Protocol analyzers: Dos and don'ts

Front-line advice on getting the most from protocol analysis and enterprise monitoring tools

As with any tool, protocol analyzers need skilled implementation. Here is advice from the front lines.

Read more in the companion article Protocol analyzers: How to choose and use them (no registration is required).

DO make sure you have the right expertise on your network operations and security teams to make effective use of protocol analysis tools to troubleshoot network problems, tune firewalls and other security devices, and investigate the cause of attacks on the enterprise.

In a large organization, chances are there are IT people with the right credentials to make effective use of these tools, but they are thin on the ground. "A lot of network admins would be stunned by what they see in Wireshark," says Opus One's Joel Snyder. Generally, look for experienced network engineers or security personnel with a strong hands-on background configuring network firewalls and intrusion-protection systems.

Your tech folks should have a thorough understanding of protocols and how they work, so they can quickly examine the packet captures, determine where the issues are and remediate them. Experienced pros can apply this knowledge to security and application issues as well as network operations.

"What you really need is someone who is pretty well rounded—think of the OSI model," says Mike Chapple, senior adviser to the executive vice president at the University of Notre Dame. IT people are often specialists: programmers who specialize in the application layer or network operations staff who know network and transport layers, for example.

To continue reading this article register now

Subscribe today! Get the best in cybersecurity, delivered to your inbox.