Presented by Fusion Broadband

Fusion SD-WAN traffic visualisation unmasks cyber and other incidents

Connectivity toolboxes should contain more than just a firewall hammer. Be one of five locations to have a free traffic assessment done.

Fusion Broadband South Africa’s technical director Ronald Bartels recalls an incident from his childhood where he was helping his dad fix a tractor.

There was a large bolt that was difficult to remove, so his dad decided to use a ten-pound hammer against the spanner.

The hammer missed and split his dad’s thumb which bled profusely. Choosing that moment to laugh resulted in a backhand with Ronald ending on his backside.

Two lessons were learnt!

The first is never to laugh at your dad when he does something stupid.

The second is not to use a hammer when the job requires WD-40.

Resolving and fixing networking infrastructure is not unlike fixing a tractor. The key is what you have in your toolbox.

Choosing the right tools

The basic benefit of software-defined wide area networking (SD-WAN) in particular is the ability to deploy network infrastructure quickly and easily.

There is no need for this to be a time consuming and difficult task, but this can be the case if you are using the wrong tools.

Fusion’s SD-WAN comes with an extensive toolbox that makes it easy to resolve problems associated with faulty and unreliable network links.

This is unlike most network infrastructure tools, which are limited in terms of identifying user experience problems that are difficult or nearly impossible to hunt down using infrastructure tools.

Most of these problems can be solved if the problem-solving toolbox includes Wireshark and the knowledge to use it, as well as the ability to arbitrarily capture packets from any part of the network.

However, while Wireshark is a great tool, it is not easy to use.

Wireshark captures and decodes packets, meaning that a person with networking knowledge and enough time can eventually identify and resolve any type of problem.

The key word here is eventually, with the latest SUNBURST exploit that leveraged Solarwinds being a good example.

The important information about the breach would have been visible in a packet capture, but identifying and finding it would be like the proverbial finding a needle in a haystack.

It is interesting that the Solarwinds package itself was not able to identify it, even though it claims to be the world’s most popular enterprise network management tool.

What has been exposed is that Solarwinds lacks cybersecurity ability as a toolbox and that the people managing the exploited networks lack troubleshooting ability when using an alternative like Wireshark.

What also needs to be considered is that as in most exploits, massive holes are punched through the firewalls being used at these organisations.

These firewalls are from all the major players in security and they have all been asleep at the wheel.

Over time many companies have created rule after rule to provide access and have never retrospectively audited the ruleset to remove the stale ones.

This is mostly because IT support is afraid to remove something in case it breaks a system, and it is these stale rules that were probably abused.

Would you trust a firewall vendor that does not have the ability to do its own knitting, to jump into reliable SD-WAN provision?

Fusion expands its network infrastructure toolbox with traffic visualisation

In contrast, the Fusion SD-WAN product set includes a full toolbox for the aforementioned use cases with zero touch provisioning and network performance management.

Outages and performance issues are clearly visible through Red-Amber-Green (RAG) dashboards as well as a full historical and real-time view of capacity, availability, and performance.

These are part of the standard SD-WAN service and identify as well as resolve most infrastructure related problems.

Ironically, the Fusion solution can also perform a Wireshark capture from any of its SD-WAN edges, which is a function not seen in alternative solutions.

The Fusion SD-WAN also deals with enhancing connectivity during brown outs – the periods where a network’s connectivity is downgraded.

In multiple instances Fusion SD-WAN can achieve connectivity where other legacy routers fail.

Addressing user experience by going to the root cause

Despite the evident improvements on the infrastructure side, addressing user experience requires a technical view beyond the infrastructure by going to the root cause.

This is the realm of application visibility.

Using and obtaining solutions within this environment has been problematic as the toolboxes that include this have historically been prohibitively expensive.

The vendors have not been shy to charge ridiculous prices across the board for solutions that typically utilise flow-based exporting such as IPFIX or netflow.

Fusion has again entered to save the day.

Fusion’s SD-WAN solution has the ability to export these different flow types and uses the NDPI library (deep packet inspection) for application identification.

The NDPI library is provided by top rated developers who also provide collectors and web-based visualisation tools.

These are an optional integration into the Fusion SD-WAN, and are available now at a much lower price point.

The tool can dig deep into the user’s experience such as immediately determining if congestion is related to the release of Apple or Windows updates.

However, the key issue in these times of crisis is the ability to identify and mitigate cybersecurity-based threats.

The Fusion solution is a leading light in this area as has been previously noted in the MyBroadband article, Fusion secure SD-WAN trumps online threats.

The new tool integration ability now introduces a host of further cybersecurity mitigation abilities that are evidently better than those used by the US government.

Fusion’s Traffic Visualisation Dashboard

An example of a simple user experience problem that has been solved using traffic visualisation is users who have discovered during the national lockdown that the American Netflix library is larger than the South African one.

These users have therefore implemented offshore network and DNS settings.

This has resulted in poor name resolution ability and degraded connectivity to local South African based business-related resources.

On the cybersecurity front, an example of the numerous available insights is elephants and mice.

Elephants are the bulk transfers that could potentially be data exfiltration while mice, which is what was used in SUNBURST, are the periodic flows that are small in nature but achieve the same goal.

If you are a business or managed service provider, we have a great opportunity to complete a 30-day assessment of your most problematic site using our tools.

Contact us via [email protected] where you could potentially be one of five locations to have this assessment completed at no cost. Terms and Conditions Apply.

Latest news

Partner Content

Recommended

Share this article
Fusion SD-WAN traffic visualisation unmasks cyber and other incidents