I was contacted recently by an old acquaintence, Alan Hall, formally from Novell and now with Solera Networks. Hmm. That didn't come out right. Alan is someone I've known for a while. I'm not saying he's old.
Alan wanted me to hear about a different way to manage environments. Solera Networks makes it possible to capture all of the network traffic in and out of both physical and virtual systems for later in-depth analysis.
Here's how Solera Networks describes what they do
Solera Networks technology allows you to create a continuous record of your network traffic. We capture a complete record of network traffic, the packet header and payload, and we stream it to storage at a rate faster than anyone else, without losing a single packet. With an actual recording of your network activity and traffic you can more effectively manage your network, improve network security, perform network analytics/forensics and for service providers, support lawful intercept requests.
Today, network analysis tools are plentiful, but all rely on a sampling of data. You either analyze a sampling of data and hope to find the root cause of a problem, or you have to know what to look for while you are analyzing the active traffic. Too often, you don't know what to look for until after the traffic has already passed through your network. Having a complete record of your network traffic allows you to perform filtering, network analysis and forensics to uncover the root cause of a problem. Continuous deep packet capture adds value in a number of areas including: Network Security – Better support Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) with a complete record of network traffic. When a firewall detects something out of policy, you have a complete record before and after the event to determine the root cause of the intrusion and quickly secure any weak points to prevent future breaches.
Network Management – Enforcing network use policies, ensuring compliance, improving the quality of service, and shaping network traffic to optimize performance are important elements of effective network management. When you have a complete and accurate record of network traffic, you can more effectively perform these tasks.
Lawful Intercept – Internet Services Providers (ISPs) and VoIP providers are required by law to have the capability to deliver network traffic data to Law Enforcement Agencies (LEA) as determined by a warrant. It's basically a wiretap on any network traffic that may pass over the provider's network. Solera Networks technology provides a cost-effective and simple way to capture specified traffic and deliver it to any LEA. Our technology supports the Communications Assistance for Law Enforcement Act (CALEA) and their equivalents in other countries.
Forensics/Analytics – A complete record of your network traffic enables your network analysis and forensics tools to deliver an accurate report, not a guess derived from a mere sampling of data. Now you can better identify weak points in your network and determine where sensitive data is being siphoned off. Perform behavioral analytics on your network and improve the quality of your business intelligence. Reconstruct any portion of your network traffic and obtain evidentiary proof of network misuse or unapproved behavior.
I've spoken to a number of companies that watch network traffic as a way to manage systems on the network, manage the network itself and to enhance security. None of them are capturing and storing network traffic for later analysis. Their products analyze and manage the flow of traffic on the fly. There are some interesting ramifications of having a complete copy of network messages that would allow a very fine grain, after the fact analysis of what's happened when network or security related problems are detected. This might make it possible for an IT administrator to get to the bottom of when and how an intrusion or security breach occured.
Even if Solera Networks has developed some fantastic compression tools, this approach also means having to store a very, very large amount of data for later analysis. It also could be seen as a very large intrusion into the privacy of users if this is deployed in a hosting or service provider environment.
If you are facinated by security related technology, a visit to Solera Network's website should prove interesting.