There will be a huge loss if the VPN between different domains is disconnected for only an hour.
For multinational corporations and enterprises with branches in different places, whether the VPN (Note 1) is stable or not has a great influence on operating and branching out. It is crucial for enterprises to prevent VPN from being disconnected when making loss estimation and system recovery plans. The infrastructure of telecommunications and network is getting more completed, and little VPN disconnection is caused by the problem of wire or telecommunication facilities. After analyzing, we can find out that most of the connection problems come from Home network. It is closely related to the fact that computer invaded problems are more and more serious. The invaded internal devices send a huge number of packets and break VPN, which brings much negative effects to enterprises’ productivity and leads to a great loss.
To prevent enterprises from suffering the damage, IT department must give up the old way and set up a new one that can do intelligent analysis for IT operation.
Note 1:
VPN here refers to every cross-regional internet technology which users can build by themselves or rent from service providers. If users connect their devices with public network to set up VPN, it will be inexpensive but unstable; in contrast, if users rent VPN from service providers, it will be much more stable but expensive if it is used to communicate with other countries. That is why keeping the expensive VPN from being abused is extremely crucial in IT operation.
The Core Technology of N-Partner Helps IT Department Improve the Efficiency to the Next Level
For IT operation, SNMP is usually used to monitor device status, NetFlow/sFlow data from switches and routers to calculate packet numbers and bandwidth utilization, and Syslog to learn login audit, access record, and security events. SNMP(network management tool) /Flow(traffic analysis) /Syslog(SIEM and log storage) are crucial for IT operation; however, now the three technologies operate separately, and none of them can show full information of the internet or security status. IT department has to spend lots of time analyzing the data and finding connection among the information from SNMP/Flow/Syslog to find out why there is anomaly. IT department has lots of trouble dealing with problems but is usually blamed for the instability and poor quality of the system.
To solve the problem, N-Partner develops leading IT operation technology which combines SNMP/Flow/Syslog; built-in artificial intelligence is to correlate the data from these three methods and analyze them. It aims to help IT administrators, through single management platform, know every detail in the network they are responsible for; it uses big data analysis to record what users often do and what all systems are used for to find out threshold at different moment. This way, abnormal activities can be found soon and the source locked onto; the controlling, fixing and recovery IT department had to spend hours, days, or even weeks to do can be completed in just a few minutes. IT department will save lots of time debugging and will greatly improve its efficiency. Also, the system saves all the dealing process as charts to show work performance.
Automatic Learning and Analysis Technology Make Intelligent IT Operation
N-Partner’s big data analysis can do historical data automatic learning. It records daily usage and builds dynamic baseline of every IP address, department, and server. It compares the data of each concurrent usage to find out why the number of bytes, packets and sessions explode and it detects the source IP address (attacker) and destination IP address (target-victim). Then, it sends out alert for users to defend themselves, making IT operation more efficient. The main advantage of using big data analysis is that IT administrators do not have to set threshold for each IP, but they can still learn the daily usage, receive real-time alerts, and deal with the problems right away. Also, no matter how complicated the network is or how many people are using it, the device being attacked can be positioned very soon. It saves lots of time comparing to the traditional IT operation method, which collects data only after users call help desk, for administrators to find the attacked device and solve the problems. It is more efficient to cut the network into different area to monitor. It is best to cut according to the work unit’s location or based on department; for example, cut it into plant 1 and plant 2, floor 1 and floor 2, engineering department and marketing department, Taipei office and Taichung center, different usages like DNS, Web, Mail Server, and so on, to separately monitor and analyze traffic data and make reports. Through that way, IT administrator can quickly understand the internet usage of the sections they take charge of. Big data analysis builds dynamic baseline for each unit and detects which one has byte explosion. Drill-down query is for IT administrators to find out where the internet problems come from and use the results to fix and recover.
Correlate AD and SNMP with Flow to Get the Username and Location Info
Besides big data automatic learning and real-time flow analysis, N-Partner has another core technology that can correlate SNMP, the health monitoring technique, Flow, the traffic analysis technique, and Syslog, the behavior awareness technique, for IT department to keep tabs on the network usage. When detecting which IP address is sending abnormal flow, it can find the username with the information from Windows AD log. SNMP is used to find out the IP address’s location, that is, the switch and interface it belongs to.
How VPN Problems are Solved in One Minute
-
STEP .1
Get as much global Flow data as possible. IT Intelligent operation platform, N-Reporter/N-Cloud, analyzes the NetFlow/sFlow data (Note 2) from nodes like core switch, VPN Gateway, router, and core switches of the other factories.
-
When any unit or IP address has abnormal flow or sends packets abnormally, N-Reporter/N-Cloud will detect it instantly. N-Reporter/N-Cloud can monitor and analyze data from unlimited numbers of IP addresses. Also, besides IP addresses in Home network, those sending out enormous packets to Home network can also be detected in realtime.
STEP .2
-
STEP .3
When detecting abnormal flow, N-Reporter/N-Cloud will send alerts and show report charts, like traffic amount and packet size information. IT managers can click on the graph to drill-down and learn the source IP address, user name, how large the flow is, which department the IP is in, and which switch and interface it belongs to.
Automatic Collaborative Defense System
-
The collaborative defense system is used in N-Reporter/N-Cloud to automatically or manually send blocking instruction to the equipment set in VPN gateway after recognizing the source IP address and its location, that is, which switch and interface it belongs to (Note 3) .
STEP .4
This way, VPN will not be invaded, blocked or abused, and the damage can be controlled. N-Reporter/N-Cloud can also get the location of attackers through SNMP/Flow/Syslog correlation, so collaborative defense instruction can be sent to the switches in Home network to block them. IT Department can set a period of time; after it, the blocking will be removed automatically. All of the IP blocked by collaborative defense system will be recorded for future use.
Note 2:
When users analyze sFlow data, to improve efficiency, sampling rate should be as low as possible. If not being able to get NetFlow/sFlow data, users can use N-Probe instead. Mirror the traffic of important nodes to N-Probe, and N-Probe will transfer it to NetFlow data in one-to-one scale for N-Reporter/N-Cloud to analyze. Users can deploy N-Probe in every important network segment.
Note 3 :
At the present stage, the brands and models that can do collaborative defense are keeping upgrading; please contact N-Partner or our dealers for more details.
