Sales Engineer | Technical Sales | Pre-Sales at SUSE
Vendor
2020-07-09T16:26:07Z
Jul 9, 2020
Typically I ask what information is it that I need to solve a problem or adhere to compliance. It is with that information that you can start directing the conversation. It is also important to establish your budget, but be open to adjusting if see that you might have underestimated the environment.
Some of the questions that need to be considered: -Am I looking for WAN or LAN traffic analysis? -Do I have encrypted environments or tunnels traversing certain areas? -Do I require the top talkers and related information, or do I require various response times (network, server, application, microservice)? -Do I have SDWAN implemented and can I leverage off of the vendor for certain views? -Will I be making use of Netflow/SFlow/etc. or live packet analysis or both? -Will I require visibility equipment like taps and packet brokers to aggregate and feed traffic to multiple sources? -What is the difference between port mirroring (port span) vs tap/packet broker feeds? -Is it all on-prem or multi-cloud (vTaps)? -Is the solution capable of managing the potential load, 5Gbps, 10Gbps, 100Gbps? -What compliance do I need to adhere to (PCI/POPI/etc.), thus I require limited captures, packet slicing/hashing, etc.? -Do I require ML/AI for behavioral analysis? -Do I have the staff to manage the solutions properly or do I require a service with the solution?
What is NTA? Network Traffic Analysis is a type of security product that uses network communications to detect and investigate security threats and malicious or anomalous behaviors within the network. NTA uses a combination of behavioral modeling, machine learning, and rule-based detection to create a baseline reflecting what the organization’s normal network behavior looks like. They then continuously analyze flow records and/or network telemetry, and alert your security team to a...
Typically I ask what information is it that I need to solve a problem or adhere to compliance. It is with that information that you can start directing the conversation. It is also important to establish your budget, but be open to adjusting if see that you might have underestimated the environment.
Some of the questions that need to be considered:
-Am I looking for WAN or LAN traffic analysis?
-Do I have encrypted environments or tunnels traversing certain areas?
-Do I require the top talkers and related information, or do I require various response times (network, server, application, microservice)?
-Do I have SDWAN implemented and can I leverage off of the vendor for certain views?
-Will I be making use of Netflow/SFlow/etc. or live packet analysis or both?
-Will I require visibility equipment like taps and packet brokers to aggregate and feed traffic to multiple sources?
-What is the difference between port mirroring (port span) vs tap/packet broker feeds?
-Is it all on-prem or multi-cloud (vTaps)?
-Is the solution capable of managing the potential load, 5Gbps, 10Gbps, 100Gbps?
-What compliance do I need to adhere to (PCI/POPI/etc.), thus I require limited captures, packet slicing/hashing, etc.?
-Do I require ML/AI for behavioral analysis?
-Do I have the staff to manage the solutions properly or do I require a service with the solution?