Taking Network Monitoring to a New Level

By Paula Musich  |  Posted 2003-04-18

Taking Network Monitoring to a New Level

A Bell Labs spin off hopes to create a new category of tool that is considered indispensable to enterprise network planners and operators.

Lumeta Corp. this week will announce its IPSonar 2.0 network intelligence gathering software, which can gather in detail the true scope of an enterprise IP network and identify potential security weaknesses that other monitoring products cant identify.

The Somerset, N.J., company up to now had offered an auditing service that heavily leveraged the patent-pending IP mapping technology.

"We found a lot of organizations really only manage what they know about. Most customers dont know fully what all the resources are or whos on their networks," said David Arbeitel, senior vice president of strategic development at Lumeta in Somerset. "Over six years we learned that as technology evolves in an IP infrastructure, there is a strong need to understand what information is flowing on the perimeter of networks and understand the costs associated with managing the perimeter," he added.

With hundreds or even thousands of users and/or devices on the perimeter of an IP network that may not be discovered by traditional network monitoring tools, it becomes very difficult to plan network consolidations required when companies merge or when a change of operational control takes place. With the advent of wireless networks, partner multi-homed hosts for partner connections, VPN links that are only controlled on one end by an IT organization, and frequent network changes, the task of tracking the perimeter of the network has become more complex.

IPSonars non-intrusive discovery technology gathers information from the TCP/IP stacks of each device it encounters along the network and from customized packets that traverse IP networks. It can gather data on address space, hosts, devices and the live interconnectivity of sub-networks. It can also take a detailed census of all the IP addresses it discovers.

Such knowledge can be used to discover groups of servers that could be targeted for server consolidation and isolate hosts and network devices that may have unprotected inbound or outbound connectivity beyond the network perimeter to the Internet or other networks.

Page 2

For one company using Lumetas service, the discovery identified a few problems and potential security weaknesses in its network. "It showed us the topology of the network we have, showed us some loops that were taking place that hadnt been detected, and gave us indication of where potential hackers could get into our network through a DSL connection people hooked up from the desktop with no firewall between them," said the user, who asked not to be named.

IPSonar is made up of a single, centralized server and multiple sensors located in different points of a network. The sensors communicate with the server using HTTPS and Web proxies. The sensors actively scan various portions of a networks IP address space to identify all resources. The sensors generate custom packets that gather information and interrogate TCP/IP stacks encountered in the network. Sensors are typically placed in the network operations center and then in two other regions.

The central server aggregates data gathered by the sensors, performs data reduction and analysis, and provides reporting. Web-based reports provide executive-level summaries as well as more drill-down to specific issues. IPSonar also includes interactive visualization tools to help isolate network and security anomalies. After an initial sweep of the network, which typically takes about two weeks for 150,000 IP addresses, the tool can be used to detect any changes, which are also displayed in difference reports that allow simple comparison.

IPSonar is available May 1 for $21,500.

Rocket Fuel