Application Awareness Is Changing Networking Forever, Part Two

In Part One of this blog, I talked about the “why” of application awareness and discussed the first of our Application Intelligence products: Application Visualization. In this blog, I discuss Gigamon Application Filtering and Application Metadata products and, more importantly, how you can start making your network and organization application aware.

Application Filtering — Taking Action

Application awareness goes beyond simply identifying applications and visualizing them as a nicely designed pie chart. Because each application performs a different function, places a different load on the network and poses a different sets of risks, each application needs to be managed by the most appropriate tool, not by a simplistic one-size-fits-all approach.

Using Gigamon Application Filtering we can filter, prioritize and deprioritize applications, and create application-aware traffic rules to take appropriate actions. For example, you can choose to send all Dropbox traffic to your advanced threat protection and data loss prevention tools to perform full-packet analysis. But for apps like Spotify, it’s enough to have a single tool inspect the first few packets of a data stream to ensure that the data is what it claims to be.

On the networking side, it’s critical to know not only which applications are running, but also how many users are accessing these applications, how long it takes to load screens, what’s the round-trip query time to the database and so on in order to meet users’ performance needs and expectations. Armed with this information, a network engineer can tune the customer’s environment (for example, by changing QoS configurations) to provision the correct bandwidth and resources to deliver the right level of application performance to ensure a good user experience.

Knowing what applications are running on a network and their network load is a big deal. I have given about 25 in-person demos of Application Intelligence to our customers, and their reactions are both consistent and visceral — they are amazed at what they can see, especially when you show them their own apps within the dashboard. While customers may have heard or read about this feature, it’s one of those things you must see with your own eyes to really grasp its power.

If you’re asking yourself, “Don’t next-generation firewalls do the same thing?”, the answer is “Sort of, but not really.” An NGFW’s primary function is to secure the network, not to clean up the data and broker traffic between applications and tools. Plus, firewalls are almost always deployed at the edge, so what happens to your lateral (east-west) traffic? When it comes to something as important as your applications and network management, I don’t think your CISO would agree that “sort of, but not really” was the right approach for your organization.

Application Metadata — Going Deep

Application Visualization shows what’s running on your network, while Application Filtering provides application-aware management of network traffic. The latest member of the product family, Application Metadata, describes how the application is behaving — what it is actually doing. 

This type of behavioral data has usually fallen into a gap and has not been monitored by either applications or network tools. And even where an application does monitor its own behavior, this is still an incomplete solution because, with the average enterprise running hundreds of apps, it is impossible to get a single view of all this activity.

As application architectures become ever more complex and as user-experience expectations and enterprise SLAs become more demanding, monitoring and managing these applications becomes even more important. This requires a product that can store and analyze thousands of different metadata elements that describe the behavior of the complex application workload that most mid- and large-scale enterprises run.

That’s exactly what Gigamon Application Metadata does. It leverages Gigamon Application Visibility to identify and categorize more than 3,400 applications and protocols, and then opens up a treasure trove of 5,000-plus metadata elements that can be stored to describe the behavior of these apps.

This metadata can be used by a wide variety of tools and solutions. For example, the latest release of Gigamon integrates out of the box with QRadar and Splunk to provide new levels of visibility into application behavior and security events.

Along with the release of Gigamon Application Metadata, we have also launched our first software developer program, a program that is open to both enterprise users (through the Gigamon Community) and third-party software developers through the Gigamon Metadata Empowered Program. This has led to the availability of a wide range of metadata-empowered tools from companies including Active Countermeasures, FireEye, Flowmon, Plixer, NetFlow Auditor, Spirent, Viavi and WitFoo. These tools address issues such as threat hunting, network and user experience optimization, and even lab-to-live testing and migration.

How Do You Become Application Aware?

Going back to the freight train metaphor I used in Part One, coming down the track we’re seeing a myriad of application-aware solutions. Some of these are generic NetOps and SecOps tools, but we’re also seeing apps that address the specific needs of vertical markets — such as healthcare and industrial operations — using the applications and protocols specific to their needs.

But that’s a discussion for a future blog. For now, I’d recommend that you get in front of the demand for your organization to become application aware and be the first to show your CISO, or even CEO, what’s really running and happening on your network.

A great first step toward this is to visit the Gigamon App Metadata Group and get familiar with what we, and our partners, are doing to help make your network and organization application aware.