WAN Analysis for Power Utilities
Conducting a WAN analysis for power utilities is the most effective way to ensure the integrity of utility networks and comply with industry security standards for the continuous monitoring and assessment of critical infrastructure assets. A WAN analysis for power utilities can identify vulnerabilities within a network, alert network administrators to unusual activity, and assist with mitigation and incident response.
A WAN analysis for power utilities can also have operational benefits. By being able to monitor network performance and analyze bandwidth usage in real time, network administrators can eliminate user abuse, troubleshoot network issues, and identify redundant or unused network resources. These resources can then be reassigned to eliminate bottlenecks in areas of high demand.
What Industry Security Standards Apply to Power Utilities?
The two most important industry security standards that apply to power utilities are the NIST Cybersecurity Framework and the NERC Critical Infrastructure Protection Plan. Although a voluntary “framework” – and therefore not a regulation – the NIST Cybersecurity Framework is built upon best practices implemented in various industry sectors.
Compliance with the NERC Critical Infrastructure Plan is compulsory by all utilities generating or distributing electric power, oil, water or natural gas. The plan´s specific areas of concern are security awareness, physical security, remote access connections, and incident response. Three of these four areas of concerns can be addressed by a WAN analysis for power utilities.
What a WAN Analysis for Power Utilities Does
A WAN analysis for power utilities uses a specialist network monitoring tool to monitor how vital WAN network links are utilized, identify the causes of overloaded links, and to detect problems with network connections and other devices. The network monitoring tool can provide an inventory list to track the servers and applications on the network and their users to improve security awareness, monitor remote sites from a central reference point and provide the opportunity for real-time incident response.
A further benefit of a WAN analysis for power utilities is that it is possible to ascertain that bandwidth is being used for legitimate business purposes (bandwidth monitoring can often reveal the presence of malware or significant non business related activity), and that the utility company is not purchasing more bandwidth than it actually requires. If this is the case, savings can be negotiated with the service provider.
Tools to Conduct a WAN Analysis for Power Utilities
There are various tools available to conduct a WAN analysis for power utilities, but not all of them provide the deep visibility you need to fully understand network performance and security issues. For example, flow-based reporting is a good way to understand what traffic is traversing the network but, in most cases, flow data does not provide any information about what is contained within packet payloads.
For many applications, those that ‘port hop’ (do not use standard network ports), or applications that run over http, flow based monitoring often does not provide enough information for the administrator to know what the applications are doing. For example, flow based analysis is pretty useless when examining HTTP traffic that originates from a CDN network. The real web domain that is being accessed is impossible to discover.
By comparison, deep packet WAN analysis for power utilities allows you to drill down into the metadata extracted from network packets in order to identify what protocols and applications are being used, who is using them, and from what devices. For example, with HTTP traffic to a CDN network, the real web domain being accessed becomes visible. With this level of network traffic analysis, you can see the actual packets involved in client conversations and identify the root cause of a technical issue or a security issue.
How Deep Packet Network Analysis Tools Work
Deep packet network analysis tools connect to the network via a core switch or virtual network switch and use a SPAN port or mirror port to collect packet data as it moves through the switch. Without interacting with network applications or devices, or affecting the performance of the network, deep packet network analysis tools capture data, stores the data in its own database, and provides details of both real-time and historical activity via a web-based portal.
Network administrators can configure deep packet network analysis tools to any managed switch on the network and then monitor any devices that send traffic through that switch. The analysis tools can then send instant alerts when specific network events occur and report on activity by users, applications or devices. The historical data can be used to conduct network forensics and for identifying network issues and trends that cannot be identified using real time data alone.
The LANGuardian Network Analysis Tool
The LANGuardian network analysis tool from NetFort is powerful “agent-free” solution for complying with industry security standards and optimizing the performance of a utility company´s network. The significance of LANGuardian being “agent-free” is that the tool can monitor remote sites without the need for software being installed on each device connected to the network – reducing maintenance overheads and eliminating the possibility of an employee connecting an unmonitored device.
Being one of the leading deep packet network analysis tools for complying with industry security standards, LANGuardian is incredibly versatile. It can be deployed on a dedicated physical machine, on a PC or laptop using VMWare Player or VirtualBox, or as a virtual machine on VMWare ESX or Microsoft Hyper-V. Once deployed it can be configured to report on what is happening on the network´s infrastructure by username, IP address, subnet, file name or web address.
LANGuardian passively captures traffic flowing through the network and extracts much richer data than traditional flow data analytics – providing network administrators with more accurate visibility of what website domains are being visited and what proxies may be connected to the network. It can recognize devices connected wirelessly to the network, identify applications using random port numbers, or standard port numbers for non-standard purposes to protect utility networks inside and out.
Try LANGuardian Free for Thirty Days
If your utility company has not implemented measures to comply with NERC’s Critical Infrastructure Protection Plan – or you have implemented measures that fail to provide you with the full level of network visibility you require – you are invited to contact us and find out more about conducting a WAN analysis for power utilities with LANGuardian on a thirty day free trial.
Our free trial offer enables you to evaluate our tool for conducting a WAN analysis for power utilities on your own network with no contracts to sign, no credit cards required and no commitment to continue using our deep packet network analysis tools. Contact us to find out more and start your free trial of LANGuardian today.