Lately, I have seen an increase in support calls regarding the increase in bandwidth consumption and the degradation of application performance seen when employees started working from home because of the coronavirus outbreak.
You thought that you had great network insight; how can this be happening?
In his blog, Jake talks about the fundamentals of proper network capacity planning. Network administrators need to see if their network links are properly being utilized or if the traffic load is increasing over time. By collecting NetFlow/IPFIX, you can trend this data for multiple years while retaining conversation granularity, allowing you to pinpoint exactly what application is causing the sudden bandwidth spike. Understanding the capacity of the network is crucial so that you are not blindsided when new applications or unexpected changes in traffic streams are introduced.
So, you have taken the fundamental steps to ensure that the network links are properly sized. But have you planned for the unexpected?
With the coronavirus outbreak, companies across Asia have allowed or instructed employees to work from home to limit the spread of the virus. Because of this, companies have an unprecedented amount of traffic accessing the network remotely.
Companies that are less prepared are not only seeing an increase in the number of remote workers but are seeing instances where network segments and IT applications are crashing because of WAN bandwidth constraints. Whereas companies with an agile workforce have been preparing for this contingency for some time and will be well prepared to maintain network integrity from a security perspective. Those companies have also likely taken steps to ensure that the network can handle bandwidth capacity whether it is on the LAN side or the WAN side.
There is great debate these days on whether working remote is a good thing
From personal experience, working remotely from home is great. I did it full time for about 9 years, and I still work from home a few days a month. I find that I have a different focus on tasks when there are fewer of the interruptions that occur in the office. While my experience has been good, working from home has some surprising downsides, and with proper capacity planning, bandwidth availability won’t be one of those downsides.
So, you have taken proper steps to ensure network capacity, and the network is not crumbling because of an increase remote worker presence. Still, there are cyber-risk implications from the coronavirus outbreak.
Employees will be accessing sensitive data and systems via unsecure networks or devices. A remote workforce can make it more difficult for IT staff to monitor and contain threats to network security. When a threat is detected in an office environment, IT can immediately quarantine the device, disconnecting the endpoint from the corporate network while conducting investigations. This isn’t as easily done with workstations connecting to the network remotely.
Organizations must remind remote employees of the need for vigilance and the dangers of opening attachments and links from untrusted sources. Administrators must ensure that VPNs are patched regularly. But administrators also need traffic insight, and NetFlow provides the ability to collect IP network traffic as it enters or exits an interface. By analyzing the data provided by NetFlow, a network administrator can determine not only interface baselines related to capacity planning but can also determine things such as the source and destination of traffic, class of service, and the causes of congestion.
By collecting flows representing all the conversations coming into the network from those remote workers, you gain visibility into suspicious conversations coming in and out of your network. NetFlow and IPFIX can recognize enough odd behaviors to protect against cyberattacks.
Does your network have the capacity to support production workloads in the event of increased remote worker traffic? How are you verifying that the traffic is legitimate?
Give me a call, I would love to talk to you about how to effectively use NetFlow for capacity planning and security awareness.