Lancope is now part of Cisco Learn MoreLancope Arrow About Cisco

Network Visibility for Mergers and Acquisitions

Charles Herring

Mergers and acquisitions create opportunities for organizations but are not without their challenges. One of these challenges is building a plan to merge the two computers networks. Intelligent NetFlow analysis can help in this.

Asset Discovery

One of the first steps in designing an effective migration is inventorying the acquistions assets. By examining host records created by observing NetFlow a single list of every host serving SMTP (email) can be resolved.

Observing network traffic with StealthWatch can help inventory assets

That returns a list of every active SMTP observed on the network.

StealthWatch identifies every active SMTP observed on the network

These inventories can easily be created for every service the parent company provides allowing engineers and architects to appropriately identify which servers need to be moved.

Service Profile

Different networks use network applications differently. A histogram of NetFlow records can reveal what the impact of moving those services will be on the network.

NetFlow can reveal the impact of moving services

Below is a snapshot of how the acquisition network is using the Internet links:

Snapshots can illustrate how the network uses Internet links

This is a breakdown of internal application use:

StealthWatch can also illustrate internal application use

Columnar data can also be generated in short order. Here is short list of Internet applications being used.

A short list of Internet applications being used

These reports can be tailored to reveal services provided to outside (Internet users), applications consumed and internal services.

Policy Violations

Prohibited services under the new policies can be resolved in short order. In the examples below the use of P2P, Dropbox and Tunnel (i.e. onion routing) can be observed.

StealthWatch can identify prohibited services

Using the host inventory, individual violators can be queried in the same manner that SMTP servers were found earlier.

Individual violators can be queried as well

Enforcement Success

In an earlier entry, I explained the importance of monitoring the effectiveness of network security mechanisms. NetFlow can easily display violations or security bypasses occurring in the evaluated network.

NetFlow can easily display violations or security bypasses

Link monitoring

In planning network expansion to allow for integration of two networks, it is important to understand how different geographic locations send data. Building maps of those relationships can help.

Maps of geographic locations can help integration

Building capacity planning metrics off of those relationship maps can provide histograms of traffic patterns.

Traffic patterns between geographic locations

Security Checking

NetFlow analysis can prove an effective method of detecting security events including worm & botnet infections as well as advanced threats currently active in the acquisition network.

NetFlow analysis can detect infections and advance threats

Wrap Up

Intelligent NetFlow analysis can solve problems around M&A. It provides detailed information on security events, policy violations, utilized services and capacity planning.


More from this contributor:

In part one of this series , I discussed the incident response needs of a NetFlow-based security solution. However necessary those functions are,...
As more organizations fall victim to large-scale data breaches and advanced persistent threats, digital security is becoming a higher priority for...
Recent InfoSec news continues to show the relentless attacks against academic networks. This problem is not new, however. In 1999, Dr. John Copeland...