It seems obvious to say that network traffic is growing in volume and speed. And of course, it means that IT staff are always looking for faster ways to detect any problems that would interfere with the reliable movement of data, but simply monitoring traffic flow has proven to be insufficient.
The proof in the pudding, is in the packets.
Jay Botelho, director of product management at Savvius, said for a long time the network traffic monitoring industry got away from looking at packets, opting to watch networks at a higher level, but it’s switching back: “The packets don’t lie.”
Savvius, which was previously known as Wildpackets, developed one of the first protocol analysis tools, initially designed to mainly run on desktop computers for engineers who wanted better visuals than what was available in DOS. Over time, said Botelho, the company has built up a portfolio of tools, while staying with the initial premise of doing analysis on a packet basis, which he said few vendors still do.
Many vendors offer tools that work at a high level – traffic flow – but they lack what you need for troubleshooting. “Most engineers end up looking at packets whether they want to or not. Flow-based data lacks detail.” Botelho said Savvius is very focused on cause analysis.
The company recently updated its OmniPeek Software to better support real-time as well as forensic analysis. Enterprises can view real-time statistics while storing high-speed network data for forensic purposes. Through integration with Splunk, users can also easily store, analyze and generate reports over any historical period. Network analytics can also be correlated with other IT management systems.
Savvius has also beefed up the labelling in the latest version of OmniPeek for more detailed geographical identification of network nodes, as well as the ability to analyze time-sensitive data. Botelho said this is particularly important to industries such as the financial sector, which needs to understand — with nano-second precision — when a data packet leaves and arrives at its destination.
Customers can just buy the OmniPeek software from Savvius, or a hardware version on an appliance. Both run the same codebase, said Botelho, but acknowledges that appliances get expensive if you want to deploy a lot of them. “Software keeps the costs down.”
Not only are packets making a comeback, said Botelho, but the company is finding that customers are archiving more packets of data, so Savvius has added RAID6 capability for long-term retention, although generally, he said, most are only saving a day’s worth of packets or less.
The number one issue that customers face, said Botelho, is dealing with the speed of networks and keeping tabs on packets. “That comes up more and more.”
In addition, he said, packet analysis and storage has taken a central spot in security; last year, the company introduced a new product, Vigil, that uses the OmniPeek codebase but modified to react to incident response from a security perspective.