The Power of 24/7 Network Monitoring for Government Entities

All right. Good morning and welcome to today's webinar where we'll talk a little bit about the importance of 24/7 monitoring for government entities. Just a few things. We will have the recording for you for today's webinar. This will be uploaded to our website. My name is Kevin Jackson. I am the senior solutions engineer at HelpSystems working with the Intermapper product. What we'll do is kind of go through a little bit of housekeeping in terms of a little background on the HelpSystems.

HelpSystems is a global leader in all things software solutions. Our job is to provide you with solutions, but also be a trusted advisor and help you build a better IT going forward. We have a number of different solutions within our portfolio. Cybersecurity and automation is our main area of focus. This is how we're able to kind of assist our customers and provide them with the necessary tools to ensure that they have an environment that is protected and well-monitored.

Our agenda today is we'll talk about what causes outages. We'll talk about some of the financial impact of IT, the downtime. We'll take a look at NIST 800-171. This is a cybersecurity framework that was put together a few years ago for federal contractors and government to adhere to. We'll kind of talk a bit about that framework and how it impacts that sector. We'll kind of talk about why we think Intermapper is the right solution for those government entities and kind of federal functions.

How the software can help and monitor those environments and we'll do a quick demo of the product as well so you can see how we work real time. Let's start out by talking about what causes network outage, right? There's a lot of different things that we can say that can cause an outage, but these are four of the more common scenarios that can cause a widespread outage. First and foremost, human error, right?

If someone makes a change, a configuration change or something like that, on your environment, that can also affect the environment, the implementation, the configuration. All that kind of trickles down. Human error is probably one of the more seen issues that can cause an outage. Then we go to environmental factors, right? Things that are associated with your network operations. Whether it's your HVAC going out or UPS or if there's something type of issue that causes some type of disaster, that can cause a big outage as well.

That's something that you have to kind of keep in your considerations. When you're building out these environments, ensure that your environmental is also up to speed, that those components are being monitored as well. And then you have configuration issues. If a network device or any type of device on your network is not configured appropriately, or maybe you have something that's in line or in path that's not supposed to be there, this can cause some issues and outages as well.

If you look, there's quite a few, excuse me, large issues, large outages over the past four or five years. Southwest had a major issue. Amazon had a major issue. It turns out that they had... Southwest, I believe, it was an old router that was still functioning that did not function the way it was supposed to be. It wasn't updated appropriately and caused some outages there.

The way your network is configured is very important, and the fact that you need to make sure you have the correct infrastructure in place to be able to support your day-to-day operations. And then the last one is lack of visibility, right? If we don't know what's going on, if we don't know what's running in the environment, then it's very hard for us to pinpoint where those issues may arise. It's very hard to have that at a glance view and to be able to mitigate those issues when they arise.

These are the four things I think are instrumental in causing network outages. If we can mitigate these risks, these potential risk, then this allows us to have a smoother network operation, day-to-day operation scenario. What is the financial impact of IT downtime? I just wanted to throw this out. A number of studies have been done within the last few years to kind of monetize how an impact like IT downtime can have financially to these different verticals.

Government and Defense is not on here, but we can do the math, right? If we take a look at the cost of downtime per industry, you can see that depending on the size and scope of those environment, it can be business critical and catastrophic, right? If we want to do the math, we can do the math. It's a simple formula to kind of define what the financial impact of an outage may be. It would be the downtime cost equals the minutes of the downtime times the cost per minute.

That equation can give you an idea of the financial risk that you have if there is kind of a longstanding outage within your environment. Again, you can see the financial ramifications, but also not just the financial ramifications, but impact to the business name as well, right? You want to make sure that you have the reputation within the space. If your reputation gets dented by a longstanding outage, that can also affect you in the long run as well.

Let's talk a little bit about what NIST 800-171 Cybersecurity Framework is. This is a standard that was developed, and basically it was developed to focus on protecting those confidential and controlled unclassified information, so CUI, in those non-federal systems. CUI is information which is not classified. But according to the law, regulations or government policies must be protected or have access to the controlled.

This was created by the National Institute of Standards and Technology. Again, a framework that allows for better protection of those critical data and systems. It's a set of security best practices for non-federal information systems. It's government endorsed because of the complexity of the infrastructure and the data being protected. This helps organizations secure their infrastructure and protect those sensitive federal information, which is very important.

And then it has a number of different kind of requirements. It's kind of broken out in the different families of basic security requirements. All this information can be provided with a quick look up. But it gives you a nice framework in terms of what these organizations are required to protect and how they're required to protect it. Basically the next step is finding the specific resources that's going to be able to support this framework.

If you're outside of the country, outside of the US, at different regions of the world, I'm sure there's their own respective security framework that's probably similar to this. Maybe not verbatim, but similar terms of the information that is required to be protected and the information that is accessible.

This is just a basic general framework for us to be able to adhere to, to ensure that the government agencies, defense agencies, federal contractors are kind of working together to be able to protect those systems and ensure that their systems are secure. Who does this NIST framework impact? As I mentioned before, it's components of non-federal agencies or systems not collecting or maintaining data.

It's essentially using operating systems on behalf of a federal agency where data is not already covered by the different applicable law, regulation, or directive. Being able to protect those non-federal agencies or the systems is who it impacts. If you're a contractor for the federal government, or you provide any type of services to the federal government or Department of Defense, you have to comply with this framework.

And then while it's directed towards those non-federal agencies, federal agencies still are required to comply with other regulatory kind of components as well. FISMA and NIST provide that underlying regulatory support. If you want to know a little bit more, you can check out the archives and get some more data and some information about that as well.

The impact, again, is primarily for contractors working with the federal government, but also the federal government have to be in compliance as well to ensure that both sides are working together to protect the data. In terms of network monitoring, Intermapper itself, what can we do? Intermapper is a network monitoring and mapping solution. Primarily what we do is we're able to provide that network visibility, that at a glance view for your environment.

We can do that using mapping front end. We can go out and we can build out your network topology. We can provide you with immediate feedback in terms of how those devices are behaving and performing. We are pretty flexible in where we can run our application. We can run it on macOS. We can run it on Windows, Linux. We're flexible in that regards. Our key features, as I mentioned before, is our unique ability to provide you with live diagrams of your IT infrastructure.

Now, this is obviously important to be able to see your infrastructure at a glance, but also be able to read the data in kind of a straightforward, easy fashion, right? We're flexible in terms of what we can monitor. Oftentimes, we tend to only focus on those core infrastructure, but there's a lot of things that sits within the IT space that can be supported. It supports IP technology.

It can support SNMP, simple network management protocol, for more advanced performance metrics that can be captured from these devices. We utilize different protocols to be able to monitor your components, whether it's SNMP, whether it's TCP Web Services, whether it's using Windows-based operations to monitor WMI metrics, PowerShell, Command Line functionality. A lot of flexibility in terms of what protocols we can use and how we can monitor those components.

And then it's real time. We're providing you with real time alerting capabilities. We're able to give you that immediate data and be able to give you that at a glance. You can see that information and then be able to use that information to mitigate those potential risk. As I mentioned before, we are able to build out that layer three, excuse me, topology. We can provide you with a logical view of your infrastructures, give you an idea of what your devices are connected to.

Now, one of the nice components we have that can help, especially with government and defense, is NetFlow, NetFlow analysis and collection. Flows is great because it allows you to monitor the bandwidth utilization and consumption. But also if you're capturing this type of information, especially at the edge of your network, you potentially can see some DDoS attack.

If there are bad actors out there trying to hit your router or some type of gateway from the outside, Flows in is a component that can capture that data, and then give you an idea of where that information is coming from, right? There's a source and destination of the traffic. You can see those external IPs that's hitting your router or your firewall or your gateway. And then you can take that information and you can do your due diligence and maybe trace it and see where that information is coming from.

Flows, again, is not a full-fledged security component, but it is a way to capture that traffic, inbound/outbound traffic, at the edge of your environment, and be able to decipher what that traffic is, get a better understanding of where it's coming from, where it's going, what protocols it's using. And then, again, if it's a bad actor, you can get some more information about that to be able to do some due diligence on that information.

And then the software is pretty easy to install and set up. One of the components of what we do is we want to make our application ease of use, so folks can get it up and running. You don't necessarily need to be a high level engineer to be able to run and monitor your components. We want to make it as easy as possible to get up and running and start getting that data from the application. Now, how would Intermapper help in terms of this NIST environment?

Gaining the visibility and control of data flows. As I mentioned before, utilizing components like Flows is a way to be able to control and see the data flows, monitoring those open ports and unauthorized network devices that may pop up on your network. We can do new device detection scans. If folks are bringing things into the network and plugging them to your network and you're not aware of it, we can scan for those devices if they're broadcasting.

We can provide feedback on that. We can monitor, again, the control of information flow on those connected devices, monitor the traffic, monitor if there's errors and discards on those devices, monitor other performance metrics that are most important to you. We can capture and present back to you. Protecting systems from attack by monitoring inbound and outbound traffic. That goes back to our Flows component.

Being able to see the data coming into that network and potentially data that's going outside of the network. Again, if there's bad actors on the outside trying to impact and hit your routers, trying to break in, you'll be able to see that kind of traffic and that data. And then if there's unauthorized traffic going outside of your environment going through your router, and then external services, potentially you'll be able to the traffic going out, what protocols, what ports they're using, and be able to kind of, again, do your due diligence.

Flows is a really good protocol to be able to kind of keep an eye on bandwidth usage and consumption in that regard. Intermapper for government entities. We work extensively with governments and defense. Intermapper is GSA, General Services Administration, approved, which allows us flexibility in working at any government level, so whether it's federal, state, local.

We're also a recipient of the certificate of net worthiness, which meets all the technology standards required by the US Army and the US Department of Defense. This makes it a lot easier for us to be able to work with contractors, work with the government and the Department of Defense directly, if needed. Some of our customers include the Armed Forces, local government agencies, government contractors. We work with cybersecurity organizations, weapons and system providers.

Essentially pretty much anything that sits within that space, Intermapper has worked with or can work with to be able to provide coverage and assistance. We can help maintain those regulatory compliance. We can help you document your assets and ensure 24/7 monitoring. The key here is 24/7 monitoring. This is what we're able to kind of hang our head on. This is what we do. We are constantly going out there and pulling your devices, capturing the performance data.

We have this information up on the map on the screen, so you can see that. You don't have to do the work. We're doing the work, capturing the data, and then presenting that information to you. We're helping you to manage the risk and access for the utmost security. This is most important. And then we can monitor any device, including those non-standard. I mentioned this prior that we can support those non-standard communications devices, equipments, cameras, et cetera, going forward.

I just want to throw out a use case, a use case that we have for our government or defense. Because security concerns are paramount, what Intermapper can provide is we can be deployed and manage and close networks, right? If you think about it, a lot of Department of Defense and government have closed networks and that's by design. The nice thing about what we do is we don't have any phone home capabilities, meaning that we don't need to pull anything from the internet.

We can be installed in a close network and monitor that environment and provide all the coverage that's needed within that environment. The software doesn't need any access to the outside world. We can support the monitoring of those components internally. And it's also easy for visual. It provides with a real time monitoring of your critical infrastructure and systems.

The nice thing about what we can do as well is you can present this information to, again, someone who doesn't necessarily need to have that engineering background or that networking background, but they just want to be able to deploy the product, see their monitored elements, and see if there's issues on their network, and then mitigate if needed. This is what we're able to provide for those types of environments. What I'll do really quickly is provide a quick demo of Intermapper.

We'll kind of go through some of the things that we can do, and then we'll come back. This is an example of my test network here in Eden Prairie. This is a live map of some of the devices that I have monitored on my network. I have a little bit of everything here, some servers, switches, firewalls, routers. The nice thing about what we're able to present from our software is these are live devices that we're currently monitoring. You can see the flow of traffic on some of these components.

You can see that we halo'd devices based on the severity of those devices. We can halo the interfaces based on the thresholds that they basically have hit. We can explicitly set those thresholds on your devices as well. We can tell the software, hey, let me know when this link hits a particular threshold. We're able to monitor using SNMP. We're able to capture data like utilization traffic, received data, transmitted data, total data.

These are the three conditions that we can warn or alarm or provide you with criticality on. We can halo these links in a specific color when they hit a particular threshold. On top of setting the thresholds explicitly on the links, we can also set the notifications as well. We can tell the software, "Hey, send me a notification if the link goes down, or send me a notification if it's in critical alarm or warning."

You can set multi-layer notifications on single interfaces or devices, or you can set them anyhow you want to go into different parties, if you need to. And then once you're able to kind of set your monitoring preferences, we can see the information that Intermapper is capturing. We're able to monitor, again, the utilization traffic. We're able to monitor data transmitted, data received. We can see the errors and discards, transmitted and received.

And then what we can do here is we can chart out this data. This allows us to create what we call these real time strip charts of the data. The nice thing about what we do with this chart is this allows you to see some historical context, but also allows you to see some baseline of the data sets. You can have an idea of the behavior of those data sets over time.

You can see spikes anomalies, or you can, again, do some analysis on the behavior of those components to see, hey, is this a normal acceptable behavior, or is there something going on that I need to kind of address? We have these ability to chart out anything that we are able to monitor. We're able to chart this information out and capture for historical reference. You can keep this data around for as long as you want to.

If you have compliance reasons for keeping data, you can manage how long you want to keep the data around for and what data you want to keep around for. This is a charting function. And then we have the ability to, again, do some submapping.

If you have multiple sites and business units that you do have some type of connectivity to, if you are on VLANs or remote access or VPNs, et cetera, and you can access multiple environments or networks or subnets, you can create what we call submaps, where it's essentially just to drill down into those environments. We're monitoring these local elements here. We're able to see that information and that data.

We can go in and we can see the status window of that information and that data as well. This allows you to do it based on, again, if you have multiple offices, if you have DR sites, if you have data centers, if it's business units, if it's MDFs, IDFs that sits within your organization, you can create an extension to those locate and be able to monitor those components. The nice thing about the submap feature is it'll always show you the most severe event that's local to the site.

Visually you're able to see if there is something going on at the site, and then you can open up the map and then go down, drill down, and see exactly what's going on there as well. The question is how we're able to capture this data. The software uses probing architecture. The probes are essentially the backbone of what we do. It's how we're able to capture the data and be able to monitor the components that you have.

Intermapper has built in probes that can get you started to capture information and data, monitor those components, again, monitor those strategic components within your organization, bringing back the performance data, and then presented that information to screen. You can manage how long you want to pull the devices. We pull every 30 seconds by default. You can pull less aggressively, more aggressively if you want to.

Essentially it's just going out, asking for information, and then presented that information to screen. The software itself has a web interface as well. We can display this on a client. We can display this using the server console. And then we can also display this information using a web interface. Web interface allows for similar access. You can see the maps. You can see the monitored elements. You can drill into the devices and see the information.

The caveat here is that this is not a fully manageable solution at this stage, but this is more of a read only access to the data. This just allows you to see the monitored information. As the main console updates, the web interface will update as well. This can still be used to monitor your environment, and this can be provided to anyone who needs access to the software, to the maps, to be able to see the actual data without being able to manage it.

And then if you need to access charts, the charts are also accessible as well via this web interface. You can actually see the chart rights within this interface as well. This is kind of part of the product. This is built into the product, so this is free of charge. We have a client that allows you to manage the application as well. The software has the ability to create reports. We have a reporting function.

And then we also have our Flows component, which is an add-on to the main product that allows you to see that bandwidth usage data that I mentioned. The NetFlow traffic or sFlow or Jflow traffic, depending on what make and model you are running within your organization. Again, the flexibility of the software, you can have a lot of... In terms of the way you want the software to present the maps, there's a lot of formatting features and functions built in, topologies, icons built in, background images.

We have what we call help wraps built in, so you can run some troubleshooting applications directly from the map itself. If you need to run a quick ping test or a trace route out on a device because it's not functioning appropriately, you can utilize a help wrap to be able to do that. If you need to RDP into a server to change something or to do a reboot, you can do that. Or if you have SSH into a switch or tail net into another device, you can do that as well.

Or if you have your own troubleshooting application, you can also customize that application. You can access it from the Intermapper software to be able to launch that application and do some troubleshooting as well. A lot of flexibility in terms of the software. Again, we're flexible. We can run on pretty much any operating systems. We can run on physical or virtual environment. We can run on closed networks. We can run on distributed networks.

We can support SD-WAN environments. There's a lot of flexibility to what we can do and how we can present the data to you. That's the Intermapper software at a glance. Thank you, again, for attending. If you're interested in trialing the Intermapper solution, we do have a free 30 day trial on our website. Just visit the website.

And if you have any questions, comments, feedback, concerns, please feel free to get in touch with myself or send some information to [email protected] or send it to [email protected]. More than happy to assist. Thanks again for joining.