Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

What's New in JSA Network Insights 7.5.0

JSA Network Insights 7.5.0 includes more integration with IBM X-Force Exchange, and improvements to application detection, network inspection performance, and data segmentation and aggregation.

Performance improvements for the Network Insights 6500 appliance

New in 7.5.0 Update Pack 1

JSA Network Insights 7.5.0 Update Pack 1 software and virtual appliance installations (appliance type 6500) now use the DPDK library to capture network traffic on appliances that use one of the following network interfaces:

  • Intel x520
  • Intel x710
  • VMware vmxnet3

The DPDK library provides better performance than the PF_RING library that is used in earlier releases of Network Insights. Network interface cards that DPDK uses are not visible to the operating system. You must use DPDK utilities to work with these interfaces.

Napatech-based appliances use a different library to process network data, so they are not affected by this change.

Modified process for identifying file types

New in 7.5.0 Update Pack 1

Earlier releases of Network Insights used the Apache Tiki library to identify the file type, but only at the advanced inspection level.

JSA Network Insights 7.5.0 Update Pack 1 uses a different library to identify file types, and does the identification at all inspection levels as part of the main traffic inspection process.

With this change, fewer files are sent to the Apache Tika library for analysis, which might result in improved performance at the advanced inspection level. Individual performance improvements depend on the volume and type of files that are sent for analysis.

More integration with IBM X-Force

JSA Network Insights 7.5.0 introduces a new series of suspect content descriptions that are derived from IBM X-Force signatures. When a flow matches one or more of the X-Force signatures, the suspect content description is shown on the Network Activity tab.

Also introduced in this release, some properties on the Flow information window are directly integrated with IBM X-Force Exchange. With a single click, you can quickly determine whether the property value requires further investigation.

Improved application detection

JSA Network Insights 7.5.0 includes protocol parsing improvements and can now analyze the payload to identify 300 more applications. By comparison, protocol inspectors in Network Insights 7.4.3 can identify 32 applications.

After the upgrade is complete, view these files to see the complete list of applications that can be identified:

  • /opt/ibm/xforce/metadata/protocols.hdr (column headers)

  • /opt/ibm/xforce/metadata/protocols.csv (values)

Data aggregation and segmentation

JSA Network Insights 7.5.0 includes improvements to the way that data is segmented and aggregated.

Flows that are received through any supported network interface on the same Non-Uniform Memory Architecture (NUMA) node are now aggregated together when the following properties match:

  • IP address
  • Ports (TCP/UDP)
  • Protocol
  • VLAN IDs
  • VXLAN Identifier

Network inspection performance

The network inspection performance at the basic and enriched inspection levels is increased in JSA Network Insights 7.5.0.

Note:

System performance and data throughput depend on many factors, including the amount of multiprogramming in the job stream, I/O configuration, storage configuration, and the workload volume that is processed. Individual performance improvements are not guaranteed.

Some inspectors are no longer supported

Network Insights 7.4.3 announced deprecation for the following inspectors:

  • All web domain inspectors
  • Myspace protocol inspector
  • SPDY protocol inspector

These inspectors were removed in JSA Network Insights 7.5.0.