Ensuring Excellent

Digital Experience:
Key Factors to Consider

Enterprise Network Challenges 1

Intro
Navigating current trends to deliver In light of the COVID-19 pandemic there is a
excellent Digital Experience to your significant increase in digital transformation
trends among enterprises network architecture.
users and customers The latest trends in network architecture are in
various stages of evaluation and adoption. The
These days, more than ever, the delivery of
promise of these architectures is to modernize
an excellent Digital Experience is critical for
the organization’s network by supporting
enterprises as they strive to maintain their
intelligent, secure and distributed connectivity.
business continuity and reputations. Bandwidth,
Another recent trend is having a major part of the
throughput, latency, and other common
company working from home, communicating via
metrics are all aspects of evaluating how
Zoom, Microsoft Teams, Skype, or other remote
well your network supports your internal and
communication apps and accessing the network
external communications and the delivered
through VPNs. In addition, IT managers deal with
Digital Experience. After investing in network
disruptive trends like shadow IT and BYOD that
architecture and cloud applications critical to the
can overload networks and interrupt business
success of your business, that progress could
application performance.
be nullified with recurring complaints about
The purpose of this paper is to answer the
apps that do not perform as expected. Many
following: How do we successfully bring the
applications used by businesses and employees
enterprise network to its next digital level while
consume considerable bandwidth, including
ensuring and protecting business application
those that may not be business-critical, such
delivery and optimized Digital Experience? And
as social media, Webmail, video, and games.
what are the key capabilities that are required to
Unchecked recreational and personal traffic can
achieve this next level?
have a significant impact on business application
In order to answer these questions, let’s first look
performance over the WAN and the Internet,
more deeply at the current trends and challenges
reducing both productivity and quality of
for enterprise networks.
experience for the user.

Enterprise Network Challenges 2

Enterprise networks -
current trends and challenges
Trend Huge rise in remote user traffic as more people are forced to work from home
using VPNs

Challenge Prioritize business applications and provide high quality of Digital Experience to
employees and remote users.

These days VPN adoption has shifted from sporadic use (one day a week per
employer) to a new normal, meaning daily use by up to 100% of the company’s
workforce. In addition to buying more VPN licenses, companies find themselves
needing to optimize the new traffic load to benefit their current business needs.
As employees working from home want to have access to the resources they
normally utilize at the office and companies wanting to ensure security and
access, most employees will need to connect to their company’s VPN instead
of just working over Wi-Fi. The number of remote connections has increased
dramatically with the sudden surge in traffic from the VPN network. It now
becomes important for each organization to categorize the business apps used
in order to map out the enterprise QoS and Digital Experience requirements to
business priorities. For example, IT operational tasks, such as Windows updates,
server backups, antivirus updates and the like have the potential to congest
network traffic. If updates and backups like these are performed in the middle
of the day (maybe a critical update that needs to be done by the IT team, for
example), they can cause network issues, even if the bandwidth is relatively high,
and badly affect the end user’s Digital Experience. On the other hand, if a group of
financial analysts are having a team video chat over Zoom for example, sound and
video feeds must pass through the network with little delay, otherwise the call will
be disrupted. Network managers need to consider both the inherent requirements
of each application, together with their importance to the business, before
deciding what quality of service to assign them.

Enterprise Network Challenges 3

Trend Enterprises considering the delivery of excellent Digital Experience a key for their
business success

Challenge Protecting your organization from revenue loss and assuring its business
reputation.

The COVID-19 significantly increased new technologies deployment due to

customers’ demand for existing and new on-line services. Digital Experience
monitoring capabilities, of these on-lines services and business applications,
are key for enterprises if they wish to maintain their customers’ satisfaction
and employees’ efficiency and hence business reputation. Banks, retail, outlets
and health providers all compete in their fields to bring the best possible
on-line experience to their customers. Large corporations strive to create a
network environment that accommodates their employees, the supply chain,
and customers. But there is a temptation for employees to consume hungry
bandwidth applications for personal or entertainment purposes which may
overwhelm and exhaust the network. Anonymizers, peer-to-peer applications,
shadow IT and even crypto-mining find their way into the best organizations,
trying to fly under the radar of the IT department. Even if network congestion
is caused by reasons other than employee misuse (for example, a system
update), it is important to be able to know what is causing the congestion and
be able to react. The introduction of policy enforcement and timely reports can
help IT managers prioritize applications based on their business criticality and
troubleshoot and identify issues before they affect enterprise’s Digital Experience.

Trend Enterprise networks are dynamic, constantly being upgraded, adding new
architectures with the mission of increasing bandwidth. The digital transformation
of the enterprise requires evolution to deliver value to users.

Challenge Plan network upgrades and expansions wisely, understanding user needs.

The next generation of network architecture (SD-WAN, Hybrid cloud, Edge

Computing) will go through the cloud to improve connectivity. As an example,
SD-WAN is one way to approach routing in the world of cloud computing. A key
application of SD-WAN is to allow companies to build higher-performance WANs
using lower-cost and commercially available internet access. SD-WAN vendors
also promise application recognition, but their application recognition is limited
due to limited DPI capabilities (mostly rely on Server Name Indication header in
the TLS handshaking process) and limited capabilities to identify application intent
and polymorphic applications. Additionally, some SD-WAN solutions require deep
SSL inspection, to classify applications, which requires advanced and complex
IT operation. Application delivery over multi- and hybrid-cloud models will be
increasingly common in the future, hence the need to manage cloud access
traffic at a higher level and know how the network is being used.

Enterprise Network Challenges 4

Trend Major growth in Cloud SaaS applications and devices within the enterprise
network, some for business and some personal. Networks are becoming hybrid
and potentially less secure with the emergence of IoT technology and the
prevalence of BYOD.

Challenge Assure business application delivery to all types of users and devices while
maintaining organization security.

With many organizations going through the process of digital transformation

these days, just about every company is moving at least part of their business
applications to the cloud. They are becoming hybrid, from their IT architecture
point of view, and they must safeguard the network to assure their business
continuity in this hybrid environment.
When every employee brings their own device to work (BYOD), IT departments
start to lose control of the company network. They are in the dark when it comes
to which apps or programs are installed, how the devices are secured and the
type of files that are downloaded. It becomes critical for IT to deal with, detect
and manage IoT and BYOD for the security of the enterprise.
Previously, these personal devices would be locked down by strict corporate
policies in order to prevent privacy breaches, hacks, and malware. At present,
inability to control the hardware means more vulnerabilities to enterprise security.
An employee may innocently click a link on their phone, unaware that they are
downloading a Trojan horse. Another employee might use a torrent program to
download bandwidth-hungry files to their personal laptop. Each of these BYOD
scenarios may interfere with more important business applications.
According to IDC, the number of deployed IoT devices is expected to reach 41.6
billion by 2025. With the attack surface expanding, enterprises require a new and
broader reaching model for mitigating cyber risk introduced by the IoT trend as
DDoS attacks become more frequent and aggressive with overwhelming
capacity of more than 2Tbps. In addition, numerous reports have shown that with
so many people working from home, there was a substantial increase in attacks in
the first half of 2020.
The ability to monitor connection establishment rates and other symptoms
of anomalous user behavior, enables enterprises to surgically treat the root
cause (that is, the malware-infected device) without having to resort to broader
measures such as blocking entire subnets, links, or ports. Behavior-based anomaly
detection enhances existing security layers with frontline mitigation of DDoS bots
and other malware.

Enterprise Network Challenges 5

Trend Increased network availability

Challenge Reduce network exhaustion caused by users and applications behavior.

When the enterprise network exhaust , it will inevitably cost that business real
money. According to a 2019 ITIC survey, 86% of companies queried estimated
the cost of an hour of network downtime to be over $300,000. A couple of years
ago, Google's Director of Customer Reliability Engineering, Luke Stone, explained
some of the major reasons for downtime and how developers and IT can contain
them. One of the top reasons he refers to is the “Noisy Neighbor”. Network users,
and all it takes is a few, bring spam or bandwidth-eating applications to work
and become the noisy neighbor. As a result, it could unfairly affect normal users
throughout the enterprise. To deal with noisy neighbors, Stone recommended
creating limits, or policy controls, which is possible with a network intelligence/
visibility solution. You want to be able to remedy network issues for the long term,
not simply solve problems when they arise. If you can see what is going on inside
the network, you will have the opportunity to fix the issues that come up.

Enterprise Network Challenges 6

Take the enterprise network to its next level
Circling back to our original question, how do we take the enterprise network to the next level with
superior business app delivery and excellent Digital Experience? The answer is by implementing the
following key capabilities as part of the enterprise’s network ecosystem:
1. Ensure network and application availability
2. Provide real-time troubleshooting of network and application issues
3. Assure consistent and high-quality Digital Experience delivery of online services
and business applications
4. Guarantee optimal Digital Experience for remote users and
5. Protect
business continuity through constant monitoring of the network for
unusual events or trends – DDoS protection and mitigation

Ensure network and application availability

Granular network visibility allows your IT team to identify specific protocols and applications, whether
encrypted or not, as well as monitor and measure any static or dynamic policy element you define. Taking a
holistic approach to visibility can provide IT with deeper insights into how to increase network performance
and application availability for the entire network.
For instance, seeing which employees use specific applications, and when they use them, helps you prioritize
access and define traffic management policies that meet your business goals and user expectations. As an
example, your employees might be restricted from using Facebook during work hours. But your HR team
might require Facebook to search for suitable applicants. Knowing more about how the network is used
also helps you make fully informed decisions about the size and timing of future investments into network
architecture.

Provide real-time troubleshooting of network and application issues

Visibility solutions that incorporate Deep Packet Inspection (DPI) technology can monitor and measure
application performance and user QoE with very fine granularity, so you can quickly zero in on network
problems and troubleshoot faster. DPI technology identifies data traveling over networks in real time,
providing a highly detailed picture of traffic up to Layer 7+ application intent through the identification of
protocols and application type, and the extraction of additional information in the form of metadata. A DPI
engine needs to recognize the thousands of protocols and applications that can possibly transit on the
network. The DPI engine must also be able to classify encrypted traffic without decrypting it, using statistical
methods and pattern recognition. Monitoring Layer-7 application performance in real-time offers the most
accurate way to troubleshoot network issues.

Enterprise Network Challenges 7

Assure consistent and high-quality Digital Experience delivery of
online services and business applications
It has been pointed out that excellent Digital Experience is the ultimate objective for enterprises both large
and small. But misuse of the network with bandwidth hungry applications or recreational ones (E.G: YouTube,
Netflix) or even by IT regular tasks (E.G: scheduled applications update during peak business hours) can
result in a poor Digital Experience for either enterprise customers or employees and damage the enterprise’s
reputation and benefit the competition.
Granular visibility into the enterprise network can paint a real-time picture of network activity every few
seconds. This allows you to classify and quantify all the activity on your network so you can take the right
steps to ensure consistent Digital Experience and reliable performance of your most important applications.

Guarantee optimal Digital Experience for remote users

Visibility allows you to monitor the Digital Experience quality of remote users. Quantifying Digital
Experience quality is difficult because it is a function of a lot of different parameters. It is a function of
the device being used, location, environmental conditions, network utilization, or that of another entity.
Any visibility solution must analyze in real-time and dynamically understand all these parameters and
automatically implement all the required changes in the network.
Furthermore, TCP optimization can help accelerate TCP traffic, so that remote users enjoy better
response times from locations that may suffer from higher latency. It is important to understand that
the main issue with remote users Digital Experience is latency and not bandwidth. There is an Internet
formula where you can see the impact of the latency in the WAN network. It really does not matter if you
double your WAN link, if there is latency the bandwidth will be reduced due to the TCP protocol itself.

Once a degradation of Digital Experience quality is discovered, there are different techniques that can
be used to fix the issue and improve the quality or restore the Digital Experience to the required level.
These techniques include prioritization of business-critical applications and delaying the traffic of less
essential background services. These techniques can be deployed through automation into the network
to resolve issues for remote users and improve Digital Experience quality end-to-end, both from the
detection up to actual mitigation of threats in the network.

Enterprise Network Challenges 8

Protect business continuity through constant monitoring of the
network for unusual events or trends - DDoS protection and
mitigation
Enterprise networks are frequently targeted with some of the largest and most disruptive Distributed Denial
of Service (DDoS) attacks. They seriously threaten network performance, availability, integrity, and end user
quality of experience, disabling the networks of numerous multinational organizations. With the onset of
an attack, every second counts. The time to mitigation should be less than 20 seconds. The key lies in the
idea of being able to detect not just the attack but being able to distinguish exactly what is legitimate traffic.
The important concept is that the legitimate traffic will have its own resources, its own ability to be able
to deliver the quality that is expected from the customer’s website/business critical apps: essentially their
business.

When talking about enterprise DDoS protection we should give special attention to the internal protection:
meaning the attacks that are coming from inside the company network (WAN/LAN) with DoS/botnets
against internal resources like Datacenter Firmware and Datacenter servers. DDoS technology also detects
anomalies on the network. It is not only a security solution but also a systems and networking solution.
For example, it can detect if a server has problems or just went down. It can also be a useful network
behavioral anomaly detection tool for the enterprise - Network and Hosts Behavior Anomaly Detection
(xBAD). With the amount of information provided by DDoS solutions, it is also helpful for forensics.
In recent years, DDoS attacks have escalated in size and frequency, in some cases involving hundreds of
thousands of infected devices that combine to create high volumetric attacks. These attacks have proven
themselves to be destructive, having disabled the networks of numerous multinational organizations. xBAD
based systems sound an alarm when a strange event or trend is detected and have proven themselves to
be effective against potential attacks.

Which organizations benefit substantially from high quality

of Digital Experience?
Just about every industry would realize benefits from granular network visibility and better Digital
Experience quality. Banks that have internal business to take care of but also need to ensure excellent
online access to their customers. Businesses like cafes and hotels that provide Wi-Fi services to patrons
yet cannot allow one person to stretch network resources or introduce harmful files. Enterprises that allow
the use of WhatsApp for employees for simple messaging but want to prevent against large file-sharing
through the same application that would slow down the network. Numerous other examples can be listed,
especially with the challenges of excellent Digital Experience and maintaining network uptime.

Enterprise Network Challenges 9

VISIBILITY, CONTROL, SECURITY
The first step toward guaranteeing enterprise network Digital Experience quality for employees and
customers is being able to see what is going on in the network. This visualization enables you to
classify traffic, identify threats, and control what should be permitted or blocked. Network intelligence
allows implementation of policy controls specific to your organization that can both secure and
optimize your network.
With granular visibility, you have more options for applying controls at multiple levels to optimize
network performance. You will be able to deliver critical business application availability in real time.
And if the entire structure of the office changes because people need to work from home as we have
seen lately, bandwidth priorities can be shifted to benefit business applications such as Zoom and
Office 365.
Getting a clear look at the enterprise network also provides security through real-time views on
attackers and their targets. The activation of dynamic capabilities such as Behavior Anomaly Detection
enables the recognition of unusual hosts and network behavior, protecting internal sources from
infection as well as inside infrastructure attacks and allows for the containment and removal of threats.
Working with a proven solution that tightly joins visibility, control and security, you quickly move from
Nov 2020

seeing issues and opportunities to taking actions that improve your network’s ability to fulfill its original
purpose: supporting your business.

Visit Allot.com to learn how you can ensure Excellent Digital Experience delivery.

© 2020 Allot Ltd. All rights reserved. Specifications subject to change without notice. Allot and the Allot logo are registered trademarks of Allot. All other brand or product names are trademarks of their
respective holders. www.allot.com