Application intelligence (the ability to monitor packets based on application type and usage) is the next evolution in network visibility. It can be used to dynamically identify all applications running on a network. Distinct signatures for known and unknown applications can be identified, captured, and passed on to specialized monitoring tools in order to provide network managers a complete view of their network.
In addition, well-designed visibility solutions will gather additional (contextual) information on applications and users. Examples of this contextual information include: geo-location of application usage, network user types, operating systems, and browser types that are in use on the network.
With the number of applications used over service provider and enterprise networks rapidly increasing, application intelligence provides unprecedented visibility that enables IT organizations to identify unknown network applications. This level of insight helps mitigate network security threats from suspicious applications and locations. It also allows IT engineers to spot trends in application usage which can be used to predict, and then prevent, congestion.
The Application Intelligence portion of a network packet broker (NPB) is used in conjunction with other components (as part of a visibility architecture) to achieve this heightened level of visibility. For instance, a typical visibility solution has network access points (typically taps), the NPB that providing layer 2 through 4 filtering (in addition to the application filtering information), and dedicated purpose-built monitoring tools (like IPS, IDS, SIEMs, network analyzers, etc.). So, the application intelligence portion doesn’t function as an island but rather an integrated component of the overall visibility solution.
Ixia’s new Application and Threat Intelligence (ATI) Processor, built for the recently announced NTO 7300, brings intelligent functionality to the network packet broker landscape with its patent-pending technology that dynamically identifies all applications running on a network. This product gives IT organizations the insights needed to ensure the network works – every time and everywhere. This is the first visibility product of its kind that extends past layer 4 to layer 7, and provides rich data regarding the behavior and locations of users and applications in the network.
As new network security threats emerge, the ATI Processor helps IT improve their overall security with better intelligence for their existing security tools. The ATI Processor correlates applications with geography and can identify compromised devices and malicious activities such as Command and Control (CNC) communications from malicious botnet activities. IT organizations can now dynamically identify unknown applications, identify security threats from suspicious applications and locations, and even audit for security policy infractions – including the use of prohibited applications on the network or devices.
To learn more, please visit the ATI Processor product page, see our press release, or contact us to see a demo!
Additional Resources:
Thanks to Ixia for the article.