Go Back in TimeOn Your Network

Get Faster Problem Resolution

A typical network day…

Traditional Troubleshooting Methodology

a) Ignore it, hope the problem goes away

b) Check a few network statistics, and then “pull cables” until it seems like the issue has been resolved

c) Reallocate analyzer resources to monitor the problem, and hope that the problem happens again so you can investigate.

(If the problem does not reappear, see option a)

New Methodology – Network Forensics

Forensics is the ability to go back in time and investigate network problems

Retrospective Network Analysis – The technology that allows forensics to happen

RNA eliminates the time-consuming task of having to recreate the issue

Allows IT professionals to go immediately to problem resolution mode

What is RNA advantage?

Before RNA After RNA

Implementing Network Forensics

Network Troubleshooting Performs root-cause analysis Allows for historical problem identification

Internal and governmentally mandated compliance Provides enforcement of acceptable use policies Helps fight industrial espionage Assists with Sarbanes Oxley compliance

Security Provides pre-intrusion tracking and identification Helps deliver a post-intrusion “paper-trail”

Network Troubleshooting

Troubleshooting – Why poor call quality?

Helpdesk receives notice of poor call quality from a VoIP user

This issue is sporadic

Aggregate statistics show that overall VoIP quality is high

A quick check shows that while some links have had high utilization, overall network usage appears within the norm

Troubleshooting – Why poor call quality?

Timeline 8:45 a.m. – Helpdesk receives call of poor voice quality

9:10 a.m. – After troubleshooting, helpdesk escalates the call to Tier-3 support

9:50 a.m. – Tier-3 investigates the issue, only to find that the problem has disappeared

Troubleshooting - Why poor call quality?

Isolate the time surrounding the issue

Troubleshooting - Why poor call quality?

Isolate the user and the specific time frame

Troubleshooting - Why poor call quality?

Let the Expert do the work

Why poor call quality?

RNA demonstrated that VoIP Call Manager’s precedence bit was not configured correctly for that user

RNA tracks not only key applications but VoIP communication

Compliance

Compliance – Dealing with a policy violation

John has been accused of visiting inappropriate websites during work

With Forensics, we can prove if John is guilty or not

But providing only domain names or URLs is not acceptable according to the HR policy

Offenses must be documented

Compliance – Dealing with a policy violation

The Challenge

Traditional methods of tracking web activity only provides domain names and URL

The Solution

RNA and its Stream Reconstruction capability

Compliance - Dealing with a policy violation

Isolate the time of activity

Compliance - Dealing with a policy violation

Select the user station(s)

Compliance – Use Stream Reconstruction

Select the HTML file Display the page the user visited as it appeared

Dealing with a policy violation

RNA evidence proves that John has visited prohibited web sites during business hours

IT department can provide HR the evidence they need to make their decision

RNA delivers the evidence and proof you need to assist with forensics investigations and to maintain internal and

external compliance

Security

Security Attack Identified

DMZ attacked

IPS detected and repelled these attacks

Unbeknown to the IPS/IDS at the same time a brute force attack got past the VPN

Trojan applications such as remote control utilities and keystroke loggers were installed

Resulted in malicious activity against our internal systems

Security – What happened during the attack?

Isolate the time frame

Security - What happened during the attack?

Utilize Snort rules to diagnose the attack

Security - What happened during the attack?

Identify data accessed during intrusion

Security – What happened during the attack?

Use MultiHop Analysis to identify every system that was compromised

What happened during the attack?

RNA provides the following detail on security attacks What attacks took place Which systems were compromised What data was uploaded or downloaded during the

attack What path the attack took across the network

RNA shows security problems in context of all network behavior and activity so you can

not only track but resolve the problem

Thank you