We recently had an interesting chat with Charles Thompson, manager of sales engineering at Network Instruments, who told us that network analyzers are changing, evolving, and doing more than ever before. As enterprises increase in complexity, the analyzers they use need to do more than just monitor network traffic. Aside from more standard practices, IT managers need an analyzer that will let them reduce the number of countless hours spent trying to identify intermittent network problems. In crowded network-analysis field, the best way for a product to stand above the competition is to provide a single, consolidated viewpoint from which to monitor multiple network sources and probes.

Such a product is Network Instruments' very scalable Observer 12 network-analysis software. Providing a simple though fluent answer to the age-old question "Why is the network slow?", Observer 12 examines the many potential sources of network trouble—including applications, security practices and threats, P2P sharing, and infrastructure problems—and funnels the pertinent information to one user-friendly interface called the Observer Reporting Server (ORS), which is new to this version. The ORS takes all the detailed information from several suites and synchronizes it on one interface, saving a great deal of time.

"The ORS lets enterprises quickly move from high-level performance monitoring to root cause analysis," Thompson told us. "With ORS, the network team can view their global network while knowing within a few clicks they can drill down to isolate any problem on the network."

Enhancements to version 12 include security forensics, integrated support for multiprotocol label switching (MPLS), greater expansion in VoIP analysis, SSL and SSH decryption, ability to monitor Active Directory (AD), and full support of IPv6. Network Instruments' forward-thinking support for MPLS and IPv6 strikes us as particularly enticing. Both technologies will be of increasing concern to administrators over the next few years. And Observer has always provided comprehensive support for VoIP, which more and more companies are now deploying.

Beyond the ability to drill from an enterprise-wide view of network activity down to specific links, network teams must be able to isolate specific performance problems to a network, application, or security cause. Often, IT teams waste hours attempting to replicate the problem or blaming each other for causing the problem.

To facilitate fast problem resolution, Network Instruments has expanded GigaStor's retrospective network-analysis capabilities to identify a security breach. GigaStor surveys the network like a security camera, recording everything traversing the network for future analysis. With post-capture Security Forensics, GigaStor determines whether a security breach has occurred by comparing the historically captured traffic against a list of thousands of known attacks and anomalies. If a breach has been identified, GigaStor provides drill-down analysis to determine the source and time of the occurrence.

"GigaStor’s comprehensive forensics and Expert analysis has changed the way network, application, and security teams resolve network problems," said Thompson. "Rather than arguing about the source of the problem, the teams can focus on the solution. With Security Forensics, GigaStor can now conduct expert analysis for network, application, and security issues, identify the problem, and eliminate the guess work for IT managers.