How do network management systems simplify security?

I am the CIO at my company, and I have found that it has been a daunting task trying to keep our network secure over the years. I'm interested in a new network management system that would simplify our network administrators' tasks. What would you suggest?

Today, many network management systems aim to increase visibility into the network and focus more on security. Since security is often left to the administrators of each department, having additional security built in to tools is becoming common.

Network management systems that provide security insight are useful tools for your networking team. However, there are a few things to consider before implementing one.

From a security perspective, monitoring a network is important because, as all data has to run through it, it's a good place to look for anomalies and incidents. There has also been a shift in the security field to make behavior analysis the norm when monitoring for malicious activity.

There are other things to look for in network management systems that help administrators detect threats within the data, and that's with performance. If you're able to gauge the performance of your equipment or applications, then you're more able to detect incidents that cause loads on the systems based off the thresholds for which they're configured. This would also include the bandwidth usage of systems that might experience slowdowns due to distributed denial-of-service attacks or a worm outbreak within the network.

Many of these network management systems enable email or text message alerts to notify admins of performance, security or device issues. Plus, there are threshold limits based on protocols within the network that trigger when potentially suspicious traffic is found.

There will also be times when the network team is asked to assist with incident response for an event, and not just the early warning signs of an attack. There are attacks on the network that will purposely go low and slow so as to not trip alarms within the environment. These east-west attacks, when found, need to be investigated, and the network team is commonly brought in to assist.

Using network management systems that have the ability to accept NetFlow -- or other flows -- to the device for storage and collection enables the network team to run reports on where particular users or systems were communicating in the past. Being able to tie the authentication logs, such as Active Directory, to this traffic is a huge win for incident responders. Also, being able to set up triggered packet captures for traffic patterns to give even more granular detail is extremely useful.

There are a few network management systems available today that can accomplish this type of monitoring and traffic review from the network side, including Riverbed, Stealthwatch or Paessler.

Ask the expert:
Want to ask Matt Pascucci a question about security? Submit your question now via email. (All questions are anonymous.)