VMware Cloud Community
TheVMinator
Expert
Expert
‎02-20-2015 08:40 AM
Jump to solution

Network Monitoring Tools

What are standard tools I should have for monitoring network traffic within vSphere that can use port-mirroring inside a vswitch to analyze traffic?  What vendors currently offer these and how do they compare?

Reply
0 Kudos
1 Solution

Accepted Solutions
Texiwill
Leadership
Leadership
‎03-06-2015 05:52 AM
Jump to solution

Hello,

I think this question will come down to requirements and $s you want to spend. The key is to determine what you need to do first. There are several tools that make sense to use, but not knowing your full requirements, your existing incident response times, it is difficult to recommend any solution. You may just need Splunk or you may need something on the order of RSA Security Analytics. Or you may want to move towards active response tools.

My recommendation is that you take the time to go to RSA Conference (www.rsaconference.com) this April and look around, talk to vendors, etc. there are a myriad of solutions that may work for you. But first go in with your requirements (regulatory + business).

Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009-2015

Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.

Virtualization and Cloud Security Analyst: The Virtualization Practice, LLC -- vSphere Upgrade Saga -- Virtualization Security Round Table Podcast

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

View solution in original post

Reply
0 Kudos
3 Replies
RockoBlaster
Contributor
Contributor
‎03-04-2015 02:44 PM
Jump to solution

I'm surprised there aren't any replies to this yet.

PacketSled is a network security monitoring, breach detection and forensics platform that runs within VMware, enabling long term retention of rich metadata activity records, and PCAPs. The sensor listens to a mirror port or distributed virtual switch to see inter-guest-VM traffic. It provides natural language search, threat detection and visual analytics. Disclaimer: I'm involved with the company. More info: http://www.PacketSled.com

Or a quick demonstration video here.

Reply
Texiwill
Leadership
Leadership
‎03-06-2015 05:52 AM
Jump to solution

Hello,

I think this question will come down to requirements and $s you want to spend. The key is to determine what you need to do first. There are several tools that make sense to use, but not knowing your full requirements, your existing incident response times, it is difficult to recommend any solution. You may just need Splunk or you may need something on the order of RSA Security Analytics. Or you may want to move towards active response tools.

My recommendation is that you take the time to go to RSA Conference (www.rsaconference.com) this April and look around, talk to vendors, etc. there are a myriad of solutions that may work for you. But first go in with your requirements (regulatory + business).

Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009-2015

Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.

Virtualization and Cloud Security Analyst: The Virtualization Practice, LLC -- vSphere Upgrade Saga -- Virtualization Security Round Table Podcast

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
Reply
0 Kudos
TheVMinator
Expert
Expert
‎08-27-2015 02:38 PM
Jump to solution

ok thanks again

Reply
0 Kudos