2020-08-04T06:30:00Z
Rony_Sklar - PeerSpot reviewer
Community Manager at PeerSpot (formerly IT Central Station)
  • 8
  • 1025

Why is it important to monitor traffic on your network?

Why should businesses actively monitor network traffic?

What benefits are there to network monitoring?

Any suggestions for where to start with setting up effective network monitoring?

8
PeerSpot user
8 Answers
David Collier - PeerSpot reviewer
Co-Founder at Nobius IT
Reseller
Top 5Leaderboard
2020-08-07T10:52:24Z
Aug 7, 2020

These are the 3 fundamental questions all businesses should answer before embarking on any monitoring project.


Let's start by saying that Network Monitoring is only 1 component of IT Monitoring. If you only monitor what is going on with the network itself you're driving with most of your car windows covered.


You also need to consider;


- Server Monitoring (hardware, OS)


- Application Monitoring (databases, AD, other middleware, web servers, application executables - the list goes on)


- Environmental Monitoring


- Security Monitoring


- End-user monitoring


Within these areas of monitoring, everything you monitor falls into one or more categories;


- Availability (is it working?)


- Performance (is it working fast enough?)


- Capacity (Have got enough of it?)


As a previous respondent has said, this also should be mapped to what the organization is using the IT for. i.e. what is the line of business systems that a company depends on to exist?


All these factors - the scope of monitoring and the categories of monitoring data when taken holistically, enable a business too;


1. Identify business-impacting events within the IT Infrastructure


2. Identify POTENTIALLY business-impacting events within the IT Infrastructure before they actually impact work.


3. Identify trends in an activity that can be indicative of changing business needs.


4. Identify where and when investment will need to be made to ensure that the business maintains operation (it's no use waiting until that disk drive is full before buying the upgrade - it's too late then).


5. Help to identify potential inadequacies in the IT Infrastructure (you do have a backup network route to your factory in Bolton don't you ?)


6. Identify potentially "rogue" devices on your network. Do you really want Alexa listening into the office activity?


7. Help to identify application improvements - how are people 'really' using your application? (I bet it's not the way that you expected !).


If you take these 7 capabilities that IT Monitoring provides and consolidate them into a single raison d'etre.....


A comprehensive monitoring solution encompassing the entire IT estate will enable an organization to save money by reducing the impact of IT issues. It will enable an organization to better plan the budget for IT investment. It will increase operational efficiency by reducing the number and duration of IT outages.


In a perfect world, IT Monitoring will pay for itself in terms of system availability, performance, and capacity. But it's not a perfect world.....


Only monitoring Network components only gives a network-centric view of any issue. Let's take a silly example..... Your router is reporting a massive increase in network traffic from one VLAN to another. The trend suggests that you're going to run out of capacity when the peak sales season hits. The problem though is that you've recently had an app upgrade that for some unknowne reason is doing full table scans of a 40GB table for each of your 300 users. Why fix the network when the application is at fault?


As for the final point - where to start?


As a previous respondent suggested, "start with an open-source no-cost solution....". That's probably a fair start. I would however consider all my points above first before launching into rounds of "yum install" or "tar -xvf". As far as possible, have an understanding of what your key business system are and how they plug together. Then identify the metrics that matter to the operation of that system. This is your foundation. For each metric consider why you need it, what you're going to do with it, how long to keep it for (that's the capacity side of monitoring) and what is the impact of it going wrong.


Now let me make something clear - and this is a personal perspective from a number of decades working in IT Monitoring - IT Monitoring Software is a mature market. It's a commoditised. Just about ALL monitoring software does fundamentally the same thing.


Large commercial vendors have a user base that's paying for support and upgrades as part of a maintenance contract. In order to maintain that revenue, these vendors introduce features and facilities that frankly very few customers actually exploit. Then the competition introduces the same features and maybe a few more and the whole cycle starts again - it's an example of the Red Queen Effect. The end result is that over time features are added that are of limited value or add to the underlying system requirements. I know of one platform that for a reasonably sized infrastructure needs around 12 - 20 servers just to do the monitoring (and that's excluding the proxies for remote monitoring).


Someone mentioned AIOPS. AI needs to learn in order to adapt. At the moment, AIOPS is MLOPS (Machine Learning Ops). The actual personnel and resource overhead in maintaining the additional components needed to make AI(ML)OPS a reality are beyond most companies - with the exception of very large telcos, service providers, and research agencies. For instance, AIOPS depends fundamentally on having a real-time dynamic view of the entire IT infrastructure and how everything is interconnected. Basically a CMS on steroids. As we enter the era of Docker containers, nebulous cloud services simply maintaining this view automatically is extremely difficult and resource-intensive.


Sure, IT Monitoring tools do network discovery and can identify new and changing environments but maintaining those dependencies is a complex process and I sincerely don't think that anyone vendor has 100% mastered it yet.


If you are a very large organization, with literally a million pounds to spend on IT Monitoring these large commercial solutions are the best. They're not perfect, not by a long chalk, but they are there. Factor in your running costs though.


Back to open-source. Open-source solutions such as Nagios and my personal favorite, Zabbix, are excellent at collecting data. And that is the fundamental, number one, priority. If you can't measure it, you can't monitor it.


My tips are, therefore:


1. Know what is important to your business.


2. Don't (please don't!!!) stick to monitoring networking devices.


3. Make sure you factor in the support and admin costs.


4. Don't forget to monitor user activity (known as Application Performance Management) as well as technical metrics such as CPU and Disk Space.


5. Start with the basics.


Hope that helps guide you.


Feel free to reach out to me on LinkedIn: www.linkedin.com/in/itomdave

Rony_Sklar - PeerSpot reviewer
Community Manager at PeerSpot (formerly IT Central Station)
Community Manager
Aug 9, 2020

@David Collier ​Thanks for this amazing, in-depth response!

PeerSpot user
Search for a product comparison in Network Monitoring Software
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Real User
ExpertModerator
2021-08-09T01:35:42Z
Aug 9, 2021

Maintaining full network visibility


You can’t adequately understand your network’s performance if you don’t have full network visibility. Your company needs to be able to observe every bit of traffic that travels through your network, as well as monitor every connected device and examine common performance metrics. Any network monitoring tool worth its salt will provide comprehensive monitoring capabilities that doesn’t leave any portion of your network in the dark. That way, there won’t be performance-affecting problems hiding somewhere on your network.


Discovering security threats


While network monitoring solutions are primarily designed for performance monitoring purposes, they can also help you find security threats lurking in your system. Some malware and viruses are designed to stay put on a network after they’ve gained access without doing anything initially; others might be performing small actions that would be undetectable to the human eye. Network monitoring solutions will observe a network for unusual and suspicious network traffic (indicating a security threat is drawing network resources) and alert your company to the problem.


Predicting and preventing network downtime


You can never guarantee 100% service uptime, even with the most powerful network monitoring solution — but they can help you prevent unexpected network outages. A key function of network monitoring solutions is observing for network traffic that indicates the failure of a device or network is about to happen. This way, your enterprise can preemptively correct any unexpected downtime, allowing you to maximize service availability wherever possible.


Observing bandwidth utilization


For most network administrators, bandwidth usage is one of the most important performance metrics to analyze. Ideally, your company wants to be using as much bandwidth as possible while ensuring that every service is running efficiently. A network monitoring solution will track bandwidth usage, inform your network when bandwidth utilization is reaching critical levels, and ensure that quality-of-service (QoS) protocols are running correctly.


Reducing mean time to repair (MTTR)


Network performance issues don’t just pose a financial cost; the time it takes your network team to repair a problem could be spent on other, more important tasks. As such, reducing the time between when a performance issue occurs and when it’s fixed is essential for businesses. Network monitoring solutions alert your team to performance issues as soon as they discover them, meaning a company can get straight to work addressing the problem. Many monitoring tools also include diagnostics tools that provide your team with an initial assessment of the issue, so your employees don’t need to spend as much time diagnosing the problem.


Testing changes to a network or device


Whenever you make a change to your network or a device, you need to test it to ensure that it’s performing as you expect. Adding or reconfiguring a device can screw up the rest of your network if it isn’t implemented properly. Network monitoring tools allow you to test new or updated hardware and connections, letting you see if they could cause problems before they negatively impact your network.


Generating network performance reports


A network monitoring solution constantly tracks performance data and displays it via visual representations on their dashboard. Monitoring tools can also generate reports that your enterprise can review, converting them into several printable file types. Your company can choose the schedule that the solution generates these reports on — weekly, monthly, quarterly, etc.


Finding performance issues that occur after business hours


Performance issues can occur at any time, even when there isn’t anybody in the office to fix them. If a problem happens after business hours, your enterprise needs to know about it; network monitoring tools continuously observe a network, meaning that they can discover these issues for you. A solid network monitoring solution won’t send out the alerts for these issues immediately, however, since those alerts could be lost by the time your team comes back to work. Ideally, the solution will delay the alert until a time determined by the network administrator.

Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Real User
ExpertModerator
2021-08-09T01:32:49Z
Aug 9, 2021

Network Traffic Monitor: Benefits of Network Traffic Monitoring


By monitoring network traffic with PRTG, you can:



  • Avoid bandwidth and server performance bottlenecks

  • Discover which applications use up your bandwidth

  • Be proactive and deliver better quality of service to your users

  • Reduce costs by buying bandwidth and hardware according to actual load

  • Easily troubleshoot network problems

  • Identifying Top Talkers and Conversations in the network: Determine which users and what applications are using maximum bandwidth, and drill down for conversational details.

  • Monitoring and projecting Traffic Trends and Usage Patterns: View trends in network traffic, and determine top applications and peak usage times.

  • Defining Applications to Monitor Specific Traffic: Use a combination of ports and protocols to define unlimited applications, and recognize this traffic exclusively in traffic reports. You can also mention a particular IP address to map an application.

  • Managing Devices Exclusively: Categorize devices and group them data into logical groups, and monitor traffic reports exclusively, for the groups.

  • Increased accounting: Improve resource utilization accounting with real-time bandwidth and network usage statistics.

RE
IT Manager Network at a transportation company with 10,001+ employees
Real User
2020-08-04T15:14:37Z
Aug 4, 2020

Start with an open-source no-cost solution like Nagios for Network Monitoring to get familiar with the features you like and don't like.


Benefits to network monitoring are the reduction in the meantime to recover and seamless experience to our customers.


Why should businesses monitor network traffic? Each business really needs to grasp its "why" on networking monitoring. Is it reactive and defensive or is it proactive with a roadmap leading to AIOps?

Rony_Sklar - PeerSpot reviewer
Community Manager at PeerSpot (formerly IT Central Station)
Community Manager
Aug 6, 2020

@reviewer1122879 ​Thanks for your input! Can you elaborate a bit more about how a business can decide on their 'why' for network monitoring?

PeerSpot user
reviewer1331706 - PeerSpot reviewer
I&T Design & Execution Reliability Engineering Leader at a financial services firm with 10,001+ employees
Real User
Top 5Leaderboard
2020-08-20T08:11:47Z
Aug 20, 2020

As already said Network monitoring is just one type of monitoring, and you should monitor on all levels to get a clear picture. 


Hnad in hand with monitoring goes a good Event, Alert setup, to be warned when something is happening.


Now to Why?


- Network monitoring is to find the bottlenecks in your network, by looking at Bandwidth and latency.


- check on malfunctionign systems, by looking at Network errors


- find out between which points the most traffic is excahnged.


- you can look at trends, sudden peaks in traffic.


Benefits: Most benefit you will get is to prevent network disturbances. e.g when someone is hogging the internet connection you can quickly resolve it.


- it should also give an idea on where to invest on network equipment based on usage, bottlenecks etc.


- with respect to appliation performance, the network is normally the first thing that one is pointing at. so, it certainly helps to be able to see if the network is overused.


- insights will help wih e.g. QoS implementation, for voip, and business critical applications.


start setting up: I wuld also recommend to start with opensource, (also depend on the size of your network and its complexity). 


Start with colelting standard in/out for the most important network components, like internet connection, routers, central switches. 


Then based on some initial observations, you can define some alerts on when an connection (e.g. internet) is over used, e.g alarm at 60, 80, 90% capacity.




Rony_Sklar - PeerSpot reviewer
Community Manager at PeerSpot (formerly IT Central Station)
Community Manager
Aug 23, 2020

Thanks for such a comprehensive answer @Raymond De Rooij ​:)

PeerSpot user
RE
IT Manager Network at a transportation company with 10,001+ employees
Real User
2020-08-06T12:52:38Z
Aug 6, 2020

Why is network monitoring in Place?  


Defensive monitoring is in place
because someone said we need but does not understand how it helps your business.


Proactive monitoring is when businesses mature to understand outages mean lost business lost customer satisfaction and lost opportunities then the why becomes apparent.  Proactive AI Monitoring moving to predictive ML  resolution is a strategic activity, Although not sexy.

Find out what your peers are saying about Datadog, Zabbix, LogicMonitor and others in Network Monitoring Software. Updated: November 2022.
653,522 professionals have used our research since 2012.
Aji Joseph - PeerSpot reviewer
Sales Director at Clouds Dubai
Reseller
Top 10
2020-08-05T19:05:21Z
Aug 5, 2020

Network monitoring proves clear visibility of your network thereby allowing you to act immediately in case of a network issue or bottleneck. You can easily identify network-related and security related issues that otherwise would take a lot of time in a network with more than 100 devices or more.


The first step would be to identify the devices and applications that you would like to cover under network monitoring. You can start with open source tools or solutions like PRTG or NetCrunch (cost-effective solutions).

Rony_Sklar - PeerSpot reviewer
Community Manager at PeerSpot (formerly IT Central Station)
Community Manager
Aug 6, 2020

@Aji Joseph ​Thanks for you input! 

PeerSpot user
JOHAN ROJAS - PeerSpot reviewer
Analista Senior de Servidores at vocem teleservicios
Real User
Top 10
2020-08-04T12:40:06Z
Aug 4, 2020

It is extremely important to be checking network traffic to detect possible failures such as bottlenecks, malfunctioning of a device on the network, or to detect any unusual increases in packets that could be some type of malware.

One of the biggest benefits is that you can see the performance of network traffic, Internet links, and the behavior of switches and routers.

It all starts with the most basic cabling that would be, having quality cabling, implemented in compliance with best practices, then making the network equipment settings according to the use to be made.

Rony_Sklar - PeerSpot reviewer
Community Manager at PeerSpot (formerly IT Central Station)
Community Manager
Aug 6, 2020

@JOHAN ROJAS ​Thanks for your input! This is really helpful. 

PeerSpot user
Related Questions
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Aug 26, 2022
Hi community, I work as the Regional Manager at a Tech Services company. Currently, I'm exploring open-source Network Analyzer and Network Configuration managers.  Which one would you recommend and why?
2 out of 4 answers
Faycal Noushi - PeerSpot reviewer
CEO/Founder at Zen Networks
May 10, 2022
Hello,  For Network Analyzer, you can use Elastiflow. It's pretty complete even though its development has stopped lately (we have recently deployed it in production for a customer). It is still just as good as it was a few years ago. For Network Configuration Management, it really depends on the sets of features you're looking for. But, you can use the Ansible & Gitlab combo. We've written a full tutorial for it on our website: https://www.zen-networks.io/ne... Good luck!  
TS
CEO at Rufusforyou LLC
May 11, 2022
I recommend checking Riverbed, depending on what you need: SNMP, MIB, or Flow. They have many tools available but they are not open source.  
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Feb 1, 2022
Hi SOC analysts and other infosec professionals, Which standard/custom method do you use to decide about the alert severity in your SOC?  Is it possible to avoid being too subjective? How do you fight the "alert fatigue"?
2 out of 6 answers
Robert Cheruiyot - PeerSpot reviewer
IT Security Consultant at Microlan Kenya Limited
Jan 20, 2022
Hi @Evgeny Belenky, I think as long as you do this thing manually, you will always have to be subjective. One will always say alerts from critical assets first, setting them with higher priority. But the concept of threat intelligence will help. Threat intelligence feeds will help in improving information about the threats you are handling. Without this, your assets and rules you set will always say "hey, this is a serious malicious activity" with brief information unlike when you get feeds from various sources of threat intelligence.  Fighting alert fatigue - It's good to have playbooks do some repetitive work. If an alert is generated, instead of jumping into all of them as analyst, playbook will help you automate some activities like checking file hashes in virus total. At least in the end one will be getting alerts that matters most and with sufficient information added by playbooks.
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Jan 20, 2022
Hi @Evgeny Belenky​, Below are a few strategies if taken into account can reduce cybersecurity alert fatigue in SOC. 1. Threat intelligence 2. Native integration 3. Machine learning 4. Watchlists 5. UEBA (User and Entity Behavior Analytics) 6. Automation
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote! If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too! ...
Abhirup Sarkar - PeerSpot reviewer
Director, Middle East, East India & SAARC at DMX Technologies
Aug 26, 2022
Modern-day servers are robust enough to accommodate as many applications and processes as possible. Still, there is a limit to how much load a server can handle. If your business does not heed the server constraints in time, you are bound to suffer from operational loss due to server downtimes. To closely monitor your server health, you must track specific metrics regularly. Here are some s...
See 1 comment
AleksandraWojdyła - PeerSpot reviewer
Marketing & PR Specialist at AdRem Software
Aug 26, 2022
Collecting as many metrics, statuses, and logs about the servers is indeed the first step, you never know what data you will need to solve a particular problem. The second step is to process and correctly pinpoint where the network performance/behavior differs from the expected range/baseline.  Can your network monitoring software automate the obvious (execute remote corrective actions in response to alerts) and notify the IT person about only critical situations where the human needs to make a decision about the resolution options? We expect the network monitoring software today to do just that.  I would say NetCrunch can do it, but do you have any experience with other monitoring products that provide a similar type of monitoring experience for IT teams?
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
May 2, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top 8 Network Monitoring Software Tools ...
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
PeerSpot User's Choice Award 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technol...
Abhirup Sarkar - PeerSpot reviewer
Director, Middle East, East India & SAARC at DMX Technologies
Aug 26, 2022
7 Most Important Metrics of Server Monitoring Software
Modern-day servers are robust enough to accommodate as many applications and processes as possibl...
Related Categories
Download Free Report
Download our free Network Monitoring Software Report and find out what your peers are saying about Datadog, Zabbix, LogicMonitor, and more! Updated: November 2022.
DOWNLOAD NOW
653,522 professionals have used our research since 2012.