Understanding IT Stress Points with Application Intelligence

An article in the March 20, 2020 issue of Wall Street Journal outlines how many companies are retooling operations to assist in the fight against Coronavirus. While the article focused on the broader operations impact (especially in manufacturing), it’s worth pausing to consider how the same impact is being felt by IT operations and InfoSec teams in today’s digital economy.

Preventive measures such as shelter-in-place, lockdowns and quarantine procedures have led to a spike in remote workers forcing the wide area network (WAN) to become the new local area network (LAN). As of the time of publication, several states in the U.S. and entire countries elsewhere are in lockdown, affecting hundreds of millions of residents globally.

While several of us are fortunate that we can at least conduct a significant part of our business this way, there are important repercussions on IT and security operations teams because of the sudden change in network traffic patterns.

Digital operations such as e-commerce, mobile banking and telemedicine, to name just a few, are all coming under massive strain because of a surge in web-based transactions initiated by consumers forced to shelter in place. Call centers, for example, accustomed to having their employees working onsite, now have to accommodate teleworkers and still find the correct way to be in compliance with their organization’s policies, such as recording relevant conversations with customers. These are just a few examples of how every business has had to react swiftly to adjust to the new reality.

Three Simple Questions to Ask

It is an understatement to say that these events have put a severe strain on IT teams to keep their infrastructure humming when it’s most needed. IT ops, network ops and security ops teams should therefore ask themselves three simple questions. Answering these questions would help maximize ROI and efficiency of their infrastructure when business continuity is most critical:

1. How have the changes in where employees work and how customers engage affected operational tools?
2. Is the sudden spike in remote workers and customers, and the resulting changes in network usage patterns, causing your IT tool stack to be overwhelmed?
3. Is this spike in usage and resulting changes in infrastructure raising concerns about new visibility hot spots?

Infrastructure in any business is built with certain assumptions in mind, which come under stress when a crisis happens. For example, most companies design their VPN infrastructure with the assumption that most employees would be working on the LAN and VPN would be used in a limited fashion. Current events, however, have created a scenario where nearly 100 percent of employees are now working remotely.

In our own company, some business-critical systems were accessible only via a VPN before. The surge in expected VPN usage with nearly all our employees working from home forced our IT team to rapidly rethink associated infrastructure and performance implications and make these systems accessible over the internet with reconfigured security measures put in place.

Leveraging Application Intelligence

Gaining advanced visibility into network and application usage patterns is a vital step to unblocking bottlenecks in customer experience and proactively detecting security gaps.

A key technology that assists administrators with these questions is Gigamon Application Intelligence, which enables security and IT administrators to visualize, extract and distribute application traffic or application metadata of interest to tools.

For example, surges in video conferencing traffic due to the use of applications like Zoom, Cisco WebEx, Skype or GoToMeeting can very quickly overwhelm out-of-band security tools such as intrusion detection. Security stacks have traditionally been designed to process all network traffic in network segments of interest. The first step to understanding the impact on tools is therefore to have a strong understanding of the applications and their usage that are causing surges in network traffic with Gigamon Application Visualization.

Likewise, client traffic from a VPN is typically processed by a dedicated security stack. It is worthwhile to review if such traffic is being unnecessarily re-inspected again by the same type of security technology. Gigamon Application Filtering Intelligence provides the capability to intelligently select applications and traffic sources from trusted sources and determine if those applications should be sent to or bypassed from security tools. IT operations teams responsible for their client-facing applications who have seen a surge in usage of these applications can similarly leverage Application Filtering Intelligence in a visibility and analytics fabric to selectively extract just the applications of interest.

Lastly, the new usage patterns could throw up visibility blind spots that were not in focus before. If a certain application or system was being used only in-house but is now being accessed by remote employees, are there new visibility hot spots that need attention? This is where analyzing application metadata extracted with Gigamon Application Metadata Intelligence enables efficient inspection of metadata attributes and provides the deep application visibility needed to observe and pinpoint performance bottlenecks and potential security risks including changes over time.

If you are a Gigamon customer using GigaVUE^® HC Series nodes, chances are that you can quickly enable some or all of these capabilities with a simple software knob. Reach out to us via the Gigamon Community or your Gigamon partner so that we can assist you during this critical time.

CONTINUE THE DISCUSSION

People are talking about this in the Gigamon Community’s Networking group.

Share your thoughts today