Network blind spots and what you should do about them
FYI, this story is more than a year old
Organisations need to be proactive when it comes network blind spots to help overcome potential threats, according to Ixia, who says network blind spots are often where organisations see issues arise.
The company says issues such as outages, performance issues, security threats, and compliance problems often occur when blindspots popup in an organisation’s network.
“Network blind spots happen when an IT department is unable to see what’s happening on the network. They can occur for any number of reasons, such as poor architecture or inadequate monitoring infrastructure,” Stephen Urquhart, general manager ANZ, Ixia, says.
“These blind spots can lead to unplanned outages, angry customers, and security breaches. Organisations should be aware of the most common causes so they can regain network visibility,” he warns.
Ixia has found eight common causes behind network blind spots:
1. Lack of monitoring access. Monitoring tools need to provide an end-to-end view of what is happening in the network. This includes both physical and virtualised networks.
2. SPAN port shortages. Switched port analysers (SPAN) are often in short supply for monitoring purposes. They can also be easily misconfigured, resulting in incorrect or missing data captures.
3. SPAN port overloading. SPAN ports can drop packets if the switch CPU gets overloaded. This can drastically reduce the effectiveness of performance and security monitoring.
4. Monitoring virtualised environments. According to Gartner, up to 80% of data centre traffic is server-to-server, versus client-to-server. This creates excessive virtual machine traffic in virtualised data centres. This traffic may never be observed in regular monitoring.
5. Siloed IT teams. Security, networking, and compliance teams often don’t work together or share data. This leads to errors in decision making and poor compliance policies.
6. Rogue IT. Users adding their own ethernet switches, access points (i.e. mobiles), offsite data storage, or add other elements to the network can subvert company security policies and cause major blind spots.
7. Addition of new network equipment. Failure to record who owns new equipment that is added to the network can cause blind spots, especially when equipment gets lost or forgotten but is still functioning. Lost equipment causes wider security vulnerabilities that need to be addressed.
8. New equipment complexity. The more equipment introduced the more complex the overall IT system becomes. If the IT system is too complex it won’t be used and may be forgotten.
“If any of these blind spots apply to an organisation’s IT system, it is important to respond in a proactive manner, rather than waiting for a system breach,” Urquhart says.
“Companies should implement visibility architecture at the foundation, when assembling their network, to improve system visibility.
“Being proactive with the installation, maintenance and ongoing training related to IT infrastructure helps overcome potential threats, providing greater security and peace of mind to businesses,” he says.