Correct bad network behavior to bolster application experience

Legacy hardware-based applications existed happily in isolation, untethered from a network. The thing that really mattered was the speed of the hard drive and having enough memory.

Today, even the software running from personal hard drives relies on other applications across the network to perform. Meanwhile, many modern apps run off a remote server, which demands optimum network performance. And cloud applications depend on every network link running at its best.

Network behavior analysis NBA

Network performance defines how well an application runs and how happy a person who is using it is. That, in short, is what user experience (UX) and application experience (AX) are all about.

There are two things IT must do to support an optimal application experience:

  • Keep applications running by spotting and fixing security issues before they bring down the software
  • Have a fast and reliable network that offers a consistently good experience

Application experience matters more than ever

IT infrastructure never ceases gaining complexity.

Migrating to the cloud and moving to SaaS makes the underlying network (including links to the outside) increasingly difficult to keep efficient and resilient under these burgeoning loads. That complexity coincides with a dramatic and unrelenting increase in application loads.

Network behavior analysis (NBA) helps secure and optimize the performance of the network upon which applications run and does so through a specialized form of network monitoring.

“NBA helps in enhancing network safety by watching traffic and observing unusual activity and departures of a network operation,” says Techopedia.

It works by monitoring all aspects of the network that impacts user and application experience. This monitoring spots performance issues that can be solved with network fixes or upgrades, as well as anomalous behavior that could indicate a cyber incursion that not only degrades application performance but can also cripple operations.

This single view of network activity, performance, and behavior, along with alerts, helps IT professionals quickly discover and address network problems.

How NBA supports root cause analysis

The biggest user experience crusher is when the network or application is down or crippled into non-usability. Second worse is when the application is performing so poorly that work slows – but doesn’t entirely stop.

In either case, restoring usability requires the root cause to be found and the problem speedily fixed. Is it a network problem or has the application itself crashed?

Discovering the problem and pinpointing the cause requires deep and complete visibility into the network. When application errors arise, network monitoring offers error details such as the actual transaction error with further details including a timestamp, user identification data and information about transaction. For troubleshooting, network pros can drill-down into the transaction and get more data such as the response time, username and whether there is a defined SLA attached to that application.

With this in hand, IT can resolve the problem and restore application performance.

Stopping outside threats starts – but doesn’t end – with firewalls

Good network defense is based on defense in depth, which starts with firewalls, often bolstered by other perimeter security tools such as intrusion detections systems (IDS) and intrusion prevention systems (IPS).

With all these perimeter defenses regularly in place, hackers often opt for other, easier routes. That is why three quarters of today’s attacks are not made against the perimeter, but instead target remote endpoints, including easily cracked end user devices, which connect to the enterprise network and access data and applications through privileged accounts.

Hack these remote devices and you hack a good chunk of the network itself.

Antivirus/anti-malware is just one piece of the network protection puzzle

Even the smallest shops tend to have firewalls and antivirus/anti-malware. Endpoints and network are sitting ducks without them.

But antivirus has its limitations, with protections based upon signatures of known attacks. Zero-day attacks are brand new and, with no signatures available, these attacks slip right by antivirus/anti-malware safeguards.

Unlike antivirus/anti-malware, network behavior analysis (NBA) does not depend upon signatures of known exploits to detect attacks, but tracks and analyzes actual network behavior to find abnormal actions that are an early warning of attack. The NBA knows where the abnormal behavior resides and what system are impacted so IT knows where to apply a fix.

How NBA works

Network behavior analysis learns a lot from the network telemetry data (IPFIX/NetFlow) produced by routers, switches and countless other network devices.

An NBA solution collects and analyzes this network telemetry data and compares it to baselines of normal behavior to spot anomalies.

Today, NBA tools can also gain a bit of AI “spice” with machine learning. They can learn the traffic characteristics of users and the enterprise’s network services, and intelligently discern the difference between normal and abnormal behavior. The machine learning makes the system adaptive and instead of these baselines being preset by IT, they change based on behavior.

Don't miss