Acoustic Ideas


The Acoustic Ideas portal has moved! Please sign up for our new Ideas portal and submit your suggestions at https://ideas.goacoustic.com.

Improved data quality and decryption monitoring in the PCA

When there is a sudden change in the data sent to the PCA, a traffic loss may result... but this problem can be difficult to diagnose with the existing PCA statistics.

In many cases a change in trend is more important than a metric by itself... for example, a certain number of alien packets or Diffie Helman ciphers might be normal noise, but a sudden jump in these ratios may indicate a serious problem.

 

Several ideas to help with diagnosing traffic drop-offs: 

 

  • Better SSL decoding metrics:
    • Track the % unknown ciphers and raise an alarm if it exceeds a threshold
    • Track the % DH ciphers and raise an alarm if it exceeds a threshold
    • Track the % failed SSL negotiations and raise an alarm if it exceeds a threshold
  • Better detection of changes in traffic:
    • Track %traffic on the top 10 ports + others,  raise an alarm if there is a sudden change
    • Track health metrics on top 10 hosts + others (%DH seen, %alien, %dropped packet connections, %aged connections) raise an alarm if there is a sudden change
    • Survey of top 10 most commonly seen ciphers, + others
  • Access to commonly helpful commands:
    • SAR (for System Activity Report
    • More filtering for TCPDump (by host, port, etc.)

 

These changes will be particularly helpful when traffic from multiple hosts and networks is arriving... as for example it may surface a problem on a particular host that might be visible in the overall statistics.

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Nov 23 2019
  • Needs review
How will this idea be used?

These improvements will reduce diagnostic time and reduce the time to resolution when unexpected traffic changes cause data loss.

What is your industry? Banking
What is the idea priority? Medium
DeveloperWorks ID
RTC ID
Link to original RFE
  • Attach files