Five Key Questions for Effective Network Monitoring That Every NOC Team Should Be Answering

By John Smith, Founder and CTO, LiveAction.

  • Friday, 21st April 2023 Posted 11 months ago in by Phil Alsop

Effective network monitoring is essential for ensuring the stability, security, and reliability of a network’s performance. Organizations have become accustomed to tracking network activity in real-time to help speed security threat response times, optimize overall network performance (by quickly troubleshooting, planning capacity, etc.), and meet changing regulatory and compliance requirements. However, as networks continue to evolve and get more complex, teams are under immense pressure to ensure performance and coordinate with SecOp teams. As a result, it’s never been more important to have an effective network monitoring strategy.

What key elements should NetOps teams be focusing on? Let’s explore some key questions and tips for effective network monitoring in 2023 and beyond.

Question One: Cloud, Multi-Cloud, and Edge

One of the first questions any NetOps team should look to answer is, “What is our cloud, multi-cloud, and edge strategy?” For public cloud adoption alone, Gartner predicts spending will reach $600B in 2023. While growth is expected to slow slightly overall in 2023, the adoption of cloud services has been voracious over the last several years. As a result, all enterprises need a strategy that looks holistically at these elements, maps out how they work together, and provides monitoring capabilities to ensure total visibility.

Having a centralized network monitoring platform – rather than separate ones for each cloud or edge service provider – enables better planning, management, and remediation around performance or security issues. Typically, customers use built-in network monitoring capabilities from individual cloud providers, but using different tools for different cloud platforms makes multi-cloud network troubleshooting difficult. Layer in the need to get visibility from private clouds and colocation services, and NOC teams could find themselves with limited insight.

Question Two: SD-WAN Fabric Visibility

SD-WAN adoption continues to help companies modernize their networks and streamline network connections. The second questions teams should be asking themselves is, “How much visibility do they have into their SD-WAN fabric?” This visibility plays a crucial role in an overall network monitoring strategy. Without it understanding performance, security aspects and troubleshooting becomes more difficult.

SD-WAN vendors provide visibility for the actual fabric, but to truly understand the overall performance impacts on a network, teams need to understand the application path before, during, and after it hits the SD-WAN. Having an NPM solution that can provide coverage of public and private cloud, DC, branch and SD-WAN is a good strategy. The ability to segment the problem along the application path will save time and money when troubleshooting.

Question Three: Housing Network Telemetry

The third question NOC teams should be answering is, “How is network telemetry housed?” It’s important to bring in as many types of network telemetry as possible under one platform, especially the major big data types, including NetFlow, packets, and telemetry from API and flow log in the cloud. For data plane visibility, these telemetry types provide the best network level visibility. But it’s critical that this telemetry is consolidated in a single platform that can correlate, analyze, and fuse the information together. Each type provides unique information. Packets provide the ground truth of what actually is happening and is critical, but often having a more condensed view using NetFlow to see the overall problem is an effective way to narrow down the problem.

Question Four: Encryption Monitoring Capabilities

Dealing with encrypted traffic is just the new normal as more and more traffic runs through HTTPS and uses protocols like DNS. The fourth question worth addressing is, “Do you have encryption monitoring capabilities?”

It’s vital that teams understand and effectively monitor encrypted traffic in networks. As the industry adopts more TLS 1.3, decrypting traffic will become more challenging, along with the sheer volume of traffic and the computation needed for analysis. But with advances around encrypted traffic analysis (where decryption is not required) and the combination of machine learning models and deep packet dynamics, enterprises can eliminate encryption blindness to help identify anomalous behavior that could impact performance or security.

Question Five: NetOps + SecOps Collaboration

The final questions to consider is, “How well does your technology lend itself to NetOps and SecOps teams working collaboratively?”

The convergence of these two areas is now a reality for mature organizations. With adoption of Zero Trust, SASE, SD-WAN, SDN, and other technologies, there are foundational security dimensions to these technologies that impact the network. Similar to the telemetry used to monitor these areas, it’s important that network monitoring technologies embrace these advances and can be leveraged across both teams easily. Not only for cost, administrative, and training issues, but to effectively conduct Day 2 operations. For example, application performance issues in the network can be security related and the SecOps and NetOps teams will need to work closer together to resolve them.

Full visibility into the network environment is essential for effective network monitoring and management. By understanding how all of these devices, systems, cloud services, and more are connected and interacting across a network, organizations can optimize network performance, fix problems more quickly, effectively plan new deployments, ensure compliance, and work with SecOps teams to identify threats faster. If an organization can’t sufficiently answer the five questions reviewed in this article, it’s highly likely that they lack comprehensive network visibility – don’t wait to fill in those knowledge gaps!