IT Brief Australia logo
Technology news for Australia's largest enterprises
Story image

Let’s clear the cloud visibility haze with app awareness

By Contributor
Fri 20 May 2022

Article by Gigamon A/NZ, George Tsoukas.

Increasingly, organisations are heading for the cloud, initiating new born-in-the-cloud architectures and migrating existing applications to Infrastructure-as-a-Service (IaaS) providers and hybrid clouds via ‘lift and shift’ or refactoring.

With this transition, they scale deployments with more servers and VMs, run high-capacity links, leverage containers and routinely add new observability, security and monitoring tools.

Further, they’re often running hundreds or even thousands of apps, which, unknown to IT, could include rogue software such as crypto mining or BitTorrent. With ever-increasing volumes of application-oriented data, it’s hard for IT teams and tools to focus on the most actionable activity and avoid wasting resources processing irrelevant traffic.

We often inundate security, observability, compliance and network monitoring tools with low-risk, low-value traffic, making them less effective and requiring needless scaling. Additionally, false positives and alerts can overwhelm NetOps, CloudOps, and SecOps teams, obscuring the root causes of network and application performance issues and the real threats buried in volumes of undifferentiated traffic.

Traditionally, IT teams have taken laborious steps to identify applications based on network traffic by either hardwiring ports to specific applications or writing regular expressions to inspect traffic patterns and identify apps.

Such manual workarounds bring their own challenges. For example, when change occurs, such as growth in an application’s usage or the introduction of new applications, NetOps teams must update network segmentation.

And app updates can change traffic patterns and behaviour, meaning IT must constantly test and update their homegrown regex signatures. For the cloud, implementing such stopgap measures is difficult, if not impossible.

Until now, it’s been hard to isolate cloud traffic by application type and specify whether or not it gets inspected by tools. Visibility has been siloed, and filtering options often only go up to Layer 4 elements, forcing organisations to pass all traffic through their tools or risk missing potential threats.

However, having each tool (intrusion detection system, data loss prevention, advanced threat detection, network analytics, forensics and so on) inspect packets to filter irrelevant traffic is inefficient and costly, as most tool pricing is based on traffic volume and processing load.

While packet brokering can reduce traffic, it requires programming knowledge to maintain complex rules. And although some systems provide a level of application filtering, it’s hard to use, identifies a limited number of applications, and doesn’t typically share this insight. Furthermore, the filters require ongoing maintenance to keep up with changing application behaviour.

A cloud suite with application filtering intelligence (AFI) can bring application awareness to multi-cloud environments. Public cloud (AWS and Azure) or private (VMware and Nutanix) are all covered.

A cloud suite will automatically extend Layer 7 visibility to identify more than 3,500 common business and network applications traversing the network and lets IT select and deliver only high-value or high-risk data based on application, location, and activity.

Seek an AFI that classifies applications into categories that automatically update as the landscape evolves. This allows a team to take actions on a ‘family’ of applications versus setting policies on individual apps. Examples of application families include antivirus, audio/video, database, ERP, gaming, messenger, peer-to-peer, telephony, webmail and dozens more.

Each tool is more efficient since it no longer needs to store and process large volumes of irrelevant traffic. NetOps can apply existing tools across a larger area by prioritising only core business applications and accelerating the investigation of network and application performance issues with easier data isolation.

SecOps teams can extend current tools to a larger attack surface, securing more of the network and preventing sensitive data, such as personally identifiable information (PII), from being routed to monitoring and recording tools. For more on how to benefit from AFI, check out this paper.

Not only is identifying applications a serious challenge in the cloud, but obtaining even basic metadata, such as NetFlow, is problematic in public IaaS. IT can derive basic details, such as which IP addresses are used and by whom, along with port and protocol details.

But what is required is summarised, context-aware information about raw packets, based on Layers 4–7, that provides insights into user behaviour, security breaches, customer experience and infrastructure health.

Advanced metadata attributes expand app layer visibility and support a comprehensive approach to obtaining application behaviour. Especially when deploying workloads in the cloud, IT can acquire critical flow details, reduce false positives by separating signal from noise, identify nefarious data extraction, and accelerate threat detection through proactive, real-time traffic monitoring and troubleshooting forensics.

Observability and SIEM solutions use this information to correlate and analyse log data from servers and security appliances. Network security and monitoring tools leverage this metadata to deliver the insight and analytics needed to manage the opportunities and risks associated with cloud deployments.

And administrators can automate anomaly detection, stop cyber threats that overcome perimeter or end-point protection, identify bottlenecks, and understand latency issues.

Based on Layers 4–7, application metadata intelligence (AMI) supplies network and security tools with more than 5,000 metadata characteristics that shed light on the application’s performance, customer experience, and security. Leading vendor apps extract and append these elements to NetFlow and IPFIX. Records include:

  • Identification: Social media user, file and video names, SQL requests.
  • HTTP: URL identification, command response codes.
  • DNS parameters: 39 elements, including request/response, queries, and device identifiers.
  • IMAP and SMTP email-based communications with sender and receiver addresses
  • Service identification: Audio, video, chat, and file transfers for VoIP and messaging.
  • Customer/network awareness: VoIP (SIP, RTP) and mobile (GTP, HTTP/2) control/signalling and user/data plane sessions.

Advanced L7 metadata can be applied in a variety of use cases. AMI’s principal deployment is in providing metadata to SIEM and observability tools for security analysis. This can help to:

  • Identify the use of weak ciphers and expired TLS certificates.
  • Investigate suspicious network activity by detecting unauthorised remote connections, bandwidth usage, connection longevity, or an unusual quantity of SSH, RDP, or Telnet sessions.
  • Detect data exfiltration by monitoring the volume and types of DNS requests implying DNS tunnelling and evaluating the legitimacy of the domains.
  • Pinpoint security breach origins with time-window analysis of Kerberos, SMB, and HTTP use to isolate the prior and post protocol activities that lead up to an incident.
  • Find suspicious behaviours that suggest compromised credentials or brute force attacks, such as high-privilege user activity, logins from unauthorised systems or multiple hosts, and HTTP client errors.

While IaaS and private cloud orchestration and management platforms are remarkably resilient, dynamic and infinitely scalable, they don’t offer next-generation network packet brokers (NGNPB) with a deep observability pipeline provided by advanced solutions.

Not only do these brokers aggregate, filter and distribute all traffic to the proper security and networking tools, they also provide the compute power behind AFI and AMI.

Related stories
Top stories
Story image
Collaboration
Enterprise service management: the importance of a one-stop shop
In an online world, employees and end-users want one place to go for all their questions and requests. Intranet technology and self-service portals are useful tools that help serve this purpose.
Story image
Artificial Intelligence
Decision Inc. partners with provenio.ai to expand offering
Decision Inc. Australia has partnered with provenio.ai to expand its offering to clients in the retail, FMCG, manufacturing, supply chain and logistics sectors.
Story image
Storage
EXCLUSIVE: Finding the best data center for your business needs with datacenterHawk
Companies using cloud are consistently looking for the best storage solutions to suit their enterprise needs and often have to go through rather complex processes in order to find the right fit.
Story image
Ransomware
Examining the future of ransomware threats with Vectra’s CTO
As customers' valuable data move to the cloud, so will ransomware. What is the current landscape and what do we need to know?
Story image
Online shopping
Consumers want speed, visibility in return for brand loyalty
72% of Australian shoppers want complete online order visibility and 63% are loyal to retailers who deliver goods the fastest.
Story image
Low-code
Appian unveils low-code certification program in Australia
Appian has announced a program to provide the next generation of low-code developers with access to education on the subject and certification to foster career opportunities.
Story image
Artificial Intelligence
Siemens expands NVIDIA partnership for industrial metaverse
Siemens is expanding its partnership with NVIDIA to enable the industrial metaverse and increase the use of AI-driven digital twin technology.
Story image
Voice recognition
Renesas and Cyberon expand services with voice recognition
“We are honoured to collaborate with Renesas to simplify the development of embedded voice recognition functions."
Story image
Cloud
BT builds on Equinix partnership with new cloud offering
BT has launched a next-generation cloud connectivity offering extending its global network into strategic carrier-neutral facilities (CNFs) and building on its existing partnership with Equinix.
Story image
Amazon
What brands can expect from Amazon Prime Day in Australia
Amazon Prime Day is the annual two-day shopping event, kicking off this year from July 12-13 and is the global online shopping platform's biggest sales event. 
Story image
Data Protection
Five signs your business is ready to move to the cloud
Many organisations are thinking about moving to the cloud. But what are the signs you are ready, and what are the reasons to move?
Story image
Digital
Ivanti puts spotlight on power of employee digital experiences
The report revealed that 49% of employees are frustrated by the tech and tools their organisation provides and 64% believe this impacts morale.
Supply chain
Discover the 4 critical priorities for wholesale distribution businesses in FY23. Are you worried about how supply chain issues may affect your business in 2023?
Link image
Story image
Artificial Intelligence
Accenture shares the benefits of supply chain visibility
It's clear that gaining better visibility into the supply chain will help organisations avoid excess costs, inefficiencies, and complexity to ultimately improve their bottom line.
Story image
Payroll
How New South Wales state departments achieved cloud migration success
State departments in New South Wales are heading to the cloud to achieve better workflow solutions, and one company is paving the way for their success.
Story image
Remote Working
RDP attacks on the rise, Kaspersky experts offer advice
"Given that remote work is here to stay, we urge companies to seriously look into securing their remote and hybrid workforce to protect their data."
Story image
API
Industry-first comprehensive risk-based API security enhances protection
Application Programming Interfaces (APIs) have become a crucial part of operating web and mobile application businesses and are causing significant economic growth in the digital sector.
Story image
Apple
Jamf introduces new content filtering solution for education providers
Jamf has announced the launch of Jamf Safe Internet, a new offering that looks to deliver a safe online experience to students while offering better management options for admins.
Story image
Recruitment
Thales on recruitment hunt for next disruptive innovations
"Recruiting new talent is part of Thales's belief in the power of innovation and technological progress to build a safer, greener and more inclusive world."
Story image
Metaverse
How the metaverse will change the future of the supply chain
The metaverse is set to significantly change the way we live and work, so what problems can it solve in supply chain management?
Story image
Artificial Intelligence
Eight top DevSecOps trends to support IT innovation in 2022
The use of DevSecOps practices is growing, as it is increasingly seen as the best way to produce high-quality and secure code. So what are the current trends?
Story image
Telstra
Ericsson and Ciena, Telstra enhance service capacity for Telstra's optical network
Ericsson, Telstra, and Ciena have announced new enhancements to Telstra's Next Generation Optical Network, which will increase the service capacity of Telstra's optical network to 400 GE (Gigabit per Second Ethernet).
Story image
Wiise
Four things wholesale distributors need to consider for FY2023
In a post-pandemic world, there are many things for a distribution business to juggle. ERP solutions company Wiise narrows down what companies should focus on.
Story image
IDTechEx
The next stage for 5G in thermal materials - IDTechEx
IDTechEx says higher frequency deployments, such as mmWave devices and very different station types such as small cells, present their own technological evolution and, with it, thermal challenges. 
Project management
Discover the 4 crucial factors for choosing the right job-costing solution. Is your team struggling to cost jobs and keep projects running on budget?
Link image
Story image
Robotics
Evonik relies on Getac F110 tablet to control autonomous robot
The aim of the project is to evaluate the practicality of an automated robotic maintenance and inspection solution in the chemical industry.
Story image
Compliance
SentinelOne integrates with Torq to empower security teams
"With Torq, security teams can extend the power of SentinelOne to systems across the organisation to benefit from a proactive security posture.”
PwC
PwC's Consulting Business and PwC's Indigenous Consulting are proud to play an important role in helping Australian Indigenous Mentoring Experience build IMAGI-NATION, a free online university for marginalised communities around the world.
Link image
Story image
Airwallex
How Airwallex helps businesses achieve globalisation success
As markets continue to shift, businesses need to be able to provide the same quality of service for customers regardless of where they are located around the world.
Story image
Digital Fingerprint
Decline in counterfeit cherries after digital fingerprinting
Reid Fruits says there’s been a dramatic decline in counterfeit products for its cherries over the past three export seasons to Asia because of digital fingerprinting.
Productivity
Discover the 5 ways your ERP may be letting you down. Is your current system outdated, difficult to manage, and costing you a fortune?
Link image
Story image
Cybersecurity
How organisations can mitigate IoT and IIoT security risks
IoT and IIoT come with inherent risks because they are often deployed faster than they can be secured, putting organisations in danger of cyber threats. Here are tips on how to mitigate those risks.
Story image
Supply chain
Supply chains continue to be disrupted, enterprises embrace circular economy
“Businesses urgently need to find a solution that can help them to manage this disruption, and transition to a circular economy."
Story image
Sustainability
Honeywell named Frankston facility services provider
Honeywell has been named the joint facility services provider for Frankston Hospital’s AU$1.1 billion redevelopment.
Story image
Cybersecurity
Palo Alto Networks' cloud security platform receives IRAP assessment
"We provide help protect all forms of compute, cloud native services and access to data within public and private sectors."
Story image
Cybersecurity
Without trust, your security team is dead in the water
The rise of cyberattacks has increased the need for sound security that works across any type of business, but with any change, buy-in is essential. Airwallex explains why.
Story image
Cybersecurity
Tech and data’s role in the changing face of compliance
Accenture's study found that 93% of respondents agree or strongly agree new technologies such as AI and cloud make compliance easier.
Story image
State Library of Victoria
State Library of Victoria entrusts Oracle support and security to Rimini Street
“Our finance team are very happy with the support and security that Rimini Street provides, which keeps our assets and our customers secure."
Story image
Aspire
NEC expands Open RAN ecosystem with Aspire Tech acquisition
With its agreement to acquire Aspire Technology, NEC Corporation has further increased its capacity to deliver End-to-End Open RAN ecosystems.
Story image
Enterprise Resource Planning / ERP
Five ways your ERP is letting you down and why it's time for a change
Wiise explains while moving to a new system may seem daunting, the truth is that legacy systems could be holding your business back.
Digital Transformation
Discover the 5 signs your business is ready for a cloud-based ERP. Is your business being left behind as more of your competitors switch to the cloud?
Link image
Story image
Accounting
Four factors to consider when choosing the right job accounting solution
Progressive job-based businesses can achieve success by strengthening their ability to quantify every cost attributable to the delivery of an outcome for a customer.
Story image
Samsung
Monitors are an excellent incentive for getting employees back
The pandemic has taught us that hybrid working is a lot easier than we would’ve thought, so how can the office be made to feel as comfortable as home? The answer could be staring you in the face right now.
PwC
WSLHD and PwC’s Consulting Business came together to solve through the challenges of COVID-19. A model of care was developed to the NSW Health Agency for Clinical Innovation guidelines with new technology platforms and an entirely new workforce.
Link image