Not long ago network flow data was a secondary source of data for IT departments trying to better understand their network status, traffic, and utilization. Today it’s become a leading focus of analysis, yielding valuable insights in areas including network security, network optimization, and business processes. In this post, senior analyst Shamus McGillicudy of EMA looks at the value and versatility of flow for network analytics.
Enterprise IT embraces flow for monitoring and planning
Network flow data is quickly emerging as an essential source of data for analyzing network performance, optimizing infrastructure, and detecting malicious traffic. This wasn’t the case just a couple of years ago when EMA issued its Network Management Megatrends 2014 report. At the time, EMA’s research found that network flow data was only the fourth most popular source of data used for network engineering and capacity planning. Instead, enterprises were much more likely to approach these use cases with packet inspection tools, log files, and data extracted from management system APIs.
Just two years later, as EMA reported in Network Management Megatrends 2016, things had changed significantly. Network flow records emerged as the most popular source of data for engineering and capacity planning, used for these purposes by 41% of the surveyed network infrastructure teams. It’s a change that makes perfect sense, because network flow records provide clear and concise insight into network traffic patterns.
Flow data for WAN monitoring
The trend in engineering and capacity planning applies as well to wide-area network (WAN) service assurance, where network flow data is also essential. Enterprise WANs are currently undergoing tremendous change. Many enterprises are, for example, replacing managed WAN services like MPLS with public internet connections at remote sites. Organizations are pursuing these changes for a variety of reasons, not least of which is that they enable direct cloud access and higher bandwidth at a lower cost.
While software-defined WAN (SD-WAN) technology provides the infrastructure that helps enterprises leverage the internet for business applications, network flow data will be the data source they use to assure performance at these remote sites, regardless of whether they connect via Internet or MPLS. EMA’s 2016 research report, Next-Generation Wide-Area Networking, found that network flow analysis was the most popular type of tool for monitoring the health and performance of MPLS-based connectivity and Internet connectivity at remote sites, with 51% and 52% of enterprises using the tool for those use cases, respectively. So regardless of the nature of the network, enterprises are using network flow data for service assurance.
Popularity does not necessarily indicate value — many tools are popular simply because they are less expensive or less disruptive to infrastructure. But when EMA asked organizations to identify their most valuable WAN monitoring tools, network flow analysis again led all other tools, with 31% of enterprises identifying it as the most valuable tool for monitoring MPLS performance and 30% of enterprises indicating network flow analysis as the best tool for monitoring internet performance.
Advanced network analytics
As enterprises leverage more sophisticated analytics technology, network flow data has even more potential value for IT operations and lines of business. Many enterprises apply advanced analytics techniques like big data to network data. In our research for Network Management Megatrends 2016, EMA found that network flow records are the most popular type of data included in these initiatives, used in 49% of all network analytics projects.
Flow analysis helps enterprises with security, optimization, and business processes.
So how do enterprises derive value from advanced network analytics? First and foremost, they enhance network security monitoring (36% of projects). The second most popular use case is network optimization (30%). And 27% of these projects are able to apply network analytics to business process optimization.
The application of network analytics to business process optimization has huge potential because it shows that the IT organization is poised to leverage network data, particularly network flow data, to improve business operations. In these situations, network analytics enables an IT organization to reposition itself as a business partner rather than a cost center.
The upshot: value and versatility
EMA believes that network flow records, whether formatted as NetFlow, IPFIX, sFlow, or similar protocol alternatives, constitute one of the most versatile and valuable classes of network data. From capacity planning and performance monitoring to network security monitoring and business process optimization, the potential value is there. We recommend that any IT organization that is not already leveraging network flow data evaluate its applicability to their use cases. For organizations that are already using flow data, but with legacy tools, we recommend investigating how advanced analytics that include big data can increase your ability unlock the value of network flow data, which will help you achieve your IT and overall business goals.