​Uncovering and eliminating network blind spots

Network blind spots are often where organisations see issues arise such as outages, performance issues, security threats, and compliance problems.

“Network blind spots happen when an IT department is unable to see what’s happening on the network,” says Stephen Urquhart, General Manager A/NZ, Ixia.

“They can occur for any number of reasons, such as poor architecture or inadequate monitoring infrastructure. These blind spots can lead to unplanned outages, angry customers, and security breaches.

“Organisations should be aware of the most common causes so they can regain network visibility.”

Going forward, Urquhart has found eight common causes behind network blind spots:

1. Lack of monitoring access:

“Monitoring tools need to provide an end-to-end view of what is happening in the network,” Urquhart says. “This includes both physical and virtualised networks.”

2. SPAN port shortages:

For Urquhart, switched port analysers (SPAN) are often in short supply for monitoring purposes.

“They can also be easily misconfigured, resulting in incorrect or missing data captures,” he adds.

3. SPAN port overloading:

Urquhart says SPAN ports can drop packets if the switch CPU gets overloaded - this can drastically reduce the effectiveness of performance and security monitoring.

4. Monitoring virtualised environments:

According to Gartner, up to 80 per cent of data centre traffic is server-to-server, versus client-to-server.

“This creates excessive virtual machine traffic in virtualised data centres,” Urquhart adds. “This traffic may never be observed in regular monitoring.”

5. Siloed IT teams:

Urquhart says security, networking, and compliance teams often don’t work together or share data.

“This leads to errors in decision making and poor compliance policies,” he adds.

6. Rogue IT:

“Users adding their own ethernet switches, access points (i.e. mobiles), offsite data storage, or add other elements to the network can subvert company security policies and cause major blind spots,” Urquhart adds.

7. Addition of new network equipment:

“Failure to record who owns new equipment that is added to the network can cause blind spots, especially when equipment gets lost or forgotten but is still functioning,” Urquhart adds.

“Lost equipment causes wider security vulnerabilities that need to be addressed.”

8. New equipment complexity:

Urquhart believes the more equipment introduced the more complex the overall IT system becomes - if the IT system is too complex it won’t be used and may be forgotten.

“If any of these blind spots apply to an organisation’s IT system, it is important to respond in a proactive manner, rather than waiting for a system breach,” Urquhart adds.

“Companies should implement visibility architecture at the foundation, when assembling their network, to improve system visibility.

“Being proactive with the installation, maintenance and ongoing training related to IT infrastructure helps overcome potential threats, providing greater security and peace of mind to businesses.”