Netskope provides comprehensive security services to many of the world’s largest organizations, using its global Security Cloud and NewEdge Network to examine exabytes of data every day and alert customers to any potential threats. Netskope uses the Kentik Network Intelligence Platform™ to understand the performance and efficiency of every network connection in real time.
As organizations move more of their workloads and data to the cloud, data security is top-of-mind for IT leaders. That is why many of them (including 25 of the Fortune 500) turn to Netskope, a leader in web and cloud security.
Customers direct their workloads (for example, their Office 365 or G Suite traffic) to Netskope, which performs a variety of real-time security services, such as TLS decryption, data loss prevention, threat protection, and advanced analytics.
Netskope’s NewEdge is a carrier-grade private cloud network used exclusively to deliver security services to Netskope customers. NewEdge is made up of data centers located in major metro areas around the world. Each data center is devoted to processing the streams of traffic flowing between Netskope customers and cloud providers and the internet. Each data center has throughput capacity of up to 2 terabits per second.
The Netskope service has three stages: 1) customers sending traffic to Netskope; 2) Netskope enforcing security and controls on that traffic; and 3) Netskope forwarding that traffic to a SaaS provider, content delivery network or web provider. “From a networking perspective, the design goal of NewEdge is to make steps 1 and 3 as efficient as possible by reducing latency,” says Louis Zechtzer, Principal Architect for Netskope. “That’s why we locate our data centers physically close to our customers with a carefully selected diversity of peering and transit.”
A major challenge in operating any large global network is monitoring the flow of traffic to ensure quality of service, identify anomalies and avert problems. To achieve these objectives, Netskope uses the Kentik Network Intelligence Platform.
“We have Kentik in every one of our data centers,” notes Raman Sud, Director of Internet Services for Netskope, who is responsible for negotiating and managing relationships for IP transit, peering, fiber-optic lines and co-location.
When Netskope started building out the NewEdge Network, architects knew they would need sophisticated tools to provide visibility and intelligence about traffic flows over highly complex network infrastructures.
This need for sophisticated network visibility and intelligence is especially important for peering relationships. Peering is an agreement between two or more data-communications carriers in which traffic is exchanged, often without charge. Peering can make the business relationship simpler for both parties, but the main reason is performance, as traffic in a peering arrangement is designed to flow more efficiently.
A prerequisite to effective peering is knowing how much traffic is being moved at all times. With Kentik’s flow monitoring capabilities, Sud says, “We know exactly how much traffic is flowing, and the paths being taken. This intelligence is critical to helping us determine our peering arrangements.”
For example, he notes, customers will sometimes start sending a higher-than-normal volume of traffic to Netskope. Seeing the spike on the Kentik dashboard, Netskope managers can contact the customer to understand if the increased traffic can be expected to continue, in which case a peering arrangement might be advantageous for both parties.
“Kentik quickly shows you abnormalities in traffic flow and allows you to easily drill down to get more detail,” Sud says. “Kentik gives us greater insight on how we make key decisions and build good relationships with our customers.”
An accurate understanding of traffic volume and characteristics can have a huge impact on Netskope’s customers, particularly in areas of the world where tariffs for dedicated data services can be far higher than they are in North America and Europe. In some instances, data from Kentik has proved that customers were being charged under the wrong rate plan, and adjustments were then made.
Likewise, Kentik-produced metrics on how traffic flow can help a Netskope customer more accurately determine the level of service (called a “committed data rate”) it contracts for with its internet service provider, potentially saving tens of thousands of dollars a year.
A key requirement in the process of deploying data centers for the NewEdge Network has been automation. Sud notes, “The API from Kentik has been a big help to us” in building control systems for remote, hands-off management. “Kentik provides us with a lot of valuable information in a way that’s very easy to understand. It’s actionable intelligence with a tangible impact on how we best serve our customers — deciding who to peer with, for example, or finding the most efficient path for traffic.”
With Kentik-populated dashboards, network managers at Netskope can measure all the external traffic from each data center, identify where that traffic is flowing, and note any fluctuations. “And because Kentik gives you this information in context, we can quickly understand if these fluctuations need attention,” Sud says. “After all, not every spike means there’s a problem.”
Before joining Netskope, Sud was responsible for peering arrangements at Amazon Web Services (AWS), where he and colleagues used a number of single-purpose internally developed network-monitoring tools, each of which provided only limited information. In contrast, Kentik presents multiple measurements of network performance through a single interface. In addition, “Kentik allows you to pull data from a week or a month or whatever period you want and easily see the trends.”
“I use Kentik every day,” Sud adds. “It’s a great tool.”
The Kentik Network Intelligence Platform is the standard for network performance monitoring and diagnostics for Netskope’s global NewEdge Network. Kentik produces actionable intelligence that helps Netskope select the most optimal peering partners, route traffic along the most effective paths, and help its customers optimize their use of internet services.