¿Le preocupan las vulnerabilidades de la VPN? Descubra cómo puede beneficiarse de nuestra oferta de migración de VPN, que incluye 60 días de servicio gratuito.

Blog de Zscaler

Reciba en su bandeja de entrada las últimas actualizaciones del blog de Zscaler

Suscríbase
Productos y soluciones

Key Requirements for Monitoring Networks Within Secure Global Organizations

image
ROHIT GOYAL
septiembre 18, 2022 - 7 Min de lectura

The shift to cloud applications and increase in mobility initiatives improves remote workforce productivity. However, to simplify end user access, network teams are constantly under pressure to design networks with fast, secure, and highly available application access. At a glance these may seem simple, but in actuality, they create a lot of complexity without the right tools.

As network teams think about flexible architectures and efficient operations, they must 1) consider removing legacy architectures (castle and moat) for more modern approaches (like the Zero Trust Exchange), and 2) drive towards confidently deploying applications securely with fast access. The above only holds true if you can monitor the entire environment from the end user’s perspective. That means monitoring the end user’s device, network hops to private or public applications, and over secure tunnels.

Image

However, the challenge doesn’t stop there. As more and more attacks (ransomware) become prominent, network teams must reduce attack surfaces and leverage zero trust solutions with network security functions—such as secure web gateways (SWG), cloud access security broker (CASB), and data loss prevention (DLP), to name a few—to keep their environment secure. This a balancing act between keeping environments secure and providing fast, reliable application access.

What if it didn’t have to be a balancing act? What if you didn’t have to compromise? It all starts with a solid monitoring solution. When you can rely on a solution to pinpoint issues, it provides networking teams the confidence to transform their environment. Here are some critical considerations for network teams when supporting a global and distributed workforce:

 

1

How do I quickly isolate regional or global network issues? Is my network experiencing high latency and packet loss, and can I quickly identify why it’s happening?

With a hybrid workforce, network issues are exponentially harder to isolate and triage as users log in from their homes, offices, hotels, and more. And when they switch locations, it’s only more difficult to capture latency, packet loss, and jitter. To provide a good end user experience, it’s key to triage problems within minutes and rule out network designs.

 

Key consideration: Select regional groups of users to see if you can isolate the network issues (high latency, packet loss) to a particular region or geo.

2

Can I get a hop-by-hop network view based on a user?

It’s difficult to know if a user’s issue is their device, network, ISP, or application. Troubleshooting each segment is time-consuming, and it’s difficult to know where to begin.

 

Key consideration: Check the latency and packet loss between network devices from the end user to the application.

3

Are GRE tunnels masking the actual root cause?

Encrypted tunnels protect users from external threats, but they create a network overlay, which makes it harder to know which network device is actually having an issue.

 

Key consideration: Map network devices from the end user to application with or without traversing the encrypted tunnel, and monitor the network paths.

4

How do you monitor private applications over secured networks not exposed to the internet?

When creating secure connections to private applications, monitoring tools often fail to see full end-to-end traffic. 

 

Key consideration: Capture end-to-end traffic from the end user’s device to the private application. This will provide the necessary insights in troubleshooting.

5

How can we quickly identify issues when we’re using multiple ISPs around the world?

Global organizations leverage multiple ISPs across regions, and it’s difficult to categorize each one to find issues. 

 

Key consideration: Check the network (latency, packet loss) between the hops that egress your network. Also, review ISPs’ status pages to verify if they are reporting an outage.

 

Image

A hybrid workforce enables complex troubleshooting environments

 

As you can see, designing a network requires many considerations, especially if you want it to be secure, fast, and reliable. The above is only a sample set, but the purpose is to keep end users productive no matter how or where they access applications. Once it’s designed, operating it shouldn’t be challenging. For example, take Verisk, a Zscaler customer that leverages Zscaler Digital Experience (ZDX) to proactively monitor their environment. 

“ZDX provides us with unified, granular, real-time insights into application, network, and endpoint device health.”

-Jeff Negrete, Vice President of Infrastructure and Operations, Verisk

Verisk was able to leverage ZDX to solve chronic network performance issues to determine exactly where in the network their end users had trouble. This not only helped end users, but also helped boost morale for the IT team to solve network problems fast.


ZDX is an integrated service in the Zscaler Zero Trust Exchange. Instrumentation starts at Zscaler Client Connector, a unified agent for cloud security, zero trust application access, and digital experience monitoring. As a result, setup is frictionless and quick—there is no need to deploy new hardware or software agents. ZDX is a cloud native service, part of the world’s largest security cloud that analyzes, troubleshoots, and resolves user experience issues.

Zscaler Internet Access (ZIA) helps secure your internet and SaaS connections by delivering a complete secure stack as a service from the cloud. By pairing ZIA with Zscaler Private Access, you can extend protection to your private apps and workloads, whether they reside in the public cloud or a private data center.

Image

ZDX is an integrated service in the Zscaler Zero Trust Exchange

 

Leverage AI/ML insights to drive root cause analysis in minutes

ZDX gathers a lot of data from devices, networks, and applications. It also feeds in Zoom and Teams call quality information, all in a simple and intuitive dashboard. This helps network teams proactively troubleshoot, before users are impacted, to resolve device, network, and application issues. As ZDX gathers this telemetry, it leverages machine learning (ML) to analyze the ZDX Score. It then provides potential root causes, speeding up troubleshooting.


The goal is simple: spend less time troubleshooting, eliminate finger-pointing, and get users back to work faster. To learn more about ZDX root cause analysis, take a look at the detailed blog and webinar.

Image

ZDX unifies device, network, and application silos

 

Isolate issues with confidence in your secure network design

Let’s consider a scenario where the network operations team is monitoring digital experience across their company’s application and service portfolio. With ZDX, they can see that while Workday and Box are faring well, users from India are having a poor experience with OneDrive.

ZDX provides a simple numerical score that helps quickly identify issues. The ZDX Score changes based on factors such as user device issues (restarts, amount of CPU in use, etc.), connections (Wi-Fi signal strength), applications, and more. Based on the score, the team can immediately identify impacted regions and narrow this issue down to network latency between BSNL, an ISP, and a Microsoft data center. The network team then raises a ticket with Microsoft to resolve the problem.

Image

Network operations proactively monitor and optimize performance

As network teams look to provide secure access to internet applications and private applications, ZDX provides unparalleled visibility into tunneled traffic through the Zero Trust Exchange. ZDX combines network traces from the end user to the Zscaler cloud, Zscaler cloud to the end user, and Zscaler cloud to the application. This is where other monitoring tools fail, as they can’t see beyond the Zscaler cloud. ZDX provides details across not only the tunnel, but also the underlay hops to provide end-to-end views.


To learn more, take a look at our Why Network Monitoring Tools Fail Within Secure Environments blog.

Image

 

Triage ISP issues without relying on third-party websites

Network teams are responsible for global operations, and it’s difficult to maintain several ISPs and quickly identify if there is a regional ISP issue, such as a brownout or blackout. ZDX ISP Insights uses ZDX telemetry (Web Probe, CloudPath metrics) from millions of devices worldwide to detect internet outages. With Zscaler, it’s easy to leverage a single site to view what’s happening with ISPs around the globe.

Image

ZDX ISP Insights

 

Understanding key requirements for network monitoring can be a challenge, but it’s important to look for holistic solutions that ensure security, reliability, and great end user performance. Take a few minutes to learn more about ZDX and how it can help you take your troubleshooting to the next level.

Image

form submtited
Gracias por leer

¿Este post ha sido útil?

dots pattern

Reciba en su bandeja de entrada las últimas actualizaciones del blog de Zscaler

Al enviar el formulario, acepta nuestra política de privacidad.