Dabble Bluecast – Visibility at the Edge
The network edge is the place where users connect, the entry point for connectivity to enterprise and cloud resources. As the interface between users and applications that drive business, It is arguably the most important part of the network, yet it is also the least well monitored with regards visibility and security.
The network edge is geographically disparate comprising multiple subnets and broadcast domains. Much of the most valuable visibility data never leaves the edge, similarly when network issues do occur, to assess the actual user experience it is often necessary to get a perspective from the edge. Centralised monitoring solutions ignore the network edge, the network edge has become a visibility hole.
Dabble Bluecast is a lightweight, low cost IoT style appliance that plugs the visibility gap at the network edge.
Why Monitor at the Edge?
As the transition point between users and IT resources that exist either within the enterprise or the cloud, the network edge is a critical area for monitoring. Similarly, the network edge provides an excellent attack surface for malicious actors seeking to compromise the network environment. Yet we seem to often ignore the network edge with regards monitoring. It is ignored primarily because it is has been too expensive, too difficult.
IT resources, computers in particular, are chatty, they love to talk to each other. When a device such as laptop first connects to the network it broadcasts a whole heap of information to announce it’s arrival and ask directions to other resources in the network – think of it like someone arriving at a party, introducing themselves then asking loudly for directions to the food and drink. Most of this chatter is restricted to the individual broadcast domain and never traverses the wider network – that is, this information is not available to centralised monitoring solutions. This information is hugely valuable in building a profile of network traffic and host identification.
From a security perspective the edge is also critical, Bluecast provides the facility to alert when new previously unknown devices connect to the network either physically or via WiFi. Similarly, Bluecast can detect when devices behave erratically within a broadcast domain that may indicate a new compromise.
By implementing edge monitoring via Dabble Bluecast, we access this previously ignored information and use it as a form of data enrichment to supplement flow information gathered in the Blueshift core.
Bluecast at a Glance
Light Weight, Low Cost IoT Style Appliance. Cost is an important factor here as the number of discrete broadcast domains or subnets can make edge monitoring prohibitively expensive with traditional HW appliances. By leveraging standard off the shelf IoT hardware, Dabble is able to keep the cost of the Bluecast device very low allowing for widespread propagation through the network.
Zero Configuration – ship, plug in and start monitoring. The last thing you need is another device to configure and manage. Bluecast removes this limitation by being a true IoT device with zero configuration required. Once connected to the network, Bluecast starts collecting data with no external configuration required.
Active Monitoring . When problems occur it is useful to assess the situation from the user’s perspective. Bluecast provides a range of active monitoring techniques to measure user experience when issues occur. Active monitoring such as bandwidth saturation tests, latency tests, connectivity tests are provided as standard in Bluecast and can be activated remotely via the mobile web application.
Passive Monitoring. Bluecast uses a pure passive monitoring technique by only listening to broadcast and multicast traffic. That is, there is no requirement to configure a SPAN port or deploy a network tap, rather Bluecast can collect a wealth of information from broadcast protocols such as UPnP, DHCP and LLMNR. Similarly, many proprietary applications such as Skype and Dropbox also use broadcast techniques to transfer information providing further insight into network usage.
Host Identification. Host and device identification is arguably the most important feature offered by Bluecast. Implementation of host identification significantly reduces problem resolution time by pinpointing an actual user or address as opposed to a simple IP address. User identity information, or the ability to map a specific user to an IP address is normally contained within each broadcast domain requiring an edge solution such as Bluecast to leverage.
New Connection Notification. Bluecast alerts when new devices connect to the network. This is a critical function in helping to protect the network edge which traditionally has been largely unmonitored.
Mobile Application Interface. Access to Bluecast active monitoring and base information is available via a mobile application (iPhone and Android). The mobile app provides an easy and seamless mechanism to connect to Bluecast circumventing the requirement to configure or understand specific IP addresses.