Network Traffic Analysis – Methods and How to Analyze
Entuity软件
网络是用来处理流量的,但并不是所有的网络活动都是一样的. It’s important to be able to identify security issues, as well as irregular operations that might lead to problems and even network downtime.
跳转到节
What Is Network Traffic Analysis?
Benefits of Network Traffic Analysis
Importance of Network Traffic Analysis
Agent-Based or Agentless Collection
Getting Started: Small and Diverse
在这篇文章中, 我们将探讨网络流量分析及其在保护网络安全和正常运行时间方面的作用.
What Is Network Traffic Analysis?
网络流量分析是分析网络活动和可用性的过程. This operation involves tracking what, 当, where data is flowing across different parts of the network.
Of course, there’s more to it than just monitoring what’s going on. 此过程的主要目标之一是帮助检测和预防威胁,并监视潜在的问题. 要做到这一点,首先需要定义什么是“正常活动”.
That’s the beginning of traditional network traffic analysis. 一旦你设定了底线, you’re able to begin watching for unrecognized device types, 未经授权的用户, 和更多的.
Benefits of Network Traffic Analysis
Why should you analyze network traffic? It’s about protecting your data sources, ensuring optimal network performance, identifying potentially dangerous traffic patterns. The benefits of network traffic analysis include:
- 超前于入侵检测系统和入侵防御系统
- Providing insights into your network operations
- Accounting for all entities/devices attached to a network
- 识别和记录网络中用户、设备和操作之间的关系
Importance of Network Traffic Analysis
Network management and security have never been more important. 随着我们进一步进入大数据时代,你可以预期它的重要性将继续增加.
网络流量分析提供了自动检测异常的手段, 提高网络可用性, 提高网络性能, 确保最大 network observability and visibility, enhance your network’s security. Of course, to enjoy those benefits, you need to know the basics.
如何分析网络流量
分析网络流量最好使用专门构建的分析工具. 然而, not all solutions are the same. 没有一种放之四海而皆准的方法适用于所有的网络和配置. Instead of discussing what to look for in an analysis tool, 更重要的是,您首先要了解如何分析网络流量. From there you can choose a tool based on your network’s specifics.
识别数据源
The first step is to determine which data sources you’ll use. These can include any device attached to your network, 比如路由器, 十大赌博正规老平台器, 防火墙, 开关, 和台式电脑. Even applications should be considered important sources of data.
考虑 IT资产发现十大赌博正规老平台 or 网络发现软件 to gather an exhaustive inventory of your network.
Agent-Based or Agentless Collection
You must also decide how you will collect data from those sources. 这里有两种选择——基于代理的收集和无代理的收集.
基于代理的收集涉及到使用部署在数据源上的软件. These software-based agents can collect a wide range of information, including data about system resource performance, 网络通信, 和更多的. 然而, while the data it yields can be very granular, you can also run into issues with storing the information, as well as processing challenges.
无代理收集不需要软件,而是依赖于api, varieties of network management protocol, processes already in place. 例如, SNMP和Netflow 可以产生大量的信息,就像在防火墙上启用Syslog一样. The data retrieved will be less granular, but the demand for storage and processing resources is less.
认识到限制
所有网络都有一些影响数据收集和流量分析的限制. So which restrictions apply to your network?
- Do you need to open specific ports for information collection?
- 是否需要配置SNMP版本的访问控制列表(SNMP V1 vs. V2c vs. V3)你的网络使用?
- Do you need permissions for your organization’s SD-WAN技术?
- 在分析流量或收集具体信息之前,是否需要得到部门主管的批准?
- Do you need to break down information silos?
- 是否有行业规则或政府法规影响你的努力?
Getting Started: Small and Diverse
虽然很容易贸然进入网络流量分析,但最好从小处开始. 我们的建议是从一个小的、多样化的数据收集测试项目开始. 您需要使用来自整个网络的各种数据源,以帮助确保在跨网络扩展分析项目之前能够识别任何与系统相关的问题. 从小处开始,你就能一步步走向成功的跨网络项目.
Determine Collection Destination
项目的另一个重要部分是确定将收集的信息存储在何处. You can choose from many different destinations, including virtual appliances and purpose-built hardware. 但是,请确保您的存储解决方案与网络的复杂性和大小相匹配.
例如, if you have a significant number of virtual devices, 那么虚拟存储设备可能比其他选择更有意义. 如果您使用的主要是物理的现场网络,那么虚拟设备就不太合适了.
最后,记住存储目的地会影响分析能力. 如果您的存储设备不提供通过基于web的用户界面查看数据的功能, 例如, you’ll discover that analyzing your information is more challenging.
准许持续监察
Understand that monitoring your network is not a part-time task. It’s a full-time responsibility. 确保通过最终实现的解决方案启用了持续监控和数据收集.
指示板 & 报告
能够查看、钻取和操作收集到的数据也很重要. 您应该有一个单一的指示板,提供对不同格式的数据的可配置访问(报告)。.
配置警报
Finally, ensure your system can notify you 当 something’s wrong. Configure alerts via email, as well as through tools like a network fault monitoring system 你和你的团队使用的.
在网络流量分析和监控解决方案中寻找什么
既然我们已经讨论了网络流量分析的重要方面, we should touch on what to look for in a network analysis tool. Your network traffic analysis tool should offer the following:
- Flow-Enabled设备 -如果您的网络流量分析工具只接受特定的流量,则需要启用流的设备. 然而, other devices can accept raw flows.
- 数据源 -确保您能够从不同的来源收集流数据和数据包数据. 并不是所有的工具都能做到这一点.
- 网络点 – Is the tool agent-free or does it use agent-based software? 在开始时放慢监控速度,以便准确地进行扩展.
- 数据类型 – Will your tool collect real-time data or only historical data? Does the tool retain data as time goes on so that you can compare?
- 全包捕获 -完整的数据包捕获和保留提供了您的网络流量的最佳图片, but it’s costly and requires extensive appliances. 最好选择一个只从数据包中提取最关键数据的工具,而不是存储所有数据.
Simplify Your Network Analysis Today
Analyzing your network traffic doesn’t need to be stressful. The right partner can meet you where you stand, depending on the current resource utilization of your IT team.
Monitor Network Traffic In-House -如果你有员工来分析你自己的网络流量,那么利用一个 enterprise network monitoring software like Entuity软件™ 可能是最优解吗. 通过网络设备发现, 网络拓扑映射, 网络流量监控 capabilities built into the core platform, analyzing your critical network insights is easier than ever.
Outsourcing Network Traffic Analysis -如果你的IT人员没有足够的带宽来分析你自己的网络流量, then outsourcing this function to a trusted network management services 提供者是最好的路线. 侨福物业管理十大赌博正规老平台™是一家 suite of IT infrastructure managed services 旨在监控和管理您的关键IT系统. 这意味着你可以在不影响生产力或覆盖面的情况下裁员以抵御经济风暴.
立即联系Park Place Technologies,了解我们如何帮助您简化IT交付!