Performance Problems - Antivirus or Virus?

Performance issues: antivirus or virus?
Sometimes customers experience performance problems on the WAN lines and it is not clear who is causing the load.
Most monitoring systems provide a history of load control over transmission lines. At best, it provides a partial answer to whether there is a load on the communication line and when, but the problem is that these systems do not clearly show who is loading the line.
Sometimes the sample resolutions are too low, so that momentary loads disappear between readings and do not appear in daily and weekly graphs and statistics.
So how can we overcome the problem and find the source of the loads and allow treatment?
Here is an example of a real case that was discovered during the pilot's implementation of a client's operational network.

Step A: Identifiers of unusual load activity
After installing the system, we found that during the night (hours when there is no activity in the company) 70% of the bandwidth is viewed for a short period of time at a constant frequency of half an hour.

These loads were not clearly visible during the day, as they were swallowed up by the current workload of the company during the day. That is, they were negligible relative to the rest of the network during the day.

One of the methods used to identify irregularities and overloads in the communication lines is to compare the activity of the lines on the day to the activity of the lines at night when the company is not expected to operate. During this time you can see unusual activity different from the activity during the working day.

Step B: Identify the problematic cause

Now that we have found a load, the question arises: How can one identify who causes the load?

With the help of this system, it becomes very simple because the system provides a solution to the issue in a deep and extensive way.

1. The samples are executed and stored at high resolution (ie in very small increments) and can be displayed in daily, weekly and monthly view. This makes it easier to identify and locate the area to focus on.
2. In the system you can increase the threshold for example the threshold of traffic information as needed. In the case of traffic above the specified threshold, recordings are made & nbsp; Information & nbsp; (& Quot; Sniper & quot;) automatically, so that the load factor can be historically identified and seen. & nbsp; user, app, or certain type of information.
3. There is also a possibility of real-time viewing of the information flowing through the communication pipes, which makes it possible to perform an efficient and rapid analysis.

In the same case of a customer reporting the load, using automatic recordings made by a nighttime nighttime system, it was found that anti-virus updates were the cause of the load in the transmission lines.
As a result of the findings, changes were made to the settings and an update policy was set on the antivirus server, which solved the problem.