Large enterprise customers are struggling to leverage and get better return on investment from various Network Operations (NetOps) and Security Operations (SecOps) tools. In a recent end user study we conducted, large enterprise organizations (banks, eCommerce companies, healthcare organizations, managed service providers) have in the order of 100+ tools deployed among NetOps and SecOps teams. We had a chance to closely observe both NetOps and SecOps analysts, their workflow, and how they leverage some of the common tools. Immediately one pattern jumped out – every analyst has their favorite set of tools and a particular workflow!
A key issue here is how would an organization standardize and leverage a common set of tools and workflow across their NetOps and SecOps teams? Some organizations (banks, for example) seem to be more advanced in doing this compared to the others. There are policies in place to do root cause analysis for incidents (network or security incidents), figure out how to identify similar issues in the future, and document the workflow and tools. This is known as “run books” in the NetOps community.
In our end-user study, almost all management level NetOps/SecOps respondents indicated they have key initiative underway to cut down the number of tools, standardize on them, and automate the workflow for analysts. This achieves multiple outcomes for the customers: better ROI on invested tools, ability to leverage common tools for NetOps/SecOps (example: 24×7 packet capture capability; aka Network Recording), and reduce response time for not just critical events but also non-critical events.
Endace’s launch of the Fusion Partner Program for the Endace product line (specifically, EndaceProbe Network Recorders) enables the large enterprise customers to move in the above direction to consolidate their tools, get better ROI, and automate/simplify the workflow to reduce time to respond to network incidents. Network Recording has become a key infrastructure capability for NetOps and SecOps teams to respond to incidents, archive the incident data, do root cause analysis, and document it in their “run books.”
In our end-user study, we had observed NetOps and SecOps teams are deploying separate Network Recording (i.e. packet capture) solution for Network Performance Management (NPM), Application Performance Management (APM), and security analytics tools. This is because some of the NPM, APM, and security analytics vendors have integrated Network Recording capabilities tied into their application. But what this means is that customers are paying multiple times than necessary for Network Recording capabilities for monitoring their data center deployments. This has incremented the hardware cost, additional rack space, and power consumption costs multiple folds!
Net/net time has come to consolidate Network Recording and provide flexible and open APIs for allowing customers to integrate their NPM, APM, security analytics and other applications (example: trade latency monitoring tools) to get better ROI, automate/simplify workflow, and reduce time to response for network incidents. This is a key turning point for us and we will be working with APM leaders such as Compuware, NPM leaders such as SevOne, and opening up our API capabilities to other vendors as well as our customers.