Networking

Tech Tip: Choose a network management tool that can also help secure your systems

Whatever network management tool you choose for your organization, it must also be able to deliver security management. Find out how to select the right dual-use network management tool.

By Mike Mullins

In small to midsize companies, the administrator in charge of managing the network is also usually the person responsible for securing the network. As such, the individual disciplines of security management and network management have begun to converge into the broader field of network operations.

Network management tools are abundant and expensive, but more administrators are beginning to realize the value of using these tools to also ramp up security. However, using network management tools for security is a new concept to most vendors.

Most management tools do an excellent job of keeping track of your network interfaces, server processes, and network statistics. But you can get the maximum benefit from network management tools by selecting the right tool and using it to keep your network secure.

Know what you're looking for

When researching network management tools, keep in mind that the best tools have three key features.

  • One simple interface: All of the information you need should be on one interface; you shouldn't have to switch between different screens. The interface should be Web-based and customizable for each administrator who needs to see the information. By giving system administrators, managers, and department heads a customized view that they can work with, they can become another set of eyes for your network operations.
  • Ability to recognize normal operations: Most security-related events occur outside of the normal operating parameters of your network. Your tool must be able to tell the difference between normal traffic and abnormal traffic, and it should be able to report that information accurately.
  • Actionable information: If you're going to use the tool to manage the security of your network, you must be able to act on that information from the same screen that delivered it. In other words, you should be able to detect a security-related event and then use the same tool to deal with the problem.

Find the right tool

At one point or another, I've used several of the most well-known tools, including HP OpenView, SolarWinds Network Management Toolset, and Cisco Network Management Toolkit. While these are all viable choices, I recommend using Aprisma's SPECTRUM suite of solutions.

SPECTRUM offers a simple OneClick interface that's Web-based and customizable for a variety of users. With SPECTRUM, you can build a normal traffic pattern for your network, deliver a variety of reports on that traffic, and receive notification when something out of the ordinary occurs.

In addition, the information that the SPECTRUM interface delivers is meaningful. It allows you to drill down to the problem and find a quick solution.

For example, a company recently called me in to troubleshoot a performance problem on a network. Using SPECTRUM, I was able to quickly discover that virus activity was consuming most of the bandwidth.

This was a large network, but SPECTRUM was able to identify the MAC address of the infected machine and shut off the switch port. Once SPECTRUM recognized that the traffic pattern wasn't normal, I was able to use the built-in event correlation tool to stop a virus from infecting the entire enterprise and beyond.

Final thoughts

In today's corporate environments, budgets and personnel remain highly constrained. If your network management tool doesn't recognize what's normal for your network, it's time to find another tool.

Whatever network management tool you choose for your organization, it must also be able to deliver security management. Select the right dual-use network management tool, and you'll have more time to devote to securing your network.

Mike Mullins has served as a database administrator and assistant network administrator for the U.S. Secret Service. He is a Network Security Administrator for the Defense Information Systems Agency.

Editor's Picks

Free Newsletters, In your Inbox