BUILDING THE INFRASTRUCTURE TO ENABLE THE CHANGING FACE OF IT

FEBRUARY 2017 \ VOL. 8 \ N0. 1

k E D I T O R S D E S K
k INFOGRAPHICS

Lots of Talk Data Mine

About SD-WAN,
but Action Too

k N ET W O R K I N N O VAT I O N AWA R D
k T E A M C H AT S E C U R I T Y

Nyansa Team Chat Apps:

We Need to Talk
About Security

k OVER THE WIRE

k INFOGRAPHICS

Advanced Machine Pulse Check

Learning Lends a Hand
to Network Security

k OPEN SOURCE
k T H E S U B N ET

NEW YEAR, NEW WAN Open Sesame: Open

Source Set to Trans-
Networking Careers:
Making the Leap From
Considering an SD-WAN deployment? Youre not alone.
form Networking Vendor to Enterprise

HOME SD-WAN DATA MINE OPEN SOURCE PULSE CHECK
EDITORS DESK | ALISSA IREI
Lots of Talk About SD-WAN, but Action Too
When it comes to software-defined networking in
Satisfied the data center, I sometimes think of the Toby Keith
song, A Little Less Talk and a Lot More Action.
software-defined
While research indicates deployments are growing,
WAN customers user stories still seem a bit thin. And as engineer Jor-
share their de- dan Martin wrote on the Gestalt IT blog, no vendor
pitch can ever pack the punch of a customer testi-
ployment stories. monial. When many of us are reluctant to try a new
restaurant without checking Yelp, it makes sense
that network managers want to hear about others
experiences before sitting down at the SDN table.
Well, as Toby sang, I knew somewhere amid all
this distraction was a little less talk and a lot more
actionwhich brings us to the wide area network.
IDC predicts the software-defined WAN market
will swell 90% a year through 2020, and anecdotal
evidence supports that narrative of exponential
growth. At the Open Networking User Groups most
recent conference, for example, a slew of customers
2N E T W O R K E V O L U T I O N, F E B R U A R Y 2 0 1 7
TEAM
CHAT SECURITY NYANSA OVER THE WIRE THE SUBNET
discussed their experiences with SD-WAN.
In this edition of Network Evolution, we share de-
ployment stories from three of these users, ranging
from a garden equipment manufacturer to a ma-
jor oil company (SD-WAN Is the New Black). We
hope these case studies will help you weigh the pos-
sibility of employing SDN principles in your WAN.
We also look at open sources progress (Open Ses-
ame: Open Source Set to Transform Networking)
and consider security issues of messaging apps like
Slack and Unify Circuit (Team Chat Apps: We Need
to Talk About Security).
Its fair to say 2016 was the year of SD-WAN, and
it looks like 2017 will be too. So in the words of Mr.
Keith, Lets get on down to the main attraction,
with a little less talk and a lot more action. n
ALISSA IREI
Features and E-zine Editor, Networking Media Group
 TEAM
HOME SD-WAN DATA MINE OPEN SOURCE PULSE CHECK CHAT SECURITY NYANSA OVER THE WIRE THE SUBNET

Three real-world case studies

SD-WAN show software-defined WAN
in action.
SD-WAN Is the
New Black
When the Pantone Color Institute selected the
shade officially known as 15-0343 as its latest Color
of the Yearpredicting the vibrant green would be
the it hue of 2017reactions among tastemakers
were decidedly mixed. Fortunately for networking
professionals, predicting the hot technology du jour
poses relatively little challenge: In the network,
software-defined WAN is indisputably the new
black.
BY ALISSA IREI SD-WANthe technology that applies software-
defined networking principles to the wide area
networkabstracts network intelligence into a
control plane, allowing enterprises to create dy-
namic, responsive and programmable networks.
While current adoption rates are still low, top ana-
lysts generally agree the technologys imminent fu-
ture is brightalmost as bright as Pantone 15-0343.

3N E T W O R K E V O L U T I O N, F E B R U A R Y 2 0 1 7 CREDIT: AIKIDO/ISTOCK

HOME SD-WAN DATA MINE OPEN SOURCE PULSE CHECK
According to Gartner, less than 2% of todays WAN
edge infrastructure refreshes are based on software-
defined WAN, but it expects that number to exceed
50% by 2020. IDC recently predicted the total value
of the SD-WAN market will reach $6 billion within
that same period.
The emergence of a growing number of SD-WAN
customer stories seems to support such projections.
Indeed, software-defined WAN was the darling of
the Open Networking User Group (ONUG) confer-
ence last fall, with several users taking the stage to
share their deployment experiences. To illustrate
the changes, we explore three of these examples of
SD-WAN in action from ONUG.
EXXON MOBIL AND CYBERA
Several years ago, Exxon Mobil Corp., based in Ir-
ving, Texas, found it needed to replace its entire
VSAT wide area network with secure broadband
connectivity to meet revised Payment Card Indus-
try Data Security Standards (PCI DSS)a consider-
able task. With 10,000 locations in North America,
the Exxon Mobil network was vast and diverse. In
addition to its typical retail sites, the company also
4N E T W O R K E V O L U T I O N, F E B R U A R Y 2 0 1 7
TEAM
CHAT SECURITY NYANSA OVER THE WIRE THE SUBNET
needed to connect about 450 wholesalers, some of
which had up to 100 branch sites of their own.
Chris Curington, Exxon Mobils North American
card security and fraud coordinator, said his team
wanted to enforce company security policies at the
site level, while allowing retail owners to use the net-
work for more than just processing card payments.
They also wanted to implement a Bring Your Own
Broadband option, allowing retail and wholesale
partners to access Exxon Mobils wide area network
via their existing connections if they choose, with 3G
or 4G backup connectivity in case of failure.
Curington and his team eventually settled on
software-defined WAN technology from startup
Cybera, which he said allowed them to meet each of
the above use cases. Cost was also a major consider-
ation, with plug-and-play provisioning minimizing,
if not eliminating, the need to send technicians out
to individual sites.
Going to wholesalers and saying, Wed like the
clerk behind the counter to be able to install this,
that was a paradigm shift, Cybera founder and
president Cliff Duffey said. A lot of the wholesalers
didnt believe it until they tried it.
Cybera deploys virtual networks on an
 TEAM
HOME SD-WAN DATA MINE OPEN SOURCE PULSE CHECK CHAT SECURITY NYANSA OVER THE WIRE THE SUBNET

application-by-application basis. In the case of
Exxon Mobil, Duffey said they spun up a network
specifically for payments, with security features
tailored to meet PCI DSS. They also created several
other dedicated networks for applications like video
surveillance, fuel management and customer loyalty
programs.
According to Cybera, separating networks by ap-
plication allows greater flexibility, with managers
able to tailor network requirements. For example,
a point-of-sale app could prioritize security while a
guest Wi-Fi network puts performance first. In the
case of a breach, this approach could also contain a
security threat, preventing it from spreading from
app to app.
In 2015, when American Express Co. launched its
Plenti rewards program with
Exxon Mobil as its official fuel
partner, the company needed
Exxon Mobil came to us saying, We need to get
this program launched quickly, Duffey said. But it
had complex requirements.
Nevertheless, he said Cybera quickly spun up a
new virtual network design, rolling out the changes
to more than 6,000 stores in just a few days.
MTD PRODUCTS AND CISCO IWAN
Like many enterprises, home and garden equipment
manufacturer MTD Products, based in Valley City,
Ohio, found itself struggling to meet user bandwidth
demands without breaking the bank. With about 70
global locations, 6,700 employees and more than
450 network nodes, MTD Products is growing, along
with its WAN needs.
Another challenge: Senior network engineer
Chris Bregar said MTD Products unreliable DSL
and cable backup circuits required hands-on work

500-1,000
Estimated number of organizations
to create yet another network
connection that could com-
in the event of a failover. Sometimes that meant call-
ing someone in, in the middle of the night.
municate with the Plenti pro- Because of the consumer-grade router on the
currently deploying SD-WAN products.
SOURCE: NETWORKING HYPE CYCLE,
grams third-party partners cable side, we have to reboot the cable modem for
GARTNER RESEARCH, JULY 2016
without compromising the se- it to function as a backup circuit, Bregar said. Not
curity of customer data. really scalable.

5N E T W O R K E V O L U T I O N, F E B R U A R Y 2 0 1 7 CREDIT: MACROVECTOR/ISTOCK

HOME SD-WAN DATA MINE OPEN SOURCE PULSE CHECK
The company decided to move forward with Cisco
IWAN, recently completing a proof-of-concept
(POC) phase in which they deployed hybrid WAN
technology at a handful of branch locations. Bregar
said they have seen huge improvements in perfor-
mance, cost and employee productivity.
One POC site in Mississippi, for example, has en-
joyed 40% circuit savings and an increase in band-
width of more than 400%. Eventually, Bregar said
they plan to get rid of the expensive MPLS link en-
tirely and transition to a dual-internet model. He
added that he understands his fellow engineers
reluctance to abandon guaranteed bandwidth and
service-level agreements, but believes it is time
for a paradigm shift.
As good as the internet has be-
come these days, its beneficial to go
that route, he said, adding that they
90%+
will get each link from a different
last-mile provider to minimize risk.
Since completing the proof-of-
Projected annual growth in concept phase in 2016, Bregar said
SD-WAN market to 2020.
SOURCE: DATA CENTER & ENTERPRISE SDN HARDWARE &
MTD Products plans to roll out
SOFTWARE MARKET TRACKER, IHS, NOVEMBER 2016
Cisco IWAN across all company
sites this year. In 2018, they hope to
6N E T W O R K E V O L U T I O N, F E B R U A R Y 2 0 1 7
TEAM
CHAT SECURITY NYANSA OVER THE WIRE THE SUBNET
ditch their MPLS link and move to a dual-internet
SD-WAN deployment.
KINDRED HEALTHCARE AND VIPTELA
With nearly 100,000 employees, facilities in 46
states and multiple large acquisitions each year,
Kindred Healthcares network needs are vast,
complex and constantly evolving. Former Kindred
Healthcare network engineer Eric Murray said he
became interested in SD-WAN as a way to improve
performance while cutting costs.
Our CIO had been on us for years, Eric, why
cant I use that broadband connection to route You-
Tube traffic and training videos? Murray said. We
wanted to have policy-based, application-aware net-
work routing over multiple connections.
The ability to microsegment traffic using software
was also attractive, he added. For example, isolating
connected HVAC or clinical equipment in a network
overlay can help protect the main corporate net-
work from third-party security vulnerabilities.
Finally, Kindred wanted an SD-WAN deploy-
ment with centralized management capabilities and
zero-touch provisioning, to ease the burden on the

HOME SD-WAN DATA MINE OPEN SOURCE PULSE CHECK
companys small engineering team, which consisted
of just seven people.
Ultimately, Kindred decided to deploy Viptela
technology, after calculating that, across a 700-site
deployment, the company could save as much as $4
million in just five years while increasing bandwidth
up to 700%. Murray said he was amazed at the speed
and ease with which Viptela allowed them to make
major improvements to the network. He recounted
7N E T W O R K E V O L U T I O N, F E B R U A R Y 2 0 1 7
TEAM
CHAT SECURITY NYANSA OVER THE WIRE THE SUBNET
how he added two new overlays and made a slew of
policy adjustments for a new use case in a matter of
minutes.
It was immediately clear when we started de-
ploying this just how easy it was to add new features,
such as another overlay to meet a specific use case,
without any disruption, Murray said. Any engineer
on our team could quickly adjust policy, put it in ac-
tion, and it just worked. n
 TEAM
HOME SD-WAN DATA MINE OPEN SOURCE PULSE CHECK CHAT SECURITY NYANSA OVER THE WIRE THE SUBNET

Data Mine
k Who you gonna call? Room video k Crystal ball: Predicted
conferencing support growth in SDN/NFVs percent
nSMALL OR MEDIUM-SIZED BUSINESS
n LARGE ENTERPRISE
share of data center traffic
70
62%
60

50
43%
40

30
30% 27%
24%
20
11%
10
4%
0
0%
Self-support Our equipment Managed Dont know
provider services

SOURCE: 2016 VIDEO CONFERENCING END USER SURVEY, WAINHOUSE RESEARCH, SEPTEMBER 2016,
N=311 NUMBERS HAVE BEEN ROUNDED AND MAY NOT EQUAL 100.

Number of anticipated global Wi-Fi

430M hotspots and homespots by 2020.

SOURCE: CISCO VISUAL NETWORKING INDEX (VNI) COMPLETE
FORECAST, 2015-2020, CISCO, JUNE 2016 SOURCE: CISCO GLOBAL CLOUD INDEX: FORECAST AND METHODOLOGY,
2015-2020, CISCO, NOVEMBER 2016. CREDIT: CSA-ARCHIVE/ISTOCK

8N E T W O R K E V O L U T I O N, F E B R U A R Y 2 0 1 7
 TEAM
HOME SD-WAN DATA MINE OPEN SOURCE PULSE CHECK CHAT SECURITY NYANSA OVER THE WIRE THE SUBNET

Open source promises

Open Source radical industry disruption
the question isnt if enterprises
Open Sesame: will use it, but how.
Open Source
Set to Transform When it comes to open source network soft-
ware, emotions run high. The topic has caused a

Networking fair amount of hand-wringing and any number of

gut-wrenching conversations in recent months, as
well as excited commentary from analysts and ven-
ture capitalists predicting imminent industrywide
disruption.
The stakes are also high, with thousands of jobs
BY STEVE ZURIER and millions of dollars up for grabs, and industry gi-
ants like Cisco are feeling the heat. The vendor re-
cently experienced steep layoffs, and according to a
2016 poll by JPMorgan Chase & Co., its standing as
a key network infrastructure supplier to enterprises
has slipped. Peter Levine, a partner at venture
capital firm Andreessen Horowitz, said the slide
came partly from the rise of open source startups

9N E T W O R K E V O L U T I O N, F E B R U A R Y 2 0 1 7 CREDIT: ISTOCK

HOME SD-WAN DATA MINE OPEN SOURCE PULSE CHECK
delivering network services via the cloud.
I am a believer that we can disrupt the network-
ing industry through open source, he told TechTar-
get at the time.
Nobody wants to be on the wrong side of the tech-
nology curve, the way BlackBerry and Nokia were in
the cellphone business. Now, Cisco, Juniper and the
other networking giants seem to be scrambling to
figure out how open source fits into their strategies.
Open sources champions argue it accelerates in-
novation, cuts costs, decreases vendor lock-in and
increases flexibility and efficiency. For Jason For-
rester, founder and CEO of SnapRoute and former
head of networking at Apple, his motivation for cre-
ating an open source startup
was simple: He wanted a full
nights sleep.
125%
I was spending so many
nights doing mundane man-
agement tasks that I just
Increase in revenue in open networking started thinking there had
bare-metal switch market between second to be a better way, he said.
half of 2015 and first half of 2016.
Forrester wanted to cre-
SOURCE: DATA CENTER & ENTERPRISE SDN HARDWARE &
SOFTWARE MARKET TRACKER, IHS, NOVEMBER 2016
ate an open software stan-
dard for basic switches and
10N E T W O R K E V O L U T I O N, F E B R U A R Y 2 0 1 7
TEAM
CHAT SECURITY NYANSA OVER THE WIRE THE SUBNET
routersstreamlining those management tasks that
used to keep him awake into the wee hours.
Andrew Lerner, a Gartner research vice president
who covers the networking industry, added that the
networking field is one of the last branches of tech-
nology to embrace open source.
When you think about it, the server and storage
side have gone through this with Linux for servers
and Hadoop for storage and big data, Lerner said.
So today, its not a matter of if your networking or-
ganization will leverage open source; its merely a
matter of how it will leverage open source.
Lerner said companies offering open source net-
working productssuch as SnapRoute, which fo-
cuses on enterprise networks, and NGINX, which
sells software-based load balancersopted to begin
with specific applications because each only had the
resources to focus on one aspect of the open source
puzzle. They also had to find ways to commercialize
their open source products.
Just because a product is open source doesnt
mean there wont be a certain level of lock-in, Le-
rner said. All of the open source companies require
a licensing agreement; they have to so they can sus-
tain themselves.

HOME SD-WAN DATA MINE OPEN SOURCE PULSE CHECK
BY MANAGERS, FOR MANAGERS
Like other open source networking startups,
SnapRoute claims to provide several key features
that solve specific technical issues enterprise net-
work managers face using traditional offerings:
1. Customized switching. SnapRoutes Forrester said
switches from the incumbents include numerous
bonus features that many companies dont need or
even use. Sometimes features that lie dormant can
get corrupted, slowing down performance or even
taking down the network. So with SnapRoute, For-
rester said if network managers want a switch to run
just the Border Gateway Protocol and the Spanning
Tree Protocol, they can build that operating system
on inexpensive white-box switches. SnapRoutes
goal is to let network managers build switches from
scratch the way power users build PCs or servers.
2. Automated task management. In the world of pro-
prietary switches, Forrester said network manag-
ers spend several hours inserting firewall rules and
writing access control lists. A Methods of Procedure
manual could be up to 40 pages of rules and com-
mands. Most networks deploy multiple switches, so
11N E T W O R K E V O L U T I O N, F E B R U A R Y 2 0 1 7
TEAM
CHAT SECURITY NYANSA OVER THE WIRE THE SUBNET
each vendor has its own way of automating tasks,
a situation that has added to the complexity. With
SnapRoute, once the network manager installs the
firmware, many of these tasks are automated. Net-
work managers can automate tasks according to one
method and do it on any piece of hardware.
3. Visibility into the source code. Forrester main-
tained that incumbent vendors dont allow access
into their source code, so network managers can
never really know how packets are traversing a
switch. Using open source networking, however,
managers can see precisely whats going on in their
networks and fix problems that in the past would
have taken hours or days to figure out.
4. Ability to do risk assessment. By offering visibility
into the source code, SnapRoute found that its cus-
tomers can run vulnerability scans, allowing them
to do a risk assessment and catch security bugs. For
example, by running a scan, one customer found
a memory management vulnerability that they
wouldnt have normally discovered as easily.
Similarly, Owen Garrett, head of products for
NGINX, said, in the past, proprietary load balancer
 TEAM
HOME SD-WAN DATA MINE OPEN SOURCE PULSE CHECK CHAT SECURITY NYANSA OVER THE WIRE THE SUBNET

vendors had full control over the ecosystem. Net-
work managers had to work with the products as
they were shipped out of the factory, were limited to
deploying them in-house and often had to wait for
several weeks or months for upgrades and patches.
Now, with an open source product like NGINX,
network managers have the flexibility to run
NGINX on a server, over a cloud service such as Am-
azon Web Services or Microsoft Azure, or on a con-
tainer or virtual machine. And upgrades and patches
are routinely developed and made readily available
by the open source community.
The flexibility doesnt force the network
manager into any one deployment model, Garrett
explained. Plus, companies can take advantage of
the open source community; it can build services
more quickly.
Network managers can get started by accessing
the open source version of NGINX and then pay for
tech support or other professional services.
INCUMBENTS RESPOND
Incumbents like Cisco and Juniper also have vari-
ous open source projects underway. Junipers Open
Contrail offers a way for network managers to spin

Open-minded: OpenDaylight platform use cases expand

28% 27% 26% 19%

0 100%
Network functions Network monitoring, Traffic engineering New service creation
virtualization and cloud management and analytics

SOURCE:OPENDAYLIGHT USER SURVEYS, OPENDAYLIGHT FOUNDATION, FEBRUARY 2016, N=149

12N E T W O R K E V O L U T I O N, F E B R U A R Y 2 0 1 7
 TEAM
HOME SD-WAN DATA MINE OPEN SOURCE PULSE CHECK CHAT SECURITY NYANSA OVER THE WIRE THE SUBNET

up virtual networks in cloud environments, some- people found value in open source Linux and Ha-
thing similar to how Aviatrix operates. doop, they will create communities that build more
And Cisco has any number of open source proj- efficient networking applications.
ects in the works. In some ways I understand it, the incum-
Ed Warnicke, distinguished consulting engi- bents are caught between a rock and a hard place,
neer, said Cisco has been involved for many years Jacques said. They know that the days of propri-
with the OpenDaylight Project. OpenDaylight is etary networking are passing, but they dont know
an open source controller that gives network man- how they can neatly make the transition.
agers visibility into the networkfor example, an Jacques pointed out that switches leveraging
ability to set global network policies or build a ser- open source operating systems like SnapRoute are
vice function chain. Cisco also works with PaNDA gaining share, but still represent a relatively small,
for analytics, Open Platform for network functions albeit fast-growing, segment of the networking
virtualization for network integration and testing, equipment market.
and Fido for forwarding That may be true. But Forresters quest to make
packets across an enter- life easier for network managers at SnapRoute rings
prise network. true. Again, its unclear how all of this will flush out.
Neela Jacques, ex- SnapRoute may get bolted on to all the incumbents
They know that the days of ecutive director of the switches. Or maybe SnapRoute will get scooped up;
proprietary networking are passing, OpenDaylight Project, we just dont know yet.
but they dont know how they can said open source will But for small organizations, large enterprises, and
neatly make the transition. become prevalent in all carrier-class and major provider networks, expect
Neela Jacques, aspects of computing open source networking to play a growing role. The
executive director, OpenDaylight Project and networking. He said incumbents had a good run for about three decades,
the same way technology but it seems a new era has dawned. n

13N E T W O R K E V O L U T I O N, F E B R U A R Y 2 0 1 7
 TEAM
HOME SD-WAN DATA MINE OPEN SOURCE PULSE CHECK CHAT SECURITY NYANSA OVER THE WIRE THE SUBNET

Pulse Check
k Wish list: Which possible outcomes of your k Break it down:
internet of things project(s) are most important? Total enterprise spending
on hosting and cloud
48% Better customer experience services
Application
services
38% Increased operational/logistical efficiency
5%
Professional
24% Development of new products services
42%

20% Predictive management and maintenance

9%
Security
19% Better use of IT infrastructure services

31%
16% Increased security
14%
Infrastructure
14% Keeping current products competitive Managed services
services

SOURCE: INTERNET OF THINGS PULSE SURVEY, TECHTARGET, SEPTEMBER 2016, N=208. SOURCE: VOICE OF THE ENTERPRISE: HOSTING AND CLOUD
NUMBERS HAVE BEEN ROUNDED. RESPONDENTS COULD CHOOSE TWO ANSWERS. MANAGED SERVICES, 451 RESEARCH, OCTOBER 2016, N=456.
NUMBERS HAVE BEEN ROUNDED AND MAY NOT EQUAL 100.

$23M Branded bare-metal switch revenue in first half of 2016, worldwide.

SOURCE: DATA CENTER & ENTERPRISE SDN HARDWARE & SOFTWARE MARKET TRACKER, IHS, NOVEMBER 2016

14N E T W O R K E V O L U T I O N, F E B R U A R Y 2 0 1 7
 TEAM
HOME SD-WAN DATA MINE OPEN SOURCE PULSE CHECK CHAT SECURITY NYANSA OVER THE WIRE THE SUBNET

Team collaboration
Team Chat Security applications such as Slack
and Unify Circuit can make life
Team Chat easier for enterprises. But is
Apps: We Need the risk worth the reward?

to Talk About
Security At charity: water, a nonprofit that provides
clean drinking water to developing communities
around the world, the team-based messaging ap-
plication Slack has become instrumental in creating
efficient workflows. But Slacks headline-grabbing
security incidents prompted charity: waters head of
BY SANDRA GITTLEN IT, Ian Cook, to deploy extra precautions.
One of my worries is that people get too com-
fortable communicating over chat andwith hack-
ing being a constant battle for these applicationsI
needed to know the policies we set could be en-
forced, Cook said.
Slack, along with Unify Circuit, HipChat and a
slew of others, is among a generation of persistent

15N E T W O R K E V O L U T I O N, F E B R U A R Y 2 0 1 7 CREDIT: VECTORSTOCK


HOME SD-WAN DATA MINE OPEN SOURCE PULSE CHECK
team workspacesplatforms that preserve ongo-
ing, topic-specific collaboration sessionsthat busi-
ness units are adopting to boost collaboration. Many
are doing so without involvement from IT, opening
their organizations up to significant risk. In April
2016, for example, security expert and white hat
hacker David Vieira-Kurz discovered a vulnerability
in Slack that would allow hackers to hijack user ac-
counts. Slack has since fixed the bug.
To minimize charity: waters risk, Cook decided
to participate in Slacks beta of GreatHorn, a web-
based security tool that wraps around the team
chat app. Using GreatHorn, Cook matches accept-
able use policies to filters that alert him when se-
curity rules might have been violated. For instance,
if a user puts language related to tax forms or wire
transfers into Slack, he receives
an immediate notification and can
1.25M
contact the user.
Weve been lucky so far. We
havent had any serious threats via
Number of paid Slack subscribers Slack, Cook said. But I am stay-
in October 2016.
SOURCE: WE LOVE IT WHEN THE NUMBERS TURN
ing vigilant to protect the organi-
OVER, SLACK, OCTOBER 2016
zation and to make sure we stay in
compliance.
16N E T W O R K E V O L U T I O N, F E B R U A R Y 2 0 1 7
TEAM
CHAT SECURITY NYANSA OVER THE WIRE THE SUBNET
CLEAR BENEFITS
Although many enterprise-level unified commu-
nications vendors like Cisco and Microsoft have
offerings in this space, stand-alone or freemium
persistent workspace applications are still popular
among businesses, according to Irwin Lazar, vice
president and service director at Nemertes Re-
search. A third of companies he recently surveyed
officially allow the use of these kinds of applications.
Business units, which consider these tools a path-
way to agility, tend to foot the bill, Lazar said, but IT
ends up having to support the applications.
Lazar added that IT should be proactive and un-
derstand that people find a lot of value in this form
of communication. Nemertes itself uses Slack, af-
ter the application won an internal bake-off against
HipChat. In fact, the firm just launched a hook be-
tween its website and Slack that enables the Ne-
mertes team to respond quickly to broken links and
new logins.
Charity: waters Cook said the benefits of team-
based messaging make the security and support
tasks worthwhile. Usage at the nonprofit started
with the engineering team, but today, all 80 staff
members, as well as contractors and interns, have

HOME SD-WAN DATA MINE OPEN SOURCE PULSE CHECK
Slack access. Cook has vetted the application, mak-
ing sure messages can be encrypted in transit and
at rest and that it supports two-factor authentica-
tion. He hopes to soon use Slacks security assertion
markup language support to tie the application into
the organizations Okta single sign-on tool.
The company currently has more than 108 Slack
channels or ongoing collaboration sessions. Users
rely on them for everything from discussing poten-
tial new hires to recognizing co-workers for excel-
lent work.
Cook aims to whittle the total number of chan-
nels down to 50 or 60 for tighter security. He and his
team have begun an internal Slack audit, identifying
orphaned sessions that they can ar-
chive or delete.
194%
Cook said the most important
team chat app channel is for the
emergency response program.
When a massive crane collapsed in
Increase in number of enterprises
using or evaluating team chat apps
February in front of the organiza-
between 2015 and 2016. tions New York City headquarters,
SOURCE: 2016-17 ENTERPRISE TECHNOLOGY BENCHMARK:
UNIFIED COMMUNICATIONS AND COLLABORATION,
employees knew exactly where to
NEMERTES RESEARCH, SEPTEMBER 2016, N=40
share their status on Slack.
We heard back from all of our
17N E T W O R K E V O L U T I O N, F E B R U A R Y 2 0 1 7
TEAM
CHAT SECURITY NYANSA OVER THE WIRE THE SUBNET
staff within two hours and knew they were safe,
Cook said.
RISKY BUSINESS
Despite the benefits that many team chat app users
cite, some experts say the rewards arent necessarily
worth the risk. David King, senior manager of the
internal audit, risk and compliance practice at pro-
fessional services firm UHY Advisors, said he prob-
ably would not have allowed Slack in his previous
position as a CIO at a hedge fund.
I know people are trying to modernize email and
make it more dynamic, but they also are giving up
control, King said.
He added that the new, stand-alone team messag-
ing apps dont yet compare to traditional enterprise-
level services in terms of maturity and security, and
suggested most organizations can use their existing
products to meet internal communication needs.
You have to know how the messages are being
protected and retained, King said. None of these
team-based applications have focused on that as
part of their service. It just doesnt feel like we are
there yet.

HOME SD-WAN DATA MINE OPEN SOURCE PULSE CHECK
He worries about scenarios like quarterly results
being shared over an unsanctioned Slack channel
ahead of a data breach, calling the likelihood of such
a scenario unfolding high.
If a CTO does decide to consider a team chat app,
King recommended putting the platform through
its paces on the risk management sidebuilding a
use case and subjecting it to the regular channels of
due diligence.
Once it is deployed, IT should have a way to turn
off access to the application when employees leave
and to stop unauthorized use on the network, he
said.
Lysa Myers, security researcher at security soft-
ware company ESET, worries that as these messag-
ing applications get more popular, theyll become a
bigger target for hackers. And she added users them-
selves are the biggest problem.
Are they talking about things that they shouldnt
be talking about on an unencrypted channel? Most
18N E T W O R K E V O L U T I O N, F E B R U A R Y 2 0 1 7
TEAM
CHAT SECURITY NYANSA OVER THE WIRE THE SUBNET
people will not go the extra step of turning on en-
cryption, she said.
Myers encouraged IT to get specific about policies
and what can and cannot be discussed over team
chat app channels. For instance, hospital workers
should never share any information protected un-
der Health Insurance Portability and Accountability
Act privacy rules, in case the platform is hacked.
Users have to understand these are not the most
secure venues, as well as the consequences if they
break the rules, she said.
Like King, Myers urged IT managers to weigh
a given messaging platforms approach to secu-
rity, conducting a thorough risk assessment before
adoption.
She hopes that team chat app vendors will start to
enact more secure coding practices, but until then,
enterprise IT departments must stay attentive.
You dont want to open the door and let all your
companys information flow out, she said. n
 TEAM
HOME SD-WAN DATA MINE OPEN SOURCE PULSE CHECK CHAT SECURITY NYANSA OVER THE WIRE THE SUBNET

Network Innovation Award

Nyansa: Voyance
Platform
kW
 H AT I T I S
A user experience tools platform

 H AT I T D O E S
kW
Monitors network activity, providing enterprises with
information they can use to pinpoint where application
performance problems may exist.

k H OW I T W O R K S
Uses a blend of cloud-based analytics and real-time
deep packet inspection to identify potential network
issues.

 HY WE LIKE IT
kW
Voyance doesnt just capture datait also analyzes and
presents it in actionable ways, with the ultimate goal
of improving the end users experience. The console is
also easy to use and understand.

To learn more about why Nyansa is our latest Network Innovation Award winner,read the whole story on SearchNetworking.

19N E T W O R K E V O L U T I O N, F E B R U A R Y 2 0 1 7

HOME SD-WAN DATA MINE OPEN SOURCE PULSE CHECK
OVER THE WIRE | LEARNING MACHINE | AMY LARSEN DECARLO
Advanced Machine Learning
Lends a Hand to Network Security
Advanced The enterprises absolute reliance on its
network to run its business puts the onus on IT
machine learning
to ensure the availability, reliability and security
can help distin- of thatinfrastructure. But defending the network
guish between against what is an increasingly virulent and sophis-
ticated threat environment can be an extreme chal-
false alarms lenge. IT has a wealth of tools to use in this fight,
and real threats, including those that capture volumes of data that
can point to any number of potential threats. Huge
but challenges
volumes of data can completely overwhelm an IT
remain. staff, however, making it difficult to discern a real
threat from a harmless anomaly. Thats where ad-
vanced machine learning can help.
The Ponemon Institute estimated, in total, secu-
rity analystswaste 21,000 hoursa year researching
false positives that lead them nowhere. These are
hours that would be far better used thwarting ac-
tual attacks. Manually trying to distinguish between
20N E T W O R K E V O L U T I O N, F E B R U A R Y 2 0 1 7
TEAM
CHAT SECURITY NYANSA OVER THE WIRE THE SUBNET
actual threats and unusual patterns when so much
information exists, however, can be nearly impos-
sible. For this reason, more organizations are be-
ginning to explore the use ofmachine learningas
a means to more quickly and accurately identify
threats.
Machine learninga discipline that emerged
from research into pattern recognition and com-
putational learning theoryapplies algorithms to
data culled from systems and networks to make
predictions about potential outcomes. In network
security, its used to profile traffic to recognize po-
tentially dangerous threats.
Machine learning has been around for decades,
but it has been prohibitively expensive because of
its intensive computational requirements. Now,
however, the relative decline in processing costs and
vast improvements in the algorithms used to spot
CREDIT: FILO/ISTOCK
 TEAM
HOME SD-WAN DATA MINE OPEN SOURCE PULSE CHECK CHAT SECURITY NYANSA OVER THE WIRE THE SUBNET

trends are making it a much more viable option for most comprehensive tools ingest data from multiple
businesses. sources, including network flow,log analysis, sig-
nature detection, vulnerability analysis and threat
intelligence.
APPLIED SCIENCE Conceptually, one of the major advantages to us-
A number of security vendorsincluding Cylance ing advanced machine learning for security is its
Inc., FireEye Inc. and Carbon Black Inc., as well as ability to process and analyze huge volumes of data
managed service providers such as Masergy Com- collected over timemuch faster than humanly
municationsare leveraging advanced machine possible. In an era where almost all businesses suf-
learning as a mechanism to accelerate threat identi- fer from a shortage of human security resources,
fication for a number of uses beyond network traffic this can be a tremendous help in ferreting out the
profiling and anomaly detection. Advanced machine issues that should command the highest-priority
learning can be applied to analyze user behavior and attention.
detectinsider threats. The technology can also be
used for spam filtering, malware identification and
detection. CHALLENGES STILL EXIST
With respect to net- That said, machine learning needs some fine-tuning
work profiling, advanced before it can accurately detect the most urgent
machine learning can be network security problems. First off, establishing
The most comprehensive tools
used to recognize pat- a baseline of what is normal on a network is next to
ingest data from multiple sources, terns in network flow, dig impossible in environments where virtually every
including network flow, log analysis, through historical data network is already compromised. Then, there is the
signature detection, vulnerability to identify trends and ongoing challenge of constantly shifting user behav-
analysis and threat intelligence. spot issues indicative of ior and ongoing changes in system-produced traffic.
a potential threat. The These changes are likely to produce red flags where

21N E T W O R K E V O L U T I O N, F E B R U A R Y 2 0 1 7

HOME SD-WAN DATA MINE OPEN SOURCE PULSE CHECK
there really are no significant issues. So, again, IT
must sort out more false positives and spend time
away from shutting down the real threats.
Clearly, there isenough progressand promise
in using advanced machine learning to find the
proverbial needle in the network haystack. It is
worth exploring as an option, provided organi-
22N E T W O R K E V O L U T I O N, F E B R U A R Y 2 0 1 7
TEAM
CHAT SECURITY NYANSA OVER THE WIRE THE SUBNET
zations understand its current limitations. It is
critical to know, like all things security-related,
there is no silver-bullet cure for what ails the enter-
prise. Instead, organizations need to use machine
learning in conjunction with multiple tools and hu-
man resources. There is, after all, no substitute for
experience. n

HOME SD-WAN DATA MINE OPEN SOURCE PULSE CHECK
THE SUBNET | Q&A | ALISSA IREI
Networking Careers: Make the Leap
From Vendor to Enterprise
n Sneha Puri Sneha Puri had a good job as a network design
n  Network Engineer consultant at a major vendor. But a desire to work
n  Suffolk Construction directly with the end user and an appetite for pro-
n Boston fessional growth spurred her to seek out a new posi-
tion in the enterprise. We spoke with Puri to learn
how she navigated this career transition, ultimately
landing in her current role as a network engineer at
national building firm Suffolk Construction. Here,
she shares her story, as well as advice for other net-
working professionals contemplating similar leaps
in their careers.
Editors note: This interview has been lightly edited
for length and clarity.
How did you become an enterprise
network engineer?
I did my undergraduate degree in electronics and
telecommunication in India before enrolling at
23N E T W O R K E V O L U T I O N, F E B R U A R Y 2 0 1 7
TEAM
CHAT SECURITY NYANSA OVER THE WIRE THE SUBNET
Rochester Institute of Technology (RIT) in upstate
New York. By the time I finished my first year at RIT,
I got an internship with Alcatel-Lucent. As soon as
I finished my masters degree, Alcatel offered me a
full-time job in network engineering.
At Alcatel, I used to work with a lot of senior ar-
chitects, and thats where I fell in love with network
design. Some of my clients were University of Pitts-
burgh Medical Center (UPMC), Verizon and Time
Warner Cable, just to name a few.
I left Alcatel in 2014. One of the biggest reasons
I wanted a change: As a design consultant you dont
get to see how your network impacts the actual end
user. You dont get to fix issues that could come
down the line; you just put a network in place. And
that was something I realized that I wanted to un-
derstand more about: how my network impacts the
end user. So that is why I made the move to Suffolk.

HOME SD-WAN DATA MINE OPEN SOURCE PULSE CHECK
Tell me about your transition from design
consultant to enterprise network engineer.
It was very scary at the beginning, because I knew
network design; I knew network engineering; I
knew vendors; I knew Alcatel in and out. But if you
lifted me out of that field, I had no idea what I was
going to do. I had no idea about wireless technolo-
gies or how to react to a customer when he said, My
networks not working. That was very scary.
I did a lot of research, and I spoke to a lot of my
colleagues at Alcatel. I spoke to people at UPMC
because they were in the enterprise domain. And I
dont remember exactly what compelled me to just
get out there, but I just started interviewing for en-
terprise network engineer positions.
I remember I got a couple of calls from Cisco and
other third-party vendors, but I didnt want to just
play it safe at that point. It would have been easy for
me to jump from one vendor to another. Youre still
sitting in the backnobody looks at you, nobody
knows who you are. I didnt want that anymore; I
wanted to go out and see exactly what I was doing
and how it was making a difference. I thought if I
could see what issues the users are going through,
I could probably manipulate or change my design
24N E T W O R K E V O L U T I O N, F E B R U A R Y 2 0 1 7
TEAM
CHAT SECURITY NYANSA OVER THE WIRE THE SUBNET
based on that, and it would make me a better net-
work engineer in the end.
And has that been your experience as an enterprise
network engineer at Suffolk? Do you feel like youve
grown?
Yes, oh, tremendously. I have touched fields I did not
imagine touching, and I have owned fields I did not
imagine owning. I have an amazing manager; I have
amazing folks around me, and that just pushes you
to learn more. I think I have more responsibilities
over here, as opposed to what I was doing in consult-
ing. Its just very different.
Tell me about a project youve worked on since
transitioning to your position as an enterprise
network engineer.
Shortly after I first came to Suffolk, we rearchitected
the entire core network. My manager and I say, You
actually take out the bones of the body. You fix the
bones of the body, you put the bones back and you
make sure the body still walks. So, that is basically
what we did over a weekend. I think that was my big-
gest project and one of the projects Im most proud
of at this point.

HOME SD-WAN DATA MINE OPEN SOURCE PULSE CHECK
What was the impetus for that project
and why was it so important?
Suffolk as a company had expanded quite a bit over
the previous couple of years. Once I came in with my
current team, we sat down and said, Okay, the num-
ber of people we have on board and the number of
projects we have are growing like crazy. This is what
were going to look like 10 years down the line, and
this is what we need to fix today to make sure we get
there.
We had to make sure that we had security and
redundancy, so that in case something goes wrong,
were not down in the water. We still have the abil-
ity to go onto the internet and access our resources
at job sites and construction sites. That is extremely
important.
What advice would you give a design consultant
who would also like to transition to an enterprise
network engineer role?
Take risks and dont be afraid. Its not an easy thing
to do, but its very, very rewarding. Theres a lot more
work involved. There are going be some sleepless
25N E T W O R K E V O L U T I O N, F E B R U A R Y 2 0 1 7
TEAM
CHAT SECURITY NYANSA OVER THE WIRE THE SUBNET
nights, but I think the biggest thing is just take that
risk. It pays off at the end.
And what advice would you give to someone
just beginning their networking career?
You need to study. You need to put in those long
days and long nights. Go that extra mile with every
project that you do, because a project is not just
something to put on your resumeyou can learn so
much from it. Ask questions. People love to answer
them. Engineers especially, we love to teach, we love
to show other people that we know this and we know
that, so ask questions. However stupid you think
you look, it doesnt matter. You will always come out
better at the end.
Also, when you first get into the field, certifica-
tions are a very, very big deal. I remember I got my
internship based on the fact that I had a Cisco Certi-
fied Networking Associate certification. They told
me later, One of the reasons we chose your resume
was because you had a CCNA over the other appli-
cants. So that is definitely something I recommend
to newcomers. n
CONTRIBUTORS

AMY LARSEN DECARLO has worked in the IT industry for

over 17 years and is a principal analyst at Current Analy-
sis for their security and data center services. DeCarlo as-
sesses the managed IT services sector, with an emphasis Network Evolution is a SearchNetworking.com e-publication.
on security and data center solutions delivered through
Kate Gerwig, Editorial Director
the cloud, including on-demand applications, unified com-
Alissa Irei, Features and E-zine Editor
munications and collaboration, and managed storage
offerings. Kara Gattine, Executive Managing Editor

Chuck Moozakis, Executive Editor

SANDRA GITTLEN is a freelance journalist in the greater Antone Gonsalves, Director of News
Boston area. A former editor at Network World, Gittlen
Linda Koury, Director of Online Design
now writes about technology, business and lifestyle for an
Anita Koury, Graphic Designer
array of industry publications, including StateTech Maga-
zine, Computerworld and Wharton Magazine. Nick Arena, Associate Managing Editor, E-Products

FOR SALES INQUIRIES, PLEASE CONTACT:

ALISSA IREI is features and e-zine editor of Network Evo- Doug Olender, Senior Vice President/Group Publisher

lution in TechTargets Networking Media Group. Irei was dolender@techtarget.com

previously the site editor for SearchSDN. Prior to joining

TechTarget, she worked as a news anchor, producer and re- @
porter at NBC affiliates in Montana, and as a lead editor WEBSITE EMAIL
at a Boston-based content marketing firm. Visit us Contact us

TechTarget, 275 Grove Street, Newton, MA 02466

STAY CONNECTED
STEVE ZURIER is a freelance technology journalist based
Follow 2017 TechTarget Inc. No part of this publication may be transmitted or reproduced in any
@NetworkingTT in Columbia, Md., with more than 30 years of journalism form or by any means without written permission from the publisher. TechTarget reprints
are available through The YGS Group.
today. and publishing experience. Zurier worked as features edi-
About TechTarget: TechTarget publishes media for information technology profession-
tor at Government Computer News and InternetWeek. als. More than 100 focused websites enable quick access to a deep store of news, advice and
analysis about the technologies, products and processes crucial to your job. Our live and
virtual events give you direct access to independent expert commentary and advice. At IT
Knowledge Exchange, our social community, you can get advice and share solutions with
peers and experts.

26N E T W O R K E V O L U T I O N, F E B R U A R Y 2 0 1 7