Choose a network management tool that can also help secure your systems

by Michael "Mullins CCNA, MCP" | Mar 09, 2006 8:00:00 AM

Tags: PRODUCTIVITY, NETWORKING, Network administration, Michael Mullins CCNA, MCP, network, tool, network management tool, network management, security, Security Solutions Newsletter

Takeaway: More administrators are beginning to realize the value of using network management tools to also ramp up security. In fact, one way to get the maximum benefit from such a tool is to choose one that can multitask. In this edition of Security Solutions, Mike Mullins tells you what to look for in such a tool and recommends his preferred solution.

In small to midsize companies, the administrator in charge of managing the network is also usually the person responsible for securing the network. As such, the individual disciplines of security management and network management have begun to converge into the broader field of network operations.

Network management tools are abundant and expensive, but more administrators are beginning to realize the value of using these tools to also ramp up security. However, using network management tools for security is a new concept to most vendors.

Most management tools do an excellent job of keeping track of your network interfaces, server processes, and network statistics. But you can get the maximum benefit from network management tools by selecting the right tool and using it to keep your network secure.

Know what you're looking for

When researching network management tools, keep in mind that the best tools have three key features.

• One simple interface: All of the information you need should be on one interface; you shouldn't have to switch between different screens. The interface should be Web-based and customizable for each administrator who needs to see the information. By giving system administrators, managers, and department heads a customized view that they can work with, they can become another set of eyes for your network operations.
• Ability to recognize normal operations: Most security-related events occur outside of the normal operating parameters of your network. Your tool must be able to tell the difference between normal traffic and abnormal traffic, and it should be able to report that information accurately.
• Actionable information: If you're going to use the tool to manage the security of your network, you must be able to act on that information from the same screen that delivered it. In other words, you should be able to detect a security-related event and then use the same tool to deal with the problem.

Find the right tool

At one point or another, I've used several of the most well-known tools, including HP OpenView, SolarWinds Network Management Toolset, and Cisco Network Management Toolkit. While these are all viable choices, I recommend using Concord Communications' SPECTRUM suite of solutions.

SPECTRUM offers a simple OneClick interface that's Web-based and customizable for a variety of users. With SPECTRUM, you can build a normal traffic pattern for your network, deliver a variety of reports on that traffic, and receive notification when something out of the ordinary occurs.

In addition, the information that the SPECTRUM interface delivers is meaningful. It allows you to drill down to the problem and find a quick solution.

For example, a company recently called me in to troubleshoot a performance problem on a network. Using SPECTRUM, I was able to quickly discover that virus activity was consuming most of the bandwidth.

This was a large network, but SPECTRUM was able to identify the MAC address of the infected machine and shut off the switch port. Once SPECTRUM recognized that the traffic pattern wasn't normal, I was able to use the built-in event correlation tool to stop a virus from infecting the entire enterprise and beyond.

Final thoughts

In today's corporate environments, budgets and personnel remain highly constrained. If your network management tool doesn't recognize what's normal for your network, it's time to find another tool.

Whatever network management tool you choose for your organization, it must also be able to deliver security management. Select the right dual-use network management tool, and you'll have more time to devote to securing your network.

Miss a column?

Check out the Security Solutions Archive, and catch up on the most recent editions of Mike Mullins' column.

Worried about security issues? Who isn't? Automatically sign up for our free Security Solutions newsletter, delivered each Friday, and get hands-on advice for locking down your systems.

Mike Mullins has served as an assistant network administrator and a network security administrator for the U.S. Secret Service and the Defense Information Systems Agency. He is currently the director of operations for the Southern Theater Network Operations and Security Center.

Print/View all Posts Comments on this article

Group Plicynice_manu80@...  | 03/10/06

SPECTRUM informationsysnetmgr  | 03/10/06

more infoMike Mullins  | 03/10/06

UK Contact / Suppliersysnetmgr  | 03/14/06

Europe contactsjsloan1223  | 03/14/06

aprisma one clickjsloan1223  | 03/10/06

So Mike, how much $$$ are we talking herejsloan1223  | 03/14/06

costMike Mullins  | 03/14/06

How does this compare with Intermapper?sully@...  | 03/20/06

Intermapper one of my most valuable Network ToolsServit2me  | 03/16/07

Automatos - another contender?gsbigger@...  | 05/24/06