One of the key tasks performed by IT departments is the analysis of the network traffic. It serves two basic purposes. Firstly, it ensures that all network users, i.e. employees and customers among others, can easily and comfortably use it. In this context, “comfortably” means efficiently and securely. The administrator must provide the Internet access and the functionality of applications without any downtime. Secondly, the security of the entire organization is at stake, threats must be eliminated and unexpected activities in the network must be dealt with.
Relevant technologies help to achieve these two goals. In the first case, they analyse the network traffic with an eye to services (e.g. bandwidth) in specific segments or for specific applications. In the second case, they record and analyse the network traffic to scan for malware, the history of its dissemination (reconstruction of the infection path) and the profile of the traffic that is out of the ordinary (behaviour analysis, statistical analysis). Such tools support other security systems (e.g. SIEM, DLP, IPS), providing a wide context for any given incident.
Importantly, these IT solutions analyse the network traffic in real time, even when the bandwidth is 100G. They know exactly what happens in the network at any given moment, enabling a better use of the security tools, quicker troubleshooting and a higher return on investment in IT systems.