August 29, 2016
If someone asks “is network monitoring important?” the obvious answer is “yes.” But the answer to “why” is never really discussed. There is a general opinion that network monitoring is important for business health, or to protect your work product, but it is much more than that.
At its core, network monitoring is a methodical approach to identify issues that affect network components, such as server outages, switch failures, or other hardware issues, as well as software maladies like a Trojan executable.
Network monitoring should be extended to not just the “monitoring” of a network for failures, but monitoring network performance as well. This level of monitoring is required 24 hours per day in order to keep the network online, available for use, and well protected.
1. Improve Network Security:
The primary reason to develop a network monitoring program is to protect data critical to your business. According to the 2016 Ponemon Cost of Data Breach Study, the average consolidated cost of a data breach is now $4 million.
Regardless of the size of a business, data needs to be protected. Network monitoring provides important background information regarding the sources of all network traffic. By monitoring network traffic on a regular basis, it is much easier to identify dubious network traffic or questionable file activity.
For example, port 443 is incredibly important for secure Web browser communication, such as sending payment on an eCommerce site. Obviously, that information needs to be protected for the sake of both the customer and the business. Ongoing network monitoring will help identify any security issues related to packets sent over the port.
2. Identify Trends:
Sometimes grouped together with network forensics, a critical look at network monitoring can help identify threats that may not be recognized otherwise. Studies show that many IT professionals use a network forensics solution mainly to identify security threats.
When problems take place intermittently or only at peak times, they may be difficult to identify at the time. However, when ongoing network monitoring is in place, you can follow logs like a roadmap to recognize key trends in performance and network health.
If an organization has adopted the Information Technology Infrastructure Library (ITIL) framework for best practices, a performance baseline can be compared to ongoing network logs to identify potentially larger issues so admins can have the IT infrastructure running like a Swiss watch.
3. Network Configuration and Future Planning:
Most network issues come from configuration errors. What may appear to be a minor configuration issue can result in serious network downtime.
For example, if a device takes on the IP of a default gateway or routing device due to a hijacking or setup error, Layer 2 traffic within networks will flow as expected, but packets may be misdirected. Network monitoring can help identify issues such as duplicate IPs and comparing the MAC address with the IP in device routing.
Once the duplicate IP is identified and the issue is corrected, the resolution will be completely tracked within the network monitoring system and the network admin can verify that any future changes do not break anything already working properly.
Network monitoring can also help with forward thinking network plans. As a business grows and adapts to the marketplace, the IT infrastructure must adapt as well.
Significant business growth or a quick addition of employees can strain a network as more devices, network bandwidth, and other resources are needed.
Ongoing monitoring allows IT admins to keep up-to-date on in-use resources and easily identify where growth is needed. Issues such as software licensing and bandwidth bottlenecks can be reviewed as part of a larger plan so the right resources are purchased and installed where they are most needed. This way, if there are capex questions, there is substantiated proof the needed purchases are necessary to handle business growth.
4. Disaster Recovery:
Every IT department today needs to have a disaster recovery plan. Even the Department of Homeland Security offers guides to IT organizations on disaster recovery strategies for any size business. Coupled with a Business Continuity Plan, disaster recovery needs to include an impact analysis, strategies to get back online, and testing and training on the overall process.
Network monitoring can be a huge help when developing a disaster recovery plan as well as how to get back up and running efficiently. Network monitoring will help identify gaps between a current setup and what is needed. For example, the plan should include regularly scheduled backups from wireless devices, laptop computers, and desktop computers to a network server.
That data can then be backed up and placed either in the cloud or at an off-site location based on the final approved plan. It will also be an important part of the plan framework and a way to also confirm all systems are back up and running as expected.
The key point to remember is almost anything can have a disaster recovery plan. From a system failure to a natural disaster; there should be a plan in place that is understood by everyone who will be part of the recovery team. This type of planning should include not just the IT team, but key business stakeholders in order to understand what functions should be online and available first as opposed to what can be pushed further down in the recovery plan.
Conclusion: These are just a few examples as to why network monitoring is important for every business, regardless of size. Each IT department must look at their own systems and decide what type of network monitoring, and how much, makes the most sense for that specific business. If a company decides against a network monitoring system, they are leaving their whole business at great risk for a variety of different issues.
Doug Nebeker is the owner of Power Admin LLC. Power Admin LLC has been building professional grade system monitoring products for many years.