Written by Roark Pollock and Presented by Ziften CEO Charles Leaver
In accordance with Gartner the public cloud services market went beyond $208 billion in 2016. This represented about a 17% increase year over year. Pretty good when you consider the on-going issues most cloud consumers still have relating to data security. Another particularly interesting Gartner finding is the common practice by cloud consumers to contract services to several public cloud companies.
In accordance with Gartner “most organizations are already using a combination of cloud services from various cloud companies”. While the commercial reasoning for making use of several suppliers is sound (e.g., preventing vendor lock in), the practice does create extra intricacy intracking activity across an organization’s significantly dispersed IT landscape.
While some providers support more superior visibility than others (for example, AWS CloudTrail can monitor API calls across the AWS infrastructure) companies have to comprehend and deal with the visibility problems connected with transferring to the cloud irrespective of the cloud supplier or companies they deal with.
Regrettably, the ability to monitor application and user activity, and networking interactions from each VM or endpoint in the cloud is limited.
Irrespective of where computing resources live, organizations must answer the concerns of “Which users, devices, and applications are interacting with each other?” Organizations need visibility throughout the infrastructure so that they can:
- Quickly identify and prioritize issues
- Speed root cause analysis and recognition
- Lower the mean time to fix problems for end users
- Rapidly identify and eliminate security dangers, minimizing total dwell times.
Conversely, bad visibility or poor access to visibility data can lower the efficiency of current security and management tools.
Businesses that are familiar with the ease, maturity, and relative cheapness of monitoring physical data centers are likely to be disappointed with their public cloud alternatives.
What has been lacking is a basic, common, and classy service like NetFlow for public cloud infrastructure.
NetFlow, naturally, has had 20 years or so to become a de facto standard for network visibility. A common implementation involves the monitoring of traffic and aggregation of flows at network chokepoints, the collection and storage of flow info from numerous collection points, and the analysis of this flow info.
Flows consist of a basic set of destination and source IP addresses and port and protocol info that is usually collected from a switch or router. Netflow data is relatively low-cost and simple to gather and provides almost ubiquitous network visibility and allows for actionable analysis for both network tracking and performance management applications.
A lot of IT staffs, particularly networking and some security teams are extremely comfy with the technology.
But NetFlow was created for fixing exactly what has become a rather restricted problem in the sense that it just collects network data and does so at a minimal number of prospective locations.
To make much better use of NetFlow, 2 crucial changes are essential.
NetFlow to the Edge: First, we have to broaden the useful implementation circumstances for NetFlow. Instead of just gathering NetFlow at network points of choke, let’s expand flow collection to the edge of the network (clients, cloud, and servers). This would greatly expand the overall view that any NetFlow analytics offer.
This would allow companies to augment and take advantage of existing NetFlow analytics tools to remove the growing blind spot of visibility into public cloud activities.
Rich, contextual NetFlow: Secondly, we have to utilize NetFlow for more than easy visibility of the network.
Rather, let’s use an extended version of NetFlow and take account of information on the device, application, user, and binary responsible for each monitored network connection. That would allow us to quickly correlate every network connection back to its source.
In fact, these two changes to NetFlow, are precisely what Ziften has accomplished with ZFlow. ZFlow provides an broadened variation of NetFlow that can be deployed at the network edge, including as part of a container or VM image, and the resulting information collection can be consumed and examined with existing NetFlow analysis tools. As well as standard NetFlow Internet Protocol Flow Info eXport (IPFIX) networking visibility, ZFlow provides extended visibility with the inclusion of info on application, device, user and binary for each network connection.
Ultimately, this permits Ziften ZFlow to deliver end-to-end visibility in between any two endpoints, physical or virtual, getting rid of conventional blind spots like East West traffic in data centers and enterprise cloud deployments.