NQ Blog – July 2018

To Hunt Cyber Threats on Transport Networks, Intelligence Agencies Need Visibility into an Evolving Landscape

By Mike Seidler, Product Manager, NetQuest Corporation

Defense of cyber-attacks has become a vital piece of any national defense strategy. In order to combat network-based cyber threats, the agencies in charge of searching for them have to keep up with the rapidly-evolving optical transmission technology that now transports Internet traffic across every major continent, including all of the individual countries in Europe.

Changes on the network landscape that continue to unfold are making it exceedingly difficult to sort through rising traffic volume and elevated transmission speeds in order to pinpoint the exact network transaction that could hold critical intelligence about cyberattacks. The veil of complexity that next-generation transport network technologies present to traditional search methods is simply overwhelming. Mounting an effective signal intercept mission amidst this changing landscape takes best of breed approaches in hardware-software integration. Additionally, adaptability, virtualization, big data analytics, and all-optical switching play increasingly important roles.

Cyber intelligence agencies at ISS World Europe were on a mission to help cyber agents advance their approaches and adopt cutting edge-tools and technologies that will help them access and gain visibility into long-haul networks. That’s a tremendously important goal considering that many of these agencies have the legal obligation to conduct intelligence missions on these transport webs.

Network speeds have evolved from 10 Gigabits per second just 5 years ago to more than 100 Gbps, and 400 Gbps deployments are imminent. The 5G mobile evolution promises another layer of complexity. Carriers are aggressively upgrading their networks with new transport technology that allows them to keep pace with the expanding volume of traffic, which is growing at a CAGR of 35 percent per year.

These new technologies are also adding layers of complexity that often obscure the types of network traffic that cyber intelligence agencies are looking for. Next-generation signaling protocols and higher order modulation are being used to boost transmission speeds and improve network efficiency. Adding to this challenge, IP tunneling methods like GTP and GRE are making visibility even cloudier. Modern cyber tools must dig through the entire network protocol stack in order to conduct surveillance and signal intercept missions.

Advances in traffic visibility tools are taking advantage of these recent technology trends and finding ways to utilize insight gained by accessing the physical transport network. Ignored in traditional monitoring applications, there is value that can be gained by analyzing the optical signaling protocols including information identifying the carrier responsible for transport as well as detailed geographical information that could identify the physical source or destination of the monitored traffic flow. Cyber intelligence agents must use all of the information available to them to identify network trends and trigger action when anomalies are detected.

The best of breed technologies that are needed for monitoring today’s networks utilize big data and analytics and all fiber-optic switching, so that cyber intelligence officials can see through the proprietary network transmission protocols carrying terabits of traffic and filter down to the individual traffic flows in order to identify one conversation that can be targeted for further identification and analysis.

In short, the signal intelligence mission for each country’s effort to avert cyberattacks is becoming more difficult because of the increased level of complexity needed to transport higher volumes of traffic at higher speeds. These agencies need better tools to improve their visibility.

Attendees of ISS World Europe were focused on a few innovations in long-haul transport network access and monitoring that improve intelligence gathering in the effort to counter cyber threats.

NetQuest corporation is at the forefront of building best-in-bread solutions for transport optical network access and monitoring. These solutions incorporate mission–optimized access and monitoring hardware, adaptability, big data analytics, all-optical switching, automation, and orchestration.

To learn more, contact us at http://www.netquestcorp.com/about-us/contact-us/.

About the Author: Mike Seidler leads product management for NetQuest Corporation where he directs the development of the company’s automated intercept access and cyber intelligence solutions.