Securing Datacenter Using NetFlow Analyzer - A case study

 

About the company

Founded in 2001, Micron21 Pty. Ltd. has grown from the status of a reseller to become a full-fledged datacentre based in the outer east part of Melbourne, Australia. They own and control the entire infrastructure enabling them to provide fully managed cost-effective services with the flexibility to provide custom solutions tailored to each individual client no matter how big or small. The clients benefit from an extremely fast, secure and redundant network complemented with world class round the clock support.

Business problem

Over the years, the reputation and client base of Micron21 grew. With an increasing client base, the bandwidth requirements also grew. The surge in traffic volume made it challenging to get visibility into the network and its utilization in real-time.

Some Solutions

A solution to this problem, Micron21 relied on a basic SNMP network solution to gain this visual representation. This allowed them to classify network interface utilization based on 5 minute averages to display a graph that could be used to analyze the nature of traffic across the network.

As Micron21’s network continued to expand, and the amount of utilized bandwidth rapidly increased, it became more difficult to analyze and classify the traffic patterns. With the possibility of an attack from both inside and outside the network, it had also become difficult to locate the source and destination of traffic across the network. It became apparent to Micron21 that having a real-time representation that is accurate and informative was paramount, as their ever increasing client base would be vulnerable if there were unexpected disturbances in the network.

Having network utilization reports that updated every 5 minutes became inadequate to meet their requirements, with traffic classification not as swift as it should be to ensure smooth network management. Real-time network visualization became Micron21’s top priority, and thus an investigation began to find a replacement product. Although somewhat useful it was shown that SNMP monitoring was not quite as effective as they would like. Micron21 began using Wireshark, and although first thoughts indicated an effective solution, it was found to be far too informative for what they required.

NetFlow technology

Micron21 began looking into the capabilities of NetFlow, and it became clear with demonstrations on CISCO routers of how effectively NetFlow could provide a visual representation of traffic across Micron21’s network. NetFlow technology was now able to provide Micron21 with a wealth of important information to effectively monitor their network. Over time the amount of information began to prove valuable in identifying the source and destination of attacks across the network, and thus further identifying that Micron21 had made the correct decision on the right technology.

Furthermore Micron21 required further information from CISCO interfaces, including a history of events, traffic reports and any other analytical information that was available. After choosing the NetFlow technology, Micron21 began evaluating software vendors on the market including Arbor Peakflow, Plixer Scrutinizer and ManageEngine NetFlow Analyzer.

The critical factor that the vendor software had to meet, was to be able  to provide Micron21 with a real-time graphical representation of their network. The software also had to meet the following further needs:

  1. What is happening right now?
  2. Where is the traffic coming from?
  3. Where is it going?
  4. What protocol is being used?

The final criteria that the software had to meet, was to be able to work under stressful conditions. At times traffic across the network could reach tremendous amounts, especially in the event of an attack. The information that needed to be provided to mitigate the attack had to be provided fast, and accurately under these conditions.

The Result

In the words of Micron21:

In the words of Micron21: “In our evaluation there was only one clear winner, ManageEngine NetFlow Analyzer. The software was quick, simple and provided us relevant information on exactly what was happening on our network at that instant, as well as providing an array of history and analytical based functions and features. ManageEngine NetFlow Analyzer provides Micron21 with the ability of near real-time visibility on any important interface of precisely where the traffic is coming from, and where it is going. Furthermore, it also gives us the ability for our own customers to login and view their own traffic within their IP group exactly in the same way, providing real time information to the complete metrics of any data traveling over their IP range.

Today ManageEngine NetFlow Analyzer has matured, and includes security modules which help classify attacks on the network by alerting us anomalies as they occur in real-time, allowing our network administrators visibility on exactly what is occurring right now within our network.”

In short, as a datacentre operator Micron21 highly recommends the use of Manage Engine NetFlow Analyzer to provide in-depth real-time information on your network!”

 
Customer Speaks
 

"NetFlow Analyzer has helped us reduce the time taken to isolate and
contain threats like worms and virus attacks. It has also helped us to solve network incidents faster, and do better capacity planning."

Fred Hassard, Sr. Network Engineer, Adventist Health