“Visibility of network traffic usage and profiles is fundamental in maintaining performance and diagnosing issues across distributed environments.”
Network Performance Monitoring
The Byte25 network monitoring module presents detailed information on who and what is consuming network resources. That is, detailed visibility of traffic flows traversing the network to identify traffic patterns and trigger alarms when anomalous conditions occur. Comprehensive network monitoring is a fundamental capability that IT managers and network engineers need to diagnose network issues and ensure performance across distributed environments.
Byte25 collects data from either dedicated hardware or virtual appliances deployed in strategic locations throughout the network or from flow agents, such as NetFlow, configured in existing network switches and routers. This provides a cost-effective solution whilst maintaining compete visibility across the network.
The Byte25 appliances use deep packet inspection (DPI) to classify network traffic and export data to a centralised on-premise or cloud based database. Before export, flow information is enriched with other information such as host name and location to further simplify problem diagnosis and resolution.
By implementing DPI techniques, Byte25 goes beyond traditional network monitoring that focuses on raw bandwidth measurements. Utilising DPI allows for a comprehensive traffic profile of network usage from raw packets right through to individual users and applications. This includes the ability to isolate traffic by IP address, by hostname, by web URL or by Layer 7 application name and many other high-level metrics.
Additionally, inter packet arrival times for each flow are measured to present meaningful insights into network latency and jitter that may be impacting specific users or applications. Again, the detailed latency metrics allow IT managers to quickly and easily respond to, and isolate, performance issues as they occur.
The other significant differentiator for the Byte25 network monitoring platform is the ability to classify network traffic by subnet. The origin and destination of all observed flows are classified into user defined subnets or sites to characterize performance for remote sites or VLANs. Subnet classification negates the need for an appliance to be deployed in each remote site reducing costs by minimising the number of appliances needed to monitor the entire network.
“Maintaining cyber security is arguably the biggest challenge facing IT managers today. The ability to secure the network components is essential in maintaining integrity across the IT environment.”
Cyber Security Monitoring
The network provides the conduit for all users and applications and the reliance on a secure performant network is becoming increasingly important as applications move to cloud-based SaaS applications. Securing and identifying threats traversing the network is a critical component in maintaining cyber security.
Byte25 provide a comprehensive network detection and response (NDR) capability as part of the Byte25 platform. The Byte25 NDR solution continuously monitors network traffic to identify potential and existing threats that may exist, both from inside and external.
Enhanced Intrusion Detection
At the core of the Byte25 NDR solution is an intrusion detection system that continuously scans the network for malicious traffic. If detected, an alert is generated to inform the IT team of a potential issue. Intrusion signatures are updated daily to ensure zero-day threats are detected. In addition to the signature-based IDS, Byte25 also uses machine learning to profile the network in order to identify anomalous traffic that may indicate a cyber breach.
By housing the IDS data in the same data-store as the network and application performance data, a high degree of correlation is possible allowing faster identification of potentially malicious traffic and devices. For example, where a suspicious external IP address is detected, by querying the performance data we can quickly determine the name and location of the malicious IP as well as any historical communication to other internal hosts. This correlation provides a high degree of security over a traditional standalone IDS solution.
The nature of cyber security incidents is complex. Many alerts are highly technical requiring specialised security analysts to decipher and action. Byte25 understand that such specialized resources are not always available and so provide a range of playbooks allowing network engineers and system administrators to understand the nature of the issue and a set of guidelines to help triage and resolve.
Simple Rule Management
The other traditional challenge with NDR (and IDS in particular) is the number of false positives that can render a solution useless. Byte25 have developed a set of standard templates that filter out the ‘noise’ and provide a clean starting point for most organisations. The Byte25 NDR platform also has a comprehensive rules management system that allows users to continuously tune the IDS for local requirements.
Lastly, as part of the NDR platform, Byte25 provide a policy monitoring component that aligns the network detection capability with corporate policies to identify traffic that, whilst not malicious, may contravene organization policy guidelines. Policy monitoring goes beyond traditional firewalling to identify non authorized applications that would traditionally slip straight through conventional firewalls.
The Byte25 cyber security monitoring module is critical in maintaining cyber security integrity across the organizational network.
“Applications and networks don’t exist in a vacuum; visibility of application performance is essential in addressing end user experience issues and maintaining business applications.”
Application Experience Monitoring
Traditionally there has been a disconnect between network and application monitoring. When performance issues occurred, network and application components are often examined separately in isolation to each other further complicating the ability to identify root cause and provide timely resolution.
Byte25 combine the disciplines of network and application monitoring into a single platform to ensure a complete picture of network visibility. The application monitoring component allows synthetic transactions to be configured to assess the performance of applications hosted both locally and cloud based.
The use of synthetic transactions closely mimics that of real user performance providing the most accurate picture of end user experience. The Byte25 application monitoring collects timings for DNS lookup, TCP connection, first byte received, content transfer and TLS handshake and logs these to the database for historical reporting. In this fashion, performance for each application can be assessed both in real time and historically for each site.
The Byte25 Application Experience monitor emulates real user experience to provide the most comprehensive picture of application performance available.
“Access to a good set of diagnostic tools is critical for network engineers to be able to respond to network issues as they occur.”
Network Diagnostic Toolset
Access to network diagnostic tools is critical for network engineers to respond to and resolve performance issues as they occur. Many network engineers still resort to tried and tested ‘blunt instrument’ techniques like ping and traceroute as the first port of call to diagnose network issues. Byte25 provides a set easy to use network diagnostic tools that go way beyond ping and traceroute to help network engineers identify and resolve issues faster.
Network Packet Capture & Analysis
Network packet capture and analysis is still a core competency for network engineers to address network issues. The issue with network packet capture and analysis is that it is costly to perform, usually requiring a network engineer to travel to a remote site with a network protocol analyser, then configure a mirror port on the relevant switch and wait until the problem (hopefully) occurs.
By integrating a full packet capture and analysis engine in every appliance, Byte25 can perform packet analysis on remote sites without the requirement for a network engineer to attend. Packet capture sessions can be initiated from the appliance web interface with the resulting capture files either analysed right from the Byte25 dashboard or downloaded for further analysis by third party tools such as Wireshark.
The Byte25 network packet capture and analysis toolkit provide a fully distributed packet capture solution negating the need to dispatch expensive network engineering resources to remote site.
Real Time Performance Analysis
Inspecting network performance in real time can be challenging. When users complain of poor performance it is often difficult to identify the root cause. Network performance is multi-dimensional with many variables contributing to the overall experience of the end user. The Byte25 real time monitoring tools go beyond simple techniques such as ping and traceroute by allowing network engineers to isolate specific user or application traffic and assess meaningful metrics such as latency and throughput in real time.
The Byte25 real time monitoring tools should be the first port of call for network engineers responding to user experience or network issues.
Web Application Analysis
As more and more applications move to web-based application nvironments often hosted in the cloud by SaaS providers, the difficulty of identifying and resolving application performance issues increases. The Byte25 web application timing and analysis tools provide a detailed breakdown of web-based application performance. Each element of a web based application is measured allowing network engineers to determine the relative effects of the network, server and application components of the connection.
The web application and timing analysis generates a synthetic connection to the web-based application and profiles each web element and the corresponding components that contribute to performance. By isolating key metrics such as DNS lookup, SSL connection, download or wait time, it is possible to quickly and easily identify root cause of performance issues for web-based applications.
IT Managers don’t sit in front of screens all day waiting for stuff to happen. Monitoring solutions need to be smart enough to provide information proactively to the people and applications that need it, when they need it, in a format that makes sense.”
Report, Alerting & Integration
Whilst the Byte25 solution comes with an intuitive easy to use clickthrough dashboard, the reality is that IT managers and network engineers don’t want to be looking at screens all day on the off chance that something happens. Sure, the dashboards are great for diagnosing problems when they occur, but an integral part of any monitoring solution is the ability to proactively inform network operators when performance degrades, malicious traffic is identified, or an anomalous event is detected.
The Byte25 platform includes comprehensive alerting allowing for triggers and actions to be defined to alert network operators of potential issues. The triggers range from simple thresholds which may fire under certain conditions such as bandwidth to a particular site exceeding a percent utilization, right through to complex cyber events where an alarm is generated upon detection of malicious traffic.
The actions are designed to be flexible, from logging an entry to the database, generating an email or SMS message right through to a custom webhook designed to interface with third party systems such as a help desk. The underlying philosophy is to deliver the alert information in a format to the correct person or application in an accessible format negating the requirement for 24/7 ‘eyes on screen’.
Automated reporting is an integral part of monitoring. The ability to generate meaningful reports suitable to a range of different audiences is crucial for capacity planning and maintaining a well performing and secure network.
Byte25 provide a comprehensive range of reports that may be run ad-hoc or scheduled to generate periodically and be delivered via email. The reports are designed with particular audiences in mind, from high level reports suitable for ‘C’ level or board presentation, right down to detailed technical reports suitable for network operations teams.
Byte25 understand that network, application and cyber security monitoring tools don’t exist in isolation. Similarly, whilst the promise of a ‘single pane of glass’ has been around for many years, the reality is that IT managers and network operators often suffer from dashboard fatigue with many different systems delivering point solutions within their environment.
Byte25 goes some way to help eliminate this dashboard fatigue by integrating network, application and cyber security monitoring in the same platform, however it is equally as important that we provide the integration flexibility to deliver data in a format and to the platform that makes sense to the organisation.
To that end, Byte25 are continuing to implement tight integration with other vendors, be they PSA systems for MSPs, help desk platforms or even other monitoring platforms like Elasticsearch and Splunk. At a simple level it is possible to implement webhooks and API call to export data to third party systems. Byte25 also publish an API that allows other systems access to the Byte25 data.
If a specific non-supported integration is required, Byte25 are happy to discuss how we can work with you to get the data where it needs to be in a format that makes sense.