Cascade Pilot packet and transaction analysis software
Improved network transparency, resiliency and performance
Achieved very fast ROI (during the 30-day trial)
Reduced MTTR from days and weeks to minutes
Avoided performance and security problems or shortened incident duration
Enhanced IT productivity and efficiency
SUNY College at Old Westbury
Cascade helps keep campus network safe and resilient withoutinconveniencing students or faculty
With a wooded 604-acre campus on Long Island, New York, SUNY College at Old Westbury features a quiet atmosphere dedicated to learning only 20 miles from New York City. The college offers more than 40 undergraduate majors through its schools of arts and sciences, business and education and 15 graduate programs. Old Westbury has 134 full-time faculty members and more than 4,400 students from across the United States and more than 20 foreign countries.
Challenge: Many devices, many sources of malware
The SUNY Old Westbury campus is connected by an Alcatel-Lucent network with a 20 gigabits/second backbone and 4,000 ports. Managing this network differs from running a network at a private corporation in a number of ways, according to Marc Seybold, CIO at SUNY Old Westbury. “We’re dealing with a large population of heterogeneous devices owned by individuals as opposed to the institution,” Seybold explains. “We’re not in a good position to install software, such as network access control, on people’s personally owned property. Also, we can’t consider the inside of the network to be secure. We’re as subject to attack from the inside as from the outside.”
These factors give Seybold and his colleagues in IT less control over their network compared to their peers in private industry. But they must still keep it running optimally, and part of that involves keeping it safe from malware. With so many people bringing their own computers to campus every day and logging into the campus network, the possible sources of infection are many. “It’s easy for machines to get infected with malware to the point where they disrupt the operation of other people’s machines,” Seybold explains. “The problem will have nothing to do with the network hardware, which can be up and running 100 percent, and people still aren’t able to do their work.”
The IT team tried installing client-based network access control software on student’s devices, but there were too many drawbacks to that approach for it to work well. What Seybold decided to do instead was make sure that the IT team had a comprehensive understanding of what was going on in the network at all times. If they were going to be in a position where they had to react to malware, they wanted to be able to act quickly before it could do much damage. “To accomplish this, we needed to know what was going on inside the network between the different end points—what the devices were doing, what protocols, what ports, how much volume was going back and forth,” Seybold explains.
Solution: Network transparency on multiple levels
Research led Seybold to the Cascade network performance management solution from Riverbed Technology. Cascade appealed because it combined flow analysis (NetFlow, sFlow, J-Flow, IPFIX, etc.) with packet capture and analysis, delivering the multiple levels of network transparency he was looking for. “Cascade addressed our core need, which was to be able to identify application flows bound back to actual user IDs, as opposed to tracking things on the basis of IP addresses.
Cascade also allows us to do a deep dive using packet captures when we’ve got a more difficult issue to solve.” Beginning with a 30-day trial, SUNY Old Westbury installed the Cascade Profiler application-aware network performance management and Cascade Pilot™ packet and transaction analysis solutions. Seybold figures that the ROI for the Cascade solution actually came during the trial period when he used Cascade Profiler to figure out what was causing network performance problems in the student union building.
“We’d been having intermittent problems there. People’s service was being heavily disrupted,” Seybold says. “We first thought the problems were related to hardware issues but nothing was wrong there. One of our engineers had spent about two weeks trying to figure out what was going on. After 10 to 15 minutes using Cascade, I could quickly determine that there were eight or nine systems with malware and peer-to-peer traffic that were disrupting the other machines in that building. I was able to remotely identify those machines, remotely disable the network ports and cut them off from the network, and the building came back up in a few minutes.”
Benefits: The right security for a campus network
This approach to campus network security fits well with the unique challenges posed by the academic setting. For Seybold, the goal is not total control of the network, but resiliency —the ability to keep it running well in this more open environment. “This is a more resilient, less intrusive solution to campus network security than a client-based approach,” Seybold notes.
Most of the time, the IT team can use Cascade Profiler to quickly spot typical causes of network performance problems, such as a virus or multiple machines joining in a peer-to-peer network. Mean time to resolution (MTTR) has fallen to minutes, rather than days or weeks.
While Cascade Profiler is used frequently, Cascade Pilot (for packet analysis) is needed much less often, according to Seybold. “There are problems when we need to do a deep dive and go all the way down to the packet level, but it’s been less often than I anticipated,” he says. But there are some problems that can only be solved with packet data, “Severe latency issues can sometimes only be addressed by looking at the packets.”
Seybold has set up Cascade to alert the IT team to trends that could lead to problems. For example, most of the college’s critical systems are hosted off site. Cascade is set up to monitor round trip delays between the campus and the host site. Cascade also monitors the college’s servers to track patterns of traffic that are typical of malware attacks. In addition to providing early warnings about potential problems, Cascade gives the IT team a better understanding of what is normal network usage and what is not. “Sometimes we’ll see a sudden increase in traffic but it’s just between classes when everyone jumps on their computers. It’s nice to know what is part of a normal cycle and what isn’t,” Seybold explains. The college’s network operations center has arranged four 47-inch LCD panels into a single large display, where the Cascade service dashboard shows constantly.
The most important benefit of Cascade, according to Seybold, is network transparency. “Without Cascade, it would be difficult to see how we could keep the network running on a day-to-day basis,” he says. “If we were to turn it off, we would have an accumulation of small problems that would build up into a rogue wave and we would have no way of knowing what was happening inside the network. We’d probably have to dedicate an individual to managing the network instead of installing a device that works in the background and does a fair amount of the analytics for you.”
SUNY College at Old Westbury’s Network is used by approximately 4,500 students and faculty, who log in each day using a wide variety of devices, any of which might contain malware that can affect network performance. The college’s IT staff needed to know when infected devices were causing problems for other users, and who these devices belonged to. A client-based approach to network access control was attempted but ruled out because it was too intrusive, among other problems.
Since installing the Riverbed Cascade network performance management solution, SUNY Old Westbury’s network has been more resilient and efficient. Because the IT team gets early notification when traffic patterns deviate from normal and have complete end-to-end visibility into network performance down to actually user IDs, they have been able to resolve network and security issues that previously took days or even weeks to diagnose within a matter of minutes now. Since installing Cascade, there is no longer the need to dedicate a full-time IT professional to network monitoring.
“This is a more resilient, less intrusive solution to campus network security than a client-based approach.”
“Cascade addressed our core need, which was to be able to identify application flows bound back to actual user IDs, as opposed to tracking things based on IP addresses.”