06-10-2015 11:19 AM - edited 02-21-2020 05:30 AM
I am looking for any advice on how to better analyze what our users are doing on the internet.
In my environment we have branch offices that connect to our main office/data center. These connections vary from T-1 to 10Meg QMOE services.
The issue we have is that since we recently deployed Windows 8.1 and office 365, our users have been complaining of slow network speeds non-stop and business functions crawl to a halt (we run a CMS application for a state agency).
We currently use Ngenius/Netscout to monitor the bandwidth on our links. We know that most of this traffic is tied to Cloud servers/office 365 services but now and then we have users that just chew up the bandwidth using the "internet".
The problem is that our monitoring tool often time shows connections that we cannot nail down exactly what it is. For example it will give us just an IP and when I go do an ARIN look up, or GIS on the IP address, we usually receive vague results such as "century link" or "akamai".
Does anyone have any advice on how we can analyze this more thoroughly to figure out exactly what is happening? Of course we end up talking to the users but you cannot rely on their answers. Not everyone is going to admit what they are doing during work hours on-line. I also know that you can contact the ARIN registered POC for these places to ask for more records but that process is not feasible when we have several instances a day.
Anyone have ideas??
Solved! Go to Solution.
06-12-2015 05:03 AM
Sorry checked with our security guy its bluecoat that provided visibility of urls and there very expensive but there is open source options online
06-10-2015 03:06 PM
We use a software tool that macafee supply that allows our security engineers see exactly what websites users visit and other information , and on the network side we use netqos to see when,what type of traffic,ip and how much there using and what protocols there using, from this we can setup qos,nbar and acls on the cisco gear to restrict bandwidth or deny completly, we also use bluecoat devices at our edge
06-11-2015 12:10 PM
Can you give me the name of the Macafee tool?
Thanks for the input!
06-12-2015 05:03 AM
Sorry checked with our security guy its bluecoat that provided visibility of urls and there very expensive but there is open source options online
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide