.

Network Security Intelligence – Backstop Threat Prevention Efforts

Firewalls, anti-virus software, IDS, and DLP systems are necessary but no longer enough to achieve robust cyber protection or to obtain detailed evidence necessary for complete resolution and documentation of cyberattacks and IT breaches. Advanced network security solutions delivered by network performance monitoring and diagnostics (NPMD) solutions like Observer act as a 24/7 security camera that monitors every entity in the environment, detecting real-time anomalous behavior and storing network traffic for extended periods for immediate threat identification or post-event analysis.

Captured packet data allows organizations to reconstruct all the traffic, on the network up to and after a network security events to gain context while enriched flow records provide deep insight into the status of every network asset.

Network and Security Teams Converging Operational Model

Complex network environments require close collaboration between SecOps and NetOps teams to maximize service delivery while protecting against escalating security threats. The bridge between these two worlds is the network, traffic and the resources that support it. Observer can be the network security solution that delivers on this future paradigm. Why wait until tomorrow when you can have the network security intelligence you need today?

"Although often separate, NetOps and SecOps teams share the common goal of maintaining secure, high-performance network infrastructures. Infrastructure and operations leaders can leverage shared data and solutions to optimize budgets, avoid duplication of effort and improve the end-user’s experience."
– "Align NetOps and SecOps Tool Objectives With Shared Use Cases" By Gartner analysts Sanjit Ganuli and Lawrence Orans, July 24, 2018

 

  • How can network security services help you get visibility into your network in the event of a breach?

    When there’s an incident, the first thing the SecOps team is tasked to do is to find all the information they can about an IP address. Traditionally this involves asking the NetOps team to send over pcap files and this might take a long time. 

    With the Observer network security solution, we aggregate those network insights for you, proactively—that is, before the breach happens.

    The Observer application gives SecOps teams visibility into their network by interrogating the network’s devices, and not just routers, switches, and firewalls. We go a step further and talk to your proxy servers, load balancers, and even SD-WAN controllers to fully protect your network. 

    We ask these devices the following questions:
    -    Have you seen this IP address?
    -    What decisions have you made with this IP address?
    -    How did you make that decision?

    Observer goes into the ARP table to get MAC addresses corresponding to the devices in the network. We find user IDs from Authentication Domains, NetFlow, jFlow, IPFix and distill that information.

  • How can the Observer platform complement the other solutions in your suite?

    The Observer application gives SecOps and NetOps teams layer 2 and layer 3 network visibility to existing security workflows by interrogating the devices in the network.

    We answer the critical questions of a) What’s connected?, and b) What’s communicating. We then stitch together this information – MAC addresses, userIDs, IP addresses, and more—and compile them into interactive, intuitive workflows that let you navigate between these relationships.

  • What immediate business impact can Observer’s network security solution provide you with?
    • We can provide NetOps and SecOps teams with quicker, more accurate threat detection due to more complete forensic data
       
    • We can reduce the number of false positives with the more complete picture provided by Observer’s network visibility
       
    • We can foster collaboration between NetOps and SecOps teams, delivering increased efficiencies between them. 
       
    • We can streamline root cause analysis, especially when it comes to pinpointing why an application is not performing accurately
       
    • We can help NetOps teams resolve subjective end-user complaints
       
    • We can mitigate risk factors involved with the deploying of major IT initiatives
  • What is the power of having a flow-based network security solution?

    Many flow-based solutions claim to play in the security arena by providing a few “security reports.” Our product bridges and fills the gap between NetOps and SecOps with views designed SPECIFICALLY for SecOps specialists.  
    Observer provides automated detection of suspicious and malicious behaviors leveraging multiple techniques and aggregates these techniques into an integrated threat map. 

    • IP Blacklisting: Observer continuously updates pre-configured and custom blacklists.
       
    • SYN Forensics: Observer can alert on suspicious volumes and patterns of SYN-only flow records, often associated with network and port sweeps. 
       
    • Traffic Profiling: A core capability of Observer to use the enriched-flow records to build a traffic profile of devices on the network. Profiles are maintained in real-time with all future network-generated device traffic evaluated against past behavior for unusual or anomalous activity.  
  • Common network security solutions concerns

    You may have some questions regarding the application of enriched flow in your network infrastructure. Here are some ways that Observer can help you by addressing these network security software concerns.

    1. My devices are not capable of sending flow data…
      Observer can parse log data to produce enriched-flow records that function just like flow data
    2. The most prevalent flow sources don’t have performance data…
      Observer applies advanced analysis functions to produce response time data from flows as part of the enriched flow
    3. Flow vendors aggregate and de-dup, so the forensic value is minimal…
      Observer offers “full-flow forensics” - ensuring that every flow is retained and available for the most detailed analysis. Because of this archiving capability, Observer can help with any retroactive reporting associated with an incident, powered by full-fidelity forensics. 
  • How is Observer’s flow-based solution different from other flow-based network security monitoring software?

    Traditional flow-based network security solutions aggregate flow from only some network infrastructure devices. We take this a step further and compile user sources from domain servers and authentication servers, SNMP, MAC addresses from ARP tables, and even cloud sources like AWS and Microsoft Azure.

    When coupled with VIAVI Observer’s third-party validated wire data capture solution, GigaStor, an organization can give themselves the most complete picture of their network: true network visibility.

  • What are some key differentiators of VIAVI Observer’s network security software and performance solutions?
    • End-User Experience Scoring
      VIAVI leverages machine learning to identify an issue and automatically isolate the problem domain in seconds. In three clicks, users can go from higher-level dashboards all the way down to network conversations, or wire data transactions, effectively streamlining root cause analysis and reducing mean time to resolution (MTTR).

      This can be helpful in a security setting because a low end-user experience score can be indicative of a Denial of Service attack, which can also be detected by other tools within Observer’s network security software.
       
    • Enriched-Flow Records
      Having visibility into your network is a critical component of any network security software, and one of the most long-lasting, traditional pieces of network data is flow. Observer transforms traditional flow by stitching enriched-flow records that compile flow, SNMP, user identity, and session syslogs all together in one single “record.” These Layer 2 and Layer 3 insights, when aggregated yield unique, accessible visualizations, such as the IP Viewer. These interactive visualizations and reports allow customer to drill as far as they want into IP to MAC to User relationships, interface and device type information, traffic control, quality of service marking, and more. 
       
    • Integrated Threat Map
      An integrated threat map accessible straight from Observer Apex provides visual ways to detect and monitor rogue activity. IP blacklisting, advanced traffic profiling going beyond basic whitelisting, and SYN Forensics.
       
    • Third-Party Validated Data Capture
      The VIAVI third-party validated wire data capture delivers from the GigaStor component of the Observer platform delivers industry leading stream-to-disk speeds and metadata production to give an organization complete packet forensic visibility into all network activity. This allows a SecOps user to drill into the packet level network conversations, in the event of any breach. When coupled with flow-based analysis, NetOps and SecOps teams alike can benefit from a near complete picture of their network.
       
    • Single Interface with Apex
      Traditionally, it can be difficult for SecOps teams to be granted timely visibility into the network, be it due to organizational silos regarding tool use or because it simply takes time to find the relevant network data. With Observer Apex, SecOps and NetOps teams alike can use the same interface to solve network security and performance related issues.
       
    • The Power of Flow and Packets Combined
      By combining the power of wire data capture with GigaStor and flow-based analysis and archiving with GigaFlow, Observer is able to provide you with information from the data center as well as the hypothetical router at the edge of the network to paint the full picture. The ability to store enriched-flow records in the form of full-fidelity forensics and the retention capabilities of network conversation data from GigaStor means that SecOps teams and NetOps teams can retroactively go back and drill into any transaction in the network. This gives SecOps and NetOps teams true network visibility.

Additional resources:

Resources

White Papers & Books
2021 State of the Network Study
Podcast
Security Weekly: Identify and Resolve Security Threats with High-Fidelity Wire Data
White Papers & Books
Winning the Security Battle
Blog
3 Lessons Learned from the Capital One Cyberattack
Blog
What the NASA Cyberattack Teaches Us About Simple Technologies and Advanced Threats
White Papers & Books
NPMD for Network Security Forensics
Webinar
4 Gaps to Fix in Your Security Detection and Response
Article
Threat Hunting: Learn to detect and eliminate threats in your network
White Papers & Books
How CIOs Can Choose the Right Metrics
White Papers & Books
Tested by Tolly: GigaStor Gen 4 60 Gbps Capture Performance
Video
Security Spends: Post-Event Remediation Latest Frontier in Network Security
White Papers & Books
Special Report: Network Tools Hold Critical Insight in Attack Remediation
White Papers & Books
Packet-Based Security Forensics: A Next-Generation Approach to Attack Remediation
Webinar
Wireshark Week Webinar Library
Video
Network Security Forensics Troubleshooting
White Papers & Books
SOX and IT

Products

Observer Apex
Observer GigaStor
Observer GigaFlow

Let Us Help

Contact us for more information, receive a price quote, or watch product demonstration videos. We’re here to help you get ahead.

Contact a Sales Expert
Request a Quote