In small to midsize companies, the administrator in charge
of managing the network is also usually the person responsible for securing the
network. As such, the individual disciplines of security management and network
management have begun to converge into the broader field of network operations.
Network management tools are abundant and expensive, but
more administrators are beginning to realize the value of using these tools to
also ramp up security. However, using network management tools for security is
a new concept to most vendors.
Most management tools do an excellent job of keeping track
of your network interfaces, server processes, and network statistics. But you
can get the maximum benefit from network management tools by selecting the
right tool and using it to keep your network secure.
Know what you’re looking for
When researching network management tools, keep in mind that
the best tools have three key features.
- One simple interface: All of the
information you need should be on one interface; you shouldn’t have to
switch between different screens. The interface should be Web-based and
customizable for each administrator who needs to see the information. By
giving system administrators, managers, and department heads a customized
view that they can work with, they can become another set of eyes for your
- Ability to recognize normal
operations: Most security-related events occur outside of the normal
operating parameters of your network. Your tool must be able to tell the
difference between normal traffic and abnormal traffic, and it should be
able to report that information accurately.
- Actionable information: If you’re
going to use the tool to manage the security of your network, you must be
able to act on that information from the same screen that delivered it. In
other words, you should be able to detect a security-related event and
then use the same tool to deal with the problem.
Find the right tool
At one point or another, I’ve used several of the most
well-known tools, including HP
Network Management Toolset, and Cisco
Network Management Toolkit. While these are all viable choices, I recommend
using Concord Communications’ SPECTRUM
suite of solutions.
SPECTRUM offers a simple OneClick interface that’s Web-based
and customizable for a variety of users. With SPECTRUM, you can build a normal
traffic pattern for your network, deliver a variety of reports on that traffic,
and receive notification when something out of the ordinary occurs.
In addition, the information that the SPECTRUM interface
delivers is meaningful. It allows you to drill down to the problem and find a
For example, a company recently called me in to troubleshoot
a performance problem on a network. Using SPECTRUM, I was able to quickly
discover that virus activity was consuming most of the bandwidth.
This was a large network, but SPECTRUM was able to identify
the MAC address of the infected machine and shut off the switch port. Once
SPECTRUM recognized that the traffic pattern wasn’t normal, I was able to use
the built-in event correlation tool to stop a virus from infecting the entire
enterprise and beyond.
In today’s corporate environments, budgets and personnel
remain highly constrained. If your network management tool doesn’t recognize
what’s normal for your network, it’s time to find another tool.
Whatever network management tool you choose for your
organization, it must also be able to deliver security management. Select the
right dual-use network management tool, and you’ll have more time to devote to
securing your network.
Miss a column?
Check out the Security Solutions Archive,
and catch up on the most recent editions of Mike Mullins’ column.
Worried about security issues? Who isn’t? Automatically
sign up for our free Security Solutions newsletter, delivered each Friday,
and get hands-on advice for locking down your systems.
Mike Mullins has served as an assistant
network administrator and a network security administrator for the U.S. Secret
Service and the Defense Information Systems Agency. He is currently the director
of operations for the Southern Theater Network Operations and Security Center.