Introduction

Radically dissect network traffic for analysis, troubleshooting and monitoring…all with zero impact to the production network.

Policy Enforcement

Quality of Service

Traffic Shaping

ComplianceNetwork administrators often face the same challenges of diagnosing a network problem that doctors do when diagnosing a patient. Doctors don’t have the luxury of slowing down time, replaying the events that lead to the emergency, or systematically dissecting the patient to find a root cause—but now, network administrators do. Solera Networks’ DS line of packet record and playback appliances give network managers the ability to radically dissect network traffic for analysis, troubleshooting and monitoring…all with zero impact to the production network.

Network Management »

Network Management

Through the emergency room door, a dying patient is rolled in. The surgeon springs to action, stopping bleeding, removing blockages, checking vitals and diagnosing—often with only the barest of information—before the patient’s condition worsens...

Proactive and comprehensive network management using packet capture and playbackToo often, network managers face similar situations—a critical network failure, little evidence of cause, and a triage sequence that hopefully keeps the network operational until an accurate diagnosis is made. Doctors don’t have the luxury of slowing down time, replaying the events that lead to the emergency, or systematically dissecting the patient to find a root cause—but now, network administrators do.

Solera Networks’ DS line of packet capture and stream-to-storage appliances give network managers the ability to radically dissect network traffic for analysis, troubleshooting and monitoring…all with zero impact to the production network. It’s like operating on a clone to determine the problem and resolution—without disturbing the patient until the cure is ready.

Solera DS appliances are valuable network management tools that give administrators the ability to proactively monitor, analyze, dissect and preemptively eliminate network problems. Solera DS appliances provide a complete and comprehensive record of all network activity that can be analyzed using any of the many standard protocol analysis tools. In addition, high-performance capture/playback speeds (under 1 microsecond latency) enable them to be used as a network filter, buffer, cache or accelerator. Filter unwanted packets, cache traffic bursts for regulated line use, or redirect traffic directly to specific locations. Use Solera DS appliances for capacity planning, flow and protocol analysis and to ensure quality of service.

Network Management challanges

Network managers are beleaguered with three general types of network problems—

1.Maintaining required levels of performance for legitimate traffic.

2.Eliminating unauthorized and irrelevant traffic.

3.Inadequate tools to monitor, detect and analyze flow and packet details.

Challenges with typical network analyzers include:

  • They can only tap a limited number of network locations.
  • Merging data from different network points at different times is difficult.
  • Most analyzers can’t capture all traffic, and when they do, they can’t play it back at full rates.
  • Parsing volumes of network information is very difficult—and slow.

Solera DS appliances helps administrators meet these challenges, enabling flow control, packet analysis and comprehensive monitoring using freely available standard protocol analysis technology.

Flow Control

Speed mattersDuring the stock market plunge on February 27, 2007, online brokerages took twice as long as usual to complete trades. Some firms experienced two to eight times degradation in Web performance (one firm’s trade execution times were 208 seconds as compared to 11.5 seconds on the previous day). (source: “Stock Market Plunge Hammered Online Brokerage Sites”, Network World, 2/28/07).

Network speed always matters whether you’re a small company or a global enterprise. The cost of slow performance ranges from inefficiencies for users to critical and very costly transaction losses for institutions. Network congestion and delivery delays adversely affect critical applications, especially those with real-time requirements, such as voice over IP, gaming, video conferencing and online brokerage transactions. Having the ability to watch the network speedometer and capacity levels is important in practically any organization.

Solera DS appliances—combined with a good network analyzer tool (jump to list)—can help you ensure that your network traffic is flowing smoothly:

1.Flow Analysis – see traffic volume in real-time to determine usage spikes and bottlenecks; evaluate based on protocol, time, source/destination, address or port

2.Post-Capture Filter – remove illegitimate, suspect or irrelevant traffic

3.Pre-Capture Filter – remove irrelevant sessions or traffic before capture and forwarding

4.Block – block excessive messages, known problem streams or remote access

5.Throttling – forward traffic at reduced rates to accommodate slower devices or applications

6.Isolate/Limit – isolate TCP streams between devices or during specified time periods

7.Rebroadcast – rebroadcast captured traffic to distributed network segments

Packet Analysis

With a Solera Networks packet capture, the entire body of network traffic data is available for analysis. Solera DS appliances work with all standard packet analyzer solutions (both software and hardware) providing you flexibility in using the analysis application that best fits your needs. You can stream captured data through a virtual adapter to a software analyzer or through a network port to a hardware device. Viable and common packet analysis activities with Solera DS appliances include:

1.Drill down on data with a string or hex data search

2.Examine traffic using custom algorithms or statistical analysis

3.Deconstruct packets to examine contents

4.Replay traces to reconstruct sessions or email

5.Create protocol distribution charts

6.Diagnose operating system connectivity issues like FTP, web, SQL, LDAP, etc.

7.Debug client/server communications

8.Trouble shoot adapters

9.Retrieve passwords for domains and network layer devices

10.Map packets to the application sending or receiving them

Solera Networks’ powerful file system parses data extremely fast, helping you quickly locate trouble spots in volumes of data. In addition, Solera Networks’ web-based viewer helps you easily filter packet views, such as all packets during a certain time period, from one IP address to another IP address in a specific protocol.

Monitoring

A good doctor—and a good network administrator—is always monitoring vital statistics. Being able to watch for, or be alerted to, changes in status, having a focused eye on specific systems, monitoring live traffic volumes…all of these allow a manager to keep a finger on a network’s pulse. Solera devices are as effective as monitoring and prevention tools as they are for analysis.

Sample monitoring uses include:

1.Firewall Tests – monitor firewall effectiveness

2.Statistics – gather all types of reports for speed, times, volume, etc.

3.Monitor Usage – determine when more bandwidth is needed

4.Observe Traffic – See where traffic originates and is sent

5.Device Alerts - Rogue device detection and removal

6.Connection Reports - View statistics on IP addresses, ports, sessions

7.Network Mapping – Generate network node charts and name tables

8.Monitor Vulnerabilities - Search for open ports

9.System Updates – Check version numbers of available services

10.Performance Limits – Estimate speeds or distances in hops

11.Alerts – Configure alarms on events (suspicious packets, high bandwidth utilization, unknown addresses, etc.)

12.Quality of Service – Monitor network for service level agreement SLA and quality-of-service QoS levels

13.Regulation Compliance – Ensure government or internal regulations are enforced and complied with

With today’s increased focus on quantifiable IT results and management frameworks such as Information Technology Infrastructure Library (ITIL), Solera DS appliances can be powerful tools both in determining when SLAs are approaching breach and whether they have been maintained by service providers. A comprehensive repository of network traffic provides all the information necessary to determine transaction times, user response times, application processing times and much more.

« Introduction || Why Solera »

Why Solera Networks?

Simple Web-Based Control Console

Network "Forensic Investigation"Solera Networks’ line of deep packet capture and stream-to-storage devices are industry-best in everything from performance to openness to versatility. As a powerful key component for any network forensics strategy, Solera Networks devices are designed from the ground up with the following features:

Speed & Performance

The highest capture and stream-to-storage speed availableFew capture devices actually capture ALL network traffic, including payload. Solera Networks’ devices have the industry’s highest line capture rates (up to 8.1Gbps with configurations available for full 10Gbps). Capture is comprehensive (entire stream), lossless, and based on Solera Networks’ proprietary and patented file system.

Playback for analysis is possible at full-line rate within 1 microsecond of capture. This provides the advantage of real-time analysis without any network impact, eliminating the overhead associated with running network monitoring tools directly in the production environment. Instead of expensive server-logging or added bandwidth to support the monitoring of the traffic, simply replay to a separate analysis segment for multiple tools analysis (see diagram). Because the Solera Networks appliance supports multiple regenerated streams concurrently, organizations can now have analytical tools, data leakage prevention solutions, intrusion detection systems, and performance management software reviewing identical traffic without fear of network degradation.

Security

Anonymously record netwrok trafficSolera Networks’ proprietary encryption satisfies chain-of-custody evidentiary rules regarding the manner in which data is captured and stored. Solera Networks captures data and streams it to storage in a format that can’t be altered. Proprietary on-disk formats mean that any attempt to edit, alter, or otherwise modify will be evident. Moreover, Solera Networks’ devices can be configured to have no IP address, making them invisible to the network they reside on. Simply connect to a port and listen passively.

Openness

Integrates with hundreds of other applicationsSolera Networks’ captured data can be made accessible to various intrusion detection systems. Captured network traffic can be exposed to external appliances and devices utilizing three primary methods: a VFS (virtual file system) exposing pcap formatted files, a virtual network interface (Ethernet) device, or a regenerated stream of packets to external network segments feeding external appliances or applications. Solera Networks also integrates with iSCSI and Fibre Channel, providing a myriad of options for external storage.

Scalable

Capacity for small business to enterprise of government agencyRecording capacity is scalable for the largest of operations with the ability to store up to 240TB of data on Solera Network archive appliances, or limitless external storage. Additionally, Solera Networks can capture up to ten different ports, enabling consolidation or expansion of monitoring operations across multiple segments. This support includes the ability to consolidate asymmetrically routed traffic flows. And finally, Solera Networks’ unique file storage and caching mechanisms provide for continuous recording with newest data overwriting oldest data, eliminating problems of storage overflow.

Multiple options to fit any size organization


Simple

Easy to deply configure and useSimply plug in and turn on. Solera Networks devices connect to your network via copper or SX fiber cables using either a SPAN (switched port analyzer – port mirror) port or a network TAP. A built-in web-based interface guides you through setup with capture/playback filters and allows you to specify time periods and session filters based on filtering or monitoring policies.

Versatile

Use for Netowrk Management, Network Security, Lawful Intercept and Forensics/AnalysisNetwork management is only one area where Solera Networks solutions have been effectively implemented. With full capture and playback capabilities combined with other market offerings, Solera Networks can provide a comprehensive historical engine for forensics and analysis, lawful intercept, and network security. In addition to reconstructing communications (HTTP sessions, VoIP calls, instant messages or SMTP traffic), Solera DS appliances can be used to detect intrusions (port scanning over time) and determine sources of high bandwidth use or erratic activity, which may indicate peer-to-peer or malware infiltrations.

« Network Mangement || How it Works »

How it works

TiVo for your networkSolera Networks solutions are comprehensive, deep packet capture and stream-to-storage devices. In short, they record all traffic on a network and make it available for near- immediate playback. It’s like a digital video recorder (DVR) or TiVo™ for a network, but instead of being limited to recording one or two channels it can record all 500 channels simultaneously. All channels are available for playback—or—just a few (i.e., only email between two target points, only VoIP sessions, or any combination of protocols).

Additionally, with Solera Networks’ extensive filtering scheme, organizations can choose to capture everything and filter out specific protocols at a later date, or simply record for specific types of traffic, thus extending their window of time for analysis.

As a platform for network management, Solera devices are like having a complete dynamic model of your network traffic with all communication sessions and traffic flow details preserved.

Using Solera Networks devices, packet information can be filtered by VLAN, TCP/IP version (IPv4 or IPv6), MAC address, protocol or port (i.e. HTTP or SMTP), IP Address or IP network or subnet (for example: 67.137.0.0/16 or 192.168.0. or 192.168.0.1). Data can be further defined by time domain.

A sample implementation for network management using Solera Networks’ DS appliances would have the following architecture:

Network Management

Solera Networks capture device easily fits into any network as the foundation for an effective network management system.

Benefits of a Solear Networks network management solution

Using Solera DS appliances with standard network analysis tools gives you everything you need to manage your network effectively, proactively and efficiently. Here are a few of the common benefits you can expect:

No guessingWith Solera Networks’ recorded capture, you have every detail needed—a complete replica of the original environment and events—to replay, analyze and radically dissect to get to the root of a problem. Rewind, look for details, test assumptions, replay disruptive events. You never need to guess what is happening or what occurred when it comes to determining where problems originate. Other solutions often depend on incomplete packet sampling or overflow buffers. With Solera Networks, you get 100% of the network traffic and can look at everything—not just random samples or just what happened at the time of failure.

Accurate measurementCombine Solera with tools for flow measurement and you have the ability to easily implement capacity planning, measure performance, and accurately establish and enforce quality-of-service levels.

Proactive managementSolve minor problems before they become emergencies. Monitoring gives you the ability to proactively stay on top of performance issues, compliance, intrusion and any custom metrics you want to measure. Implement policies with threshold alerts that give you the ability to watch your network with a critical eye.

No production impactSolera DS appliances seamlessly record all activity through a tap or span to a replay device where actual analysis is performed. All network monitoring, analysis and exploration is on a cloned re-creation of traffic without zero impact to your production network.

Solution flexibilitySolera Networks’ commitment to open solutions gives you a wide range of flexibility in analysis tools, hardware and custom solutions. Virtually any packet analysis solution that consumes a pcap stream will work with Solera DS appliances including snort, ethereal, tcpdump and many more. Choose any standard storage device or integrate with other applications that run on a Linux VM platform.

Solera enables network managers to eliminate the panic and trauma of “emergency room” situations with the ability to watch vital signs and monitor status long before a situation gets critical. For those problems that do require in-depth exploration or forensic research, having the complete body of data available for dissection and analysis—with the ability to replay events that caused the problems—can be priceless. Solera Networks’ scalable packet capture and playback devices are an effective and powerful solution for organizations looking to easily and quickly implement a comprehensive network management system.

« Why Solera || Conclusion »

Conclusion

In summary, Solera Network’s scalable packet capture and playback devices provide the best foundation possible for vigorous monitoring of data leakage. Deep packet capture capabilities on the industry’s most powerful, scalable, and secure platform will deter data leakage through accountability and deterrence and a platform for performing deep network analysis.

Contact

For more information on how you can rapidly implement an intrusion detection solution using Solera Networks products, please visit our website at www.SoleraNetworks.com or call us at 801-623-5705.

« How it Works