Dynamic Disruption Everywhere
Over 400 IT professionals weigh in on the unprecedented challenges being faced in maintaining optimal service delivery and safeguarding critical assets.
Recent high-profile network attacks have underscored the need for more robust network security tools, specifically software that analyzes actual network conversations and monitors supporting infrastructure to strengthen existing threat prevention solutions.
Observer accomplishes this by a powerful combination of comprehensive wire data analytics and enriched flow records that deliver complete visibility into network traffic and supporting infrastructure. With these rich data sources, real-time threat detection and post-event security investigation capabilities are enhanced. Breaches and compromised resources can be quickly identified, and remediation activities begun.
Now, with the release of Observer v18, packet and enriched flow data now coexist in Observer Apex. By compiling Layer 2 to Layer 3 insights into a single enriched flow record, Observer can produce unique, interactive visualizations that illustrate the relationships between User, IP, MAC, and application usage in the network. A NetOps or SecOps user can simply enter a name enter in a username and immediately find all devices, interfaces, and applications associated with it. Finding out what’s connected and who’s communicating across your network has never been easier.
Dynamic Disruption Everywhere
Over 400 IT professionals weigh in on the unprecedented challenges being faced in maintaining optimal service delivery and safeguarding critical assets.
Only VIAVI delivers 60 Gbps network monitoring with lossless packet capture.
Identify and Resolve Security Threats with High-Fidelity Wire Data
VIAVI Sr. Director of Product Management, Charles Thompson, presented and fielded questions from panel of industry experts at Cisco Live US.
Strategies from expert threat hunters designed for NetOps & SecOps teams
Master performance and security challenges with insight from every perspective.
Enterprises dedicate 50x more budget to prevention than investigation, but is it working?
Defending complex hybrid IT networks with IoT and remote user devices requires a multifaceted data protection strategy. For example, the network perimeter has never been so expansive and potentially vulnerable. Along with firewalls, IDS, and DLP, effective security solutions must include network security intelligence derived on in-depth knowledge of the network traffic and supporting assets.
NetOps and SecOps should come together to deliver outstanding business value and deliver exceptional end-user experience for IT stakeholders using these Observer capabilities:
Firewalls, anti-virus software, IDS and DLP systems are necessary but no longer enough to achieve robust protection or to obtain detailed evidence necessary for complete resolution and documentation of cyberattacks and IT breaches. Advanced network security solutions delivered by network performance monitoring and diagnostics (NPMD) solutions like Observer act as a 24/7 security camera that monitors every entity in the environment, detecting real-time anomalous behavior and storing network traffic for extended periods for immediate threat identification or post-event analysis.
Captured packet data allows teams to reconstruct all the traffic on the network up to and after a network security event to gain context while enriched flow records provide deep insight into the status of every network asset.
Complex network environments require close collaboration between SecOps and NetOps teams to maximize service delivery while protecting against escalating security threats. The bridge between these two worlds is the network, traffic and the resources that support it. Observer can be the network security solution that delivers on this future paradigm. Why wait until tomorrow when you can have the network security intelligence you need today?
"Although often separate, NetOps and SecOps teams share the common goal of maintaining secure, high-performance network infrastructures. Infrastructure and operations leaders can leverage shared data and solutions to optimize budgets, avoid duplication of effort and improve the end-user’s experience."
– "Align NetOps and SecOps Tool Objectives With Shared Use Cases" By Gartner analysts Sanjit Ganuli and Lawrence Orans, July 24, 2018
When there’s an incident, the first thing the SecOps team is tasked to do is to find all the information they can about an IP address. Traditionally this involves asking the NetOps team ask them to send over pcap files and this might take a long time.
With the Observer network security solution, we aggregate those network insights for you, proactively—that is, before the breach happens.
The Observer application gives SecOps teams visibility into their network by interrogating the network’s devices, and not just routers, switches, and firewalls. We go a step further and talk to your proxy servers, load balancers, and even SD-WAN controllers.
We ask these devices the following questions:
- Have you seen this IP address?
- What decisions have you made with this IP address?
- How did you make that decision?
Observer goes into the ARP table to get MAC addresses corresponding to the devices in the network. We find user IDs from Authentication Domains, NetFlow, jFlow, IPFix and distill that information.
The Observer application gives SecOps and NetOps teams layer 2 and layer 3 network visibility to existing security workflows by interrogating the devices in the network.
We answer the critical questions of a) What’s connected?, and b) What’s communicating. We then stitch together this information – MAC addresses, userIDs, IP addresses and more—and compile them into interactive, intuitive workflows that let you navigate between these relationships.
Many flow-based solutions claim to play in the security arena by providing a few “security reports.” Our solution bridges and fills the gap between NetOps and SecOps with views designed SPECIFICALLY for SecOps specialists.
Observer provides automated detection of suspicious and malicious behaviors leveraging multiple techniques and aggregates these techniques into an integrated threat map.
You may have some questions regarding the application of enriched flow in your network infrastructure. Here are some ways that Observer can help you by addressing these network security software concerns.
Traditional flow-based network security solutions aggregate flow from only some network infrastructure devices. We take this a step further and compile user sources from domain servers and authentication servers, SNMP, MAC addresses from ARP tables, and even cloud sources like AWS and Microsoft Azure.
When coupled with VIAVI Observer’s third-party validated wire data capture solution, GigaStor, an organization can give themselves the most complete picture of their network: true network visibility.
Additional resources:
Contact us for more information, receive a price quote, or watch product demonstration videos. We’re here to help you get ahead.