Showing results for 
Search instead for 
Did you mean: 
Create Post

Detecting network threats can be elementary, my dear Watson

Level 11

If you've ever read the “Adventures of Sherlock Holmes” by Sir Arthur Conan Doyle, you're probably familiar with some of the plot contrivances. They usually entail a highly complex scheme that involves different machinations, takes twists and turns, and requires the skills of none other than The World's Greatest Detective to solve.

Today's government networks are a bit like a Holmes story. They involve many moving parts, sometimes comprising new and old elements working together. And they are the central nervous system of any IT application or data center infrastructure environment – on premise, hosted, or in the cloud.

That's why it's so important for IT pros to be able to quickly identify and resolve problems. But the very complexity of these networks can often make that task a significant challenge.

When that challenge arises, it requires skills of a Sherlockian nature to unravel the diabolical mystery surrounding the issue. And, as we know, there's only one Sherlock Holmes, just as there's only one person with the skills to uncover where the network problems lie.

That would be you, my dear federal IT professional.

Your job has changed significantly over the past couple of years. Yes, you still have to "keep the lights on," as it were, but now you have even greater responsibilities. You've become a more integral, strategic member of your agency, and your skills have become even more highly valued. You're in charge of the network, the foundation for just about everything that takes place within your organization.

To keep things flowing, you need to get a handle on everything taking place within your network, and the best way is through a holistic network monitoring approach.

Holistic network monitoring requires that all components of the network puzzle – including response time, availability, performance and devices -- are analyzed and accounted for. These days, it also means taking into consideration the many applications that are tied together across wireless, LAN, WAN, and cloud networks, not to mention the resources (such as databases, servers, virtualization, storage) they use to function properly.

Network monitoring and performance optimization solutions help solve the mystery entwined within this diabolical complexity. They can help you identify and pinpoint issues before they become real issues – security threats, such as detection of malware and rogue devices, but also productivity threats, including hiccups that can cause outages and downtime.

And, let's not forget a key perpetrator to poor application performance: network latency. Network monitoring tools allow you to automatically and continuously monitor packets, application traffic, response times and more. Further, they provide you with the ability to respond quickly to potential issues, and the ability to do this is absolutely critical.

As Sherlock said in “A Study in Scarlet,” "there is nothing like first-hand evidence." Network monitoring solutions provide just that – first-hand evidence of issues as they arise, wherever they may take place within the network. As such, implementing a holistic approach to network management can make solving even the biggest IT mysteries elementary.

Find the full article on Defense Systems.


While I agree for the most is not just government networks and enterprises that are a mix of old and new...

In the end, I believe the proper term is more like Enterprise Monitoring as it encompasses the networks, SIEM tools, server health,application response, etc. as you have alluded it is a combination of all of that which needs to be correlated.

Thanks for the blog...

During my time in Fed IT the biggest challenge I dealt with was with the legacy app/infrastructure and the snail pace that is the movement of Fed IT. I imagine nowadays it is still pretty much the same, but now IT has to protect those legacy apps as well. ugh! The cost of that app keeps getting more and more expensive.

It's not only the Feds who need awareness.  Anyone who uses any outside providers  for WAN services, or who overlaps with WLANs, or relies on a cloud service (A.S.P.'s, please!) needs awareness.

At a previous job I would review Novell services on a daily basis, and was very familiar with the number or print services and servers on the network.  One day I found many more binderies and started an investigation.

Long story short, the local cable provider had fat fingered a range of WAN ports on a WAN switch, resulting in an overlap of my corporate services with someone else's WAN.

I checked out an obvious router interface and found it looked identical to mine.  Further looking revealed it had default user name and password on it, and was attached to a city government office, with direct links to their state government offices.

Worse, no one in the city or state IT/Security shop knew about it.

I called up the city; they had no clue.  No idea of WAN, or of security, or the risks involved in not having a clue.  They knew the name of their ISP, which was the same as my WAN provider. But when I mentioned default passwords and no security, all I heard back was dead air.

I thanked them for their time and reached out to the WAN provider.  I figuratively heard sirens starting at their office in the background, and shortly thereafter the problem was resolved.  I could no longer see the city's network, and packet captures proved no traffic was passing between us.

Security is critical to WAN services, as is trust of the WAN provider.  Without that trust, suddenly an organization is challenged by having to consider installing firewalls on both ends of every WAN link, and who wants (or can afford!) that?

Proper understanding of a network and proper monitoring of its links and changes, are what Orion can facilitate.

Yes, great tools are wonderful, but they're only part of the great things required, like training, funding, knowledge, documentation--and perhaps most important of all:  staffing.

Level 14

Know your network.  Proper monitoring allows you to see and more importantly, understand what is happening on your network.  During my Navy days, every system I went to school for started with how the system operates under normal conditions.  After learning normal, then you could understand how to troubleshoot abnormalities.  The same holds true for your network.  You need to understand how everything on your network works under normal conditions.  That way you can effectively troubleshoot whet things aren't normal.

Level 21

I am going to have to agree with Jfrazier​ on this.  We are a hybrid cloud services provider and out network is incredibly complicated.  We are not only required to keep our networking up and running but also responsible for each of our clients who all have very different and unique environments with their own unique behaviors and performance baselines.


Yes pro-active monitoring is where it's at. Which can be done easily enough if you know your network well.

Level 20

Thank Goodness for Solarwinds!