ITOA has become increasingly popular as the cost of resources to analyse the wealth of data around the data centre drop. The ability to predict the failure of IT systems to network bottlenecks, application performance monitoring to IT security, are just some of the uses for ITOA.
Much of the data used in ITOA has been around for decades. The problem has been how to capture it, how to analyse it and more importantly, how to get real-time data in order to be proactive rather than reactive to situations. ExtraHop is claiming that its ability to capture data on the network in real-time at wire speed, this means without slowing the network down, is enabling ITOA to look at ever more complex sets of data.
According to Jesse Rothstein, CEO, ExtraHop: “As awareness of Big Data matures, we are seeing faster and more widespread adoption of ITOA technology, and the importance of wire data as a source of insight has become a key topic in conversations with our customers.
“Businesses rely on IT as the lifeblood of their organizations, so the stakes are high for keeping that machine running as efficiently as possible. That’s where ITOA has really proven itself as a high-value, must-have initiative.”
What is wire data?
Wire data is a structured view of the information travelling across the network. Rather than look at the data in terms of the ports and protocols, it is reconstructed into more user friendly data sets. For example, Port 80 traffic simply describes data used by a browser. Wire data looks into more detail and can say if that data comes from specific applications and what type of information is contained inside the network packets.
Tools able to do this reconstruction of the network data are extremely important. One reason for this is that the network engineers who used to do this work are expensive and hard to find. Another reason is that a detailed understanding of exactly what is travelling on the network provides a deeper insight into network usage and performance.
For emerging technologies such as Security Analytics this information is key but it effectiveness is limited if it is not captured in real-time. It is that real-time capability that makes it possible to identify a cyberattack taking place rather than having to do the forensics and pick up the pieces later.
Survey results show interesting views
The details of the recent survey of 88 people that was carried out for ExtraHop by TechValidate show some interesting views. With the majority of the respondents appearing to know what wire data is this is very much a survey of the initiated rather than the average IT support person.
Despite that, the underlying numbers do give an interesting insight in how the data is being used:
31% are already combining data sources with their ITOA with something else. 34% are planning to do so within a year. Only 9% have no plans in the next 24 months to do this.
The use cases for ITOA are increasing with new cases such as IT security using the data for real-time security analytics beginning to grow. The biggest growth is in IT-driven business analytics.
Machine data (53%) is most likely to be combined with wire data. This is not about the Internet of Things (IoT), machine data comes from a lot of different sources but combining the two sets of data does allow for predictive analysis of performance, load and the ability to predict failures.
One surprise from the survey was the fact that 60% of the respondents thought that IT professionals understood the value and benefits of wire data. This does seem a good thing but deeper reading shows it is perhaps overly optimistic. So how well did they think people understood? Remember that there were only 88 respondents so:
- 2% (2 people ) said other IT pros understood it extremely well and were very knowledgeable.
- 12% (10 people) said other IT pros understood it very well and have a good understanding.
- 46% (40 people) said other IT pros had some understanding of what wire line data was.
These are hardly encouraging numbers given the potential for wire data in that real-time space. It would be interesting to see the same survey carried out at a major show such as IT Expo in a few months time. As there will be a wider set of people from across the IT spectrum it would be possible to get a more realistic view of who understands what.
Conclusion
The survey has looked at wire data in an ITOA context. While ITOA is growing fast across a large part of enterprise IT departments, the limited number of people who really understand wire data means that it is probably delivering far less than it is capable of doing. This should be a concern for the CIO/CTO/CISO as very useful data that they have available to them about their IT systems and security is being significantly underutilised.
