Do you know which applications are running on your network? Well, if you’re anything like the 40% of the Fortune 500 customers we recently surveyed then there’s a good chance that you don’t. According to the survey, not only do large organizations NOT have a good grasp on the applications end users are playing with, but at least 53% of organizations of them also have IT policies that preclude the use of certain applications. It doesn’t take an astronaut to figure out that somethings very wrong here, so we won’t labor the point.

At Endace we regularly get involved with customers that are adamant that they know what’s running over their networks. To make the point that they’re wrong (and they usually are) we ask them to name an application that’s shouldn’t be present and we go off and look for it. More often than not we’re able to find it somewhere which we see as proof, if ever it was required, that users will always find a way to make IT work for them. For organizations that have adopted a BYOD policy the problem of application proliferation are amplified as users tend to have all sorts of odd things running on their phones, tablets and laptops. Today there are more than a 1000 different applications that all have a unique network fingerprint.

‘Application awareness’ is a buzz-phrase banded about by vendors in the firewall, network performance and network security markets with gay abandon. Application awareness infers that a vendor’s product has an understanding of what’s happening at the application layer. But not all application aware solutions are equal…. Historically, figuring out and indeed managing application layer traffic was reasonably straightforward because applications communicated on different port numbers, and by looking at the port number associated with a packet you could pretty much figure out what it was. But in today’s world, where a growing number of apps are web-based (and thus all communicate on the same port) the old methods for application detection simply don’t work. Being able to distinguish between Peoplesoft and World of War Craft at line rate 10 Gbps requires a sophisticated blend of DPI (Deep Packet Inspection) port matching, heuristics and horse power. It’s not quite an artform, but it’s pretty close.

But why care? With bandwidth to burn, surely people can do what they like, right? Wrong. In fact very wrong. Here’s a list of 5 really good reasons why you need to know, as accurately as possible, which applications are in use on your network right now.

1. Applications carry different security risk profiles which need to be understood by IT teams. Application X exposes an organizations to a higher level of exploitation risk than application Y and thus the use of application X needs to be monitored carefully to ensure that security is not compromised. Call it compliance, call it best practice, it doesn’t matter. It’s the right thing to do
2. Applications expose organizations to different levels of risk of data loss, which is subtly different to point 1. Dropbox and Skype aren’t by definition ‘insecure’ but they do make it very easy for end users to move sensitive data out of the business almost invisibly, bypassing traditional DLP tools
3. Some applications are patently illegal. End users downloading pirated content from Pirate Bay on a corporate wireless LAN is a recipe for trouble. And ignorance is no defense, so beware!
4. Different applications consume bandwidth in different ways and in different proportions. Application performance issues are often related to bandwidth congestion, so knowing which apps are consuming the available resources at any given point in time is a vital input into the troubleshooting process and can dramatically shorten time to resolution
5. Some applications are by definition more ‘productive’ than others. A corporate network full of YouTube and World of War Craft can be a sign that employees aren’t perhaps using their time as productively as they might be and that some kind of intervention might be required.

So, there’s a number of good reasons why you need to know what’s happening on your network.  But of course, knowing is one thing and enforcing is something quite different. The reality is that for most organizations there’s two pieces to the application awareness puzzle: An application-aware network monitoring / recording tool such as an EndaceProbe AND an application aware firewall. The combination of the two technologies enables organizations to not only build an understanding of network usage usage, but also deliver the necessary enforcement / prevention capability.

So how much do you really know about your application mix? If you’re interested in what else other organizations do and don’t know about their networks you can download our 2012 network visibility survey here

This entry was posted on Thursday, October 18th, 2012 at 1:48 am and is filed under Cyber Security Monitoring, General, Network visibility. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.