Learn the 3 Biggest Challenges of Big Data Analytics Now

Big Data Analytics

Big data security analytics utilizes advanced strategies to analyze and manage large sets of data. This may include structured or unstructured data, data from various sources, and different sizes of data, from terabytes and petabytes to exabytes and zettabytes.

The amount of data generated by just one business is staggering. For example, data is created each time a customer:

  • visits your website
  • makes a purchase
  • opens an email
  • calls your customer service department, or
  • interacts with your company in any way.

Data is also constantly created internally within your supply chain, human resources, marketing and R&D. Analyzing this data is critical to securing your business operations, however, this can sometimes be challenging. Here’s how.

1. A Shortage of Capable Data Scientists

The exponential growth of data volume over the last several years has created a significant demand for professionals who can manage and make use of such a large amount of valuable data.

Unfortunately, few data professionals today understand the importance of big data analytics and how to effectively analyze big data and mobilize the results for actionable intelligence.

A marked lack of capable big data scientists plagues the network security industry and is a challenge for companies who need in-house data management. Currently, there is simply a larger demand for big data security analytics than there are knowledgeable professionals who can effectively work with it.

2. Extrapolating Actionable Intelligence From Security Analytics Reports

Handling big data doesn’t stop at categorizing and storing it. The most important part of big data security analytics is being able to extrapolate meaningful insights that allow your business to protect its intellectual property and pursue growth opportunities.

Many businesses are overwhelmed by the sheer volume of data to be analyzed, along with the inability to manipulate it in ways that indicate trends and network anomalies. Without proper data analytics, your business may continue to invest in ineffective network security tactics leaving you open to attacks or data theft. This, in turn, could cause your bottom line to take a hard hit.

When managed properly, analytics reports can tell you which network security efforts to terminate and where to invest additional money. Companies may find these challenges difficult to overcome, especially without an experienced data scientist at the helm.

3. Large Volume Data Security

Keeping big data safe in today’s technological climate is difficult as hackers grow more sophisticated. This challenge increases significantly the more data there is, meaning that big data sets are at a high risk of being hacked.

This is particularly true for companies in industries like healthcare and finance since the data can be used to commit various types of fraud, such as:

  • identity theft
  • credit card theft
  • check fraud
  • healthcare fraud

Companies with big data sets have greater cybersecurity needs than companies that don’t have large volumes of data. That’s why it’s important to ensure only authorized parties are allowed onto your business network. Because big data is often stored together, once a hacker gets in, they quickly gain access to all the data.

This can be detrimental to your bottom line and your company’s reputation. In many cases, big data thieves have done so much damage that it has led to the closure of businesses across most industry sectors.

How NetQuest Can Help Your Business Manage and Benefit From Big Data Security Analytics

NetQuest can help your business find effective security solutions to manage and analyze big data in ways that provide your company with valuable insights and actionable information. Contact us today to learn more about how we can help you manage, analyze, and keep your big data safe.

The Future of 5G: Is The Cybersecurity Community Ready?

The Future of 5G: Is The Cybersecurity Community Ready?

As the fifth generation of broadband cellular technology — or 5G — becomes more widespread, cybersecurity threats will continue to grow in number and sophistication as new methods of attacking the network become available. Network infrastructure providers, virtual mobile network operators (VMNOs), and communication service providers (CSPs) play a critical role in the design and rollout of 5G networks.

With 5G technology, keeping everyone involved on the same page and acting synchronously will be more difficult than ever before. Here are some privacy and security improvements and challenges the cybersecurity community needs to be ready for and how to get the support you need as you scale your business and protect your investments in a fifth-generation world.

5G Networks Use Digital Routing Instead of Hardware-Based Switching

Fifth-generation cellular broadband networks have migrated away from hardware-based switching in a centralized location to digital routing defined by various software applications. Centralized hardware hubs allowed for checkpoints where traffic coming in and out of the network can be inspected and monitored. Virtualizing the routing process makes it more difficult to create a single checkpoint for security control. This means that organizations will have to coordinate with operators in order to implement visibility devices.

Virtualizing High-Level Network Functions Increases Security Risks

5G networks allow for high-level functions to be performed digitally instead of by physical computer hardware. While this does increase the speed and accessibility of higher-level functionality, it also creates unique vulnerabilities. The standardized protocols that serve as building blocks for the execution of digital functions are well-known to hackers, making the infiltration of 5G networks faster and easier.

Additionally, the short-range, low-cost antennas needed for 5G networking also become targets, and since they have a much shorter range than 4G antennas, there are many more of them in urban areas. Each of these sites is a hub for a number of data streams that also carry their own cybersecurity risks.

Organizations will have to know how their connectivity footprints are deployed as more applications and business services will be utilizing the capability 5G affords running on top of mobile networks, rather than traditional wired infrastructure.

5G Impacts Home Workforce Security

As a large portion of today’s workforce began operating from home, the technology industry realized there was a limit to cloud availability and connectivity across the globe. Increasing the number of remote devices connected to a network and spreading out their location not only makes networks more vulnerable but also creates a greater need for infrastructure support. Businesses need enterprise solutions for intelligent, responsive networks that can withstand congestion and ensure the security and integrity of critical data.  

5G Networks Connect Billions of Small, Hackable Smart Devices

There are currently billions of internet-connected devices in the world, most of them small and portable. These devices are often easy to hack, and when connected to a 5G network, can easily allow a malicious user to access a plethora of data contained within the network.

Identity security is also an issue as International Mobile Subscriber Identity (IMSI) catching attacks uncover the identifying information of mobile device users. In some cases, bad actors are even able to download exploitation software on 5G-connected devices. NetQuest can help telecom providers discover monitoring solutions for more secure portable device management.

How NetQuest Can Help Your Business Increase Privacy and Security in a 5G Climate

Despite security concerns, upgrading to 5G networking is necessary for companies to continue doing business successfully in today’s climate. It’s an essential growth factor for securing the sustainability, scalability, and profitability of your company now and in the future.

By weaving security, monitoring, and privacy protocols into the very architecture of 5G networks, the entities who deploy them can be proactive in protecting the privacy of their networks’ users.

NetQuest can help your company ensure that important information about the location, identity, and behavior of your users is kept safe. Contact us today to learn more about privacy and security for 5G networks or to schedule an appointment to discuss your digital security needs with one of our experienced professionals.

Does your organization view SecOps as a profit center? It should.

OMX3200 - Scalable Network Visibility and Cyber Security Solutions for 100G and 10G networks

Does your organization view SecOps as a profit center? It should.

By Mike Seidler, Director of Product Management, NetQuest Corporation

SecOps, or Security Operations teams, have the ability to provide tremendous value to the organizations they work with. As technology continues to grow at breakneck speed, reliable SecOps will become absolutely critical to enterprise profitability. Don’t underestimate the merit a good SecOps team has on your organization’s ability to generate revenue — here’s how they’ve transformed the landscape of security operations for businesses worldwide.

Shifting the Perception of Cyber Security Value

The relevancy of good cybersecurity isn’t focused solely on regulatory compliance, loss prevention, and risk reduction; in fact, this fails to incorporate the primary goals of nearly every business, which is revenue generation and the overall growth of the organization. SecOps teams are shifting the perception of the value of data security by discovering new ways to use technology to solve customer problems and create value.

Helping Cyber Security Teams Drive Revenue

Many organizations see cyber security as a necessary drain on resources, not the potential for client opportunity and revenue that it can be. SecOps can help companies increase their bottom line, much more so than they invest in cyber security strategy.

How?

They build relationships with customers who become loyal to your organization’s brand. SecOps teams that work directly with your customers to provide them with data security services tend to develop long-lasting business relationships with them that in turn create clients that are loyal to your brand. An established track record of keeping your own company data secure can also play a helpful role.

Strong network security principles appeal to customers by framing cyber security efforts as a social responsibility. SecOps can assist organizations with the reframing of their cyber security efforts in a way that demonstrates industry leadership and customer commitment. By helping your company develop an approach that positions data security as a moral and ethical social responsibility, SecOps teams can create messaging that better resonates with your customer base.

SecOps teams allow your organization to offer premier data security products and services at a higher price. The market for simple security solutions that customers can use to protect their data and privacy online is growing, and companies can offer these services as upgrades or add-ons to basic cyber security bundles for an additional charge. This enables SecOps teams to drive engagement with premium security solutions your organization provides.

SecOps teams can help you create a better customer experience. Today’s customers not only desire a strong sense of security when they’re making a financial transaction online, they absolutely demand it. Your organization can only create a rich, engaging experience for customers once your SecOps team has taken the necessary steps to ensure that your network’s security is top-tier and no area of your network is unprotected.

They establish and protect current and future revenue generation. Every organization has proprietary data and intellectual property that hold the answer to future growth and revenue generation. Your SecOps team can help your company ensure that your trade secrets, personal identification (PI) data, and business critical processes and data are protected. A close working partnership with your customers and your SecOps team shows that their PI, data, and business processes are under a watchful eye from malicious hackers and cyber attacks. This creates a meaningful perception and value that both companies’ successes are tied together.

Is Your SecOps Team Doing Enough For Your Business?

If your organization doesn’t have a dedicated SecOps team or your team isn’t doing enough for your company, NetQuest can help. We’ve been helping SecOps teams by providing comprehensive network visibility solutions solutions to organizations since 1987 and are committed to offering our clients unparalleled value for their investment. Contact us today to learn more about how we can help your company drive revenue through smart cyber security efforts.

IPFIX 101: The Lowdown On The NetFlow Upgrade

Scalable Network Visibility and Cyber Security Solutions for 100G and 10G networks

IPFIX 101: The Lowdown on the NetFlow Upgrade  

By Mike Seidler, Director of Product Management, NetQuest Corporation

IPFIX, or IP Flow Information Export, is the technical term used by network engineers and cybersecurity specialists to describe the process of analyzing network data by using a standard method for generating metadata to summarize network flows. IPFIX can be used to establish typical network behavioral patterns so that anomalous activity can be detected. The majority of the industry refers to IPFIX as NetFlow since the two technologies are very similar, however, there are some key differences that we believe highlight why IPFIX is a NetFlow upgrade.

Need high-level visibility into your company’s network? Welcome to IPFIX 101.

What Is IPFIX?

IPFIX is a standard developed by the Internet Engineering Task Force (IETF) to expand upon NetFlow v9 to create a more flexible solution for collecting and analyzing critical network data. The IPFIX protocol uses very similar procedures as NetFlow for exporting network traffic data, however, IPFIX was designed with additional extensibility and is considered the “upgraded” version of the protocol.

IPFIX Lingo

IPFIX uses a unique set of terms that may be familiar to most networking specialists, but we wanted to include them for engineers. 

  • Metadata refers to a subset of information that can easily be used by databases, e.g. Source IPv4 address, rather than reading and describing an entire packet record. 
  • Flow Record (or Flow) refers to a complete network conversation between endpoints, usually represented in metadata format. Flows can be bidirectional (both sides of the conversation – talking and listening), or unidirectional (from the perspective of one endpoint talking to another – talking but not listening).
  • Template is a numbered dataset which is encoded with IPFIX data records. Each template is numbered to indicate what unique data records are present.
  • Exporter is a device that can create IPFIX flows (see Metering) from packet streams.
  • Metering is a process that creates IPFIX flow records from a packet stream. Usually IPFIX Exporters are performing flow metering. 
  • Collector is a system or device which receives flow records for analysis. 

How Does IPFIX Work?

IPFIX uses a predetermined set of protocols to export a network flow record to a “collector,” who then further segments and analyzes the data to produce accurate and real-time insights into a network’s behavior. These protocols are flexible and customized to capture user-defined data, so you’re always reviewing the most critical data sets. With this technology, a single IPFIX “exporter” can send information to more than one collector and there’s no limit to the number of exporters from which a collector can obtain information.

Why Use IPFIX?

In most cases, IPFIX serves as a NetFlow upgrade providing increased flexibility and many more customization options than NetFlow v9. This can greatly increase visibility into critical network traffic parameters for increased threat identification and a more robust security solution. Driven by the desire of vendors to break from the litany of differing vendor-specific flow standards and leveraging the popularity of NetFlow v9, IPFIX was designed to offer open standards freedom to tailor your flow gathering data for maximum network visibility.

Comparing IPFIX to NetFlow v9

Why is IPFIX an upgrade over NetFlow? Here’s how IPFIX and NetFlow v9, its predecessor, stack up against each other:

  • NetFlow v9 supports about 100 standard elements, while IPFIX offers almost 500, including all of the NetFlow elements.
  • IPFIX supports the flexibility to add vendor-specific data extensions.
  • IPFIX supports customizable data templates allowing users to choose which of the close to 500 elements to include in the transmitted data set. NetFlow’s support for customization is much more limited.
  • IPFIX offers variable length fields, which is quite useful when exporting raw data like URLs, DNS or HTTP host names.
  • Custom input of vendor IDs to allow proprietary information to be placed in a flow record.
  • Increased fidelity of IPFIX is essential for using flow data in security monitoring applications.
  • Did we mention IPFIX offers increased flexibility versus NetFlow v9? This cannot be overstated.

To be fair, with added flexibility, IPFIX can sometimes create compatibility challenges. NetFlow’s narrow focus is typically supported in almost all standard collectors and analysis tools, making tool integration a foregone conclusion.

Improve Your Network Security With IPFIX Today

Comprehensive network monitoring and security solutions are critical for your organization to reduce risk and streamline workflows. NetQuest can help. IPFIX is a key feature for us and we provide high-performance solutions that create IPFIX records and export them to other tools for detailed analysis. Check out our OMX3200 high-bandwidth sensor and how it can used to scale network flow analysis for security solutions.

We’ve been providing full-scope cyber security and network administration tools to organizations both large and small since 1987 and can assist you in developing security protocols that fit the unique needs of your company. Contact us today for more information.

Your Company Has Been Hacked. Will You Respond or React?

Scalable Network Visibility and Cyber Security Solutions for 100G and 10G networks

Your Company Has Been Hacked. Will You Respond or React?

by Chip Mesec, Senior Product Manager, NetQuest Corporation

Breathe and Think

While reading about the U.S. Treasury and Commerce Department hacks on Krebs on Security, it got me thinking about the panic going through the minds of the SIOs across the world. In fact, it made me sad to think of what their holiday season will be like having to deal with a hack of this magnitude in addition to COVID-19, year end pressures, the economy, and other demands on their time. Companies in the business of securing IT systems, as we are, share customers. There is a mindset in all of us:

We’re the good, fighting against the evil underground hoards!

This hack is so sophisticated that the SolarWinds Orion software to manage IT systems did not have a vulnerability.  It appears that the hack was built-in as a trojan by the Russians – which changes the game entirely. It is always easy to blame a single company, but SolarWinds is a wonderful company and creates a great set of products that are respected in the industry. When you are dealing with hacks of this level of ingenuity, you go through your mental list of what could have been done to prevent the intrusion in my company, my code, my systems – have we done enough?

Watch Dogs for Watch Dogs

All of this gets me thinking about how intelligence groups have operated throughout history: the group that watches the enemy, the groups that watch the groups that watch the enemy, and so on. My first inclination is to create a group to watch IT, and a group to watch them. It all fizzles and begins to look like the script for a Mel Brooks movie about a government coup in a small Eastern European country.

Analysis or Rabbit Hole?

When you do the analysis, it’s not long before fear creeps in. If you can choke that down there are some positive learnings that we can gain from this exercise.

  • We as human beings have become very good at-risk reduction and mitigation – it is built into our DNA – flight or fight, go around the long way, wear your seatbelts.
  • We perform risk vs. reward analysis very quickly – What is vulnerable? Who had access? How far do I go back to get a clean system? What was taken and how do I get it back? What is the number of my lawyer?

What Ifs and Worst Case

Here are some things to think about that may open your mind to think outside the box with respect to security and worst-case scenarios.

  • How would you operate your business if every piece of software you used was vulnerable or being manipulated – how would you survive?
  • Is there a zero-trust model that you could put in place so that every action within your IT framework provides a high-degree of confidence?
  • How do you create a test to validate or invalidate your assumptions?

Another way of looking at it…

  • What if I ran a bank and all the tellers were thieves?
  • How could I get to work if my tire gets flat every 5 miles?

I do not have a magic potion or a product which will drop in and cure your ills – there is no company that can offer that. But when dealing with the “first of its kind” type of seminal hacks, it opens your mind to solving difficult problems and that is why most of us got in the business.

Consider it on the job training.

Cyber Security Threat Identification At Scale

Scalable Network Visibility and Cyber Security Solutions for 100G and 10G networks

As Internet usage continues to expand exponentially at breakneck speed — particularly in the business sector — companies should be prepared not only for new revenue generation and growth opportunities, but also for facing challenges with network security and reliability. Just as applications, compute infrastructure, and the number of connected devices increase, the network scales as well, typically exponentially. Maintaining cyber security threat identification at scale is important to track as your network infrastructure evolves via on-premises expansion or cloud migration. It is imperative to ensure the protection of critical data and to minimize the risk of a security breach as your network complexity increases.

Here is what you need to know about network monitoring and cybersecurity threat identification as your network evolves.

Using Flow-Based Analysis vs. Packet-Based Analysis to Detect Cyber Security Threats

Monitoring your network for potential threats is critical to your corporate health as the network is literally the corporation’s lifeblood. Older security guidance recommended viewing every packet to detect all network anomalies and expose potential security threats. Newer methodologies have emerged favoring inspection of flow-based data (information summarizing each network conversation) over packet-based data. Monitoring network flows can be equated to measuring your temperature and blood pressure to quickly detect health, rather than using detailed lab tests and x-rays for every doctor visit.  Both packet-based and flow-based tactics have advantages and drawbacks for network security analytics; here is a quick look at each and how to combine them for maximum efficacy and scalability.

Packet-Based Analysis

Pros

  • Packet-based analysis has been preferred by many IT professionals for years simply because it is so thorough; this type of analysis does not miss any important details.
  • Firewalls and Intrusion Detection systems are at their core – packet analyzers.
  • The packets contain all the information for every transaction in your business.

Cons

  • Processing packets for securing high-speed networks or carrier backbones requires stacks of costly servers for storage and analysis.
  • Processing packets within standard cloud infrastructure is expensive due to the cost of bandwidth – you are paying for traffic twice.
  • Packet-based visibility systems cannot view encrypted traffic which can consist of over 50% of all traffic on typical network links.

Flow-Based Analysis

Pros

  • Flow-based analysis provides a summary of packets within a flow and can reduce network traffic to your security tools by nearly 98% while still providing 100% visibility to subtle threats.
  • Modern flow-based analysis can identify applications and other useful application-layer information even if the traffic is encrypted.
  • Flow-based data can be created, collected, stored, and analyzed at a significantly lower cost than packets.

Cons

  • For fine-grain detail that is required to detect a particular malware variant or other data located deep within a packet, a packet-based system is required.
  • Some network flow deployments rely on sampled collection, only viewing 1 out of every 1k or 1 out of every 10k packets. Unfortunately, this is not useful in standard security applications.

Using Flow-Based Analysis to Complement Packet-Based Analysis: The Best of Both Worlds

Fortunately, your organization does not have to choose between flow-based or packet-based analysis. You can have the best of both worlds by using a network service node (a probe with more capability) — a network device that reconfigures raw packets into unsampled flow data, while at the same time steering targeted packets for deeper level forensics. A network service node can also “clean” packet data by stripping headers and tunnels to access innermost IP packets for delivery to downstream analytics tools. Complementing packet-based analysis with flow metadata is an excellent strategy for comprehensive network monitoring that can be scaled as needed.

What Is IPFIX?

Internet Protocol Flow Information Export (IPFIX) is an IETF standard defining a mechanism for extracting detailed flow information from network routers, switches, and probes. IPFIX is based on NetFlow, a Cisco-created network protocol designed to network performance by monitor incoming and outgoing IP network traffic.

Understand the difference between NetFlow and IPFIX

How IPFIX Is Used

Managed IT security providers and other IT professionals use unsampled IPFIX flow data to:

  • Observe network traffic 24/7/365 in real-time
  • Preserve a picture of the network at any given time
  • Detect low-and-slow security attacks against the network, web servers, or Enterprise IT system.
  • Provide multiple layers of defense against internal and external cyber security threats
  • Collect data about network flows to allow for adequate traffic engineering and capacity planning

Sampled or Unsampled Flows?

Sampled flow data is a technique used by switches and routers to provide general information about a network’s behavior by inspecting a small representative percentage of the traffic – usually 1 of every 1k or 1 out of 10k packets. This enables traffic engineers to gain visibility into how the network is being used. The drawback in using sampled flow data is that this technique is not useful for fine-grain security threat analysis.

Unsampled flow data is a technique typically supported by more advanced network probes, sensors or service nodes. These appliances provide information detailing every flow traversing the network link. SecOps teams are increasingly using unsampled flow data to maintain cyber security threat identification at scale.

Get Help with Your Network Monitoring Today

NetQuest has over 30 years of providing high-speed WAN monitoring and service provider backbone packet processing for scalable network visibility. NetQuest’s OMX3200 IPFIX sensor generates unsampled flow data to security analytics tools helping SecOps teams avoid network blind spots. Learn more about intelligently scaling your network visibility fabric and safeguarding your company from malicious cyber threats by contacting NetQuest today.

Chip Mesec, Senior Product Manager, NetQuest Corporation

Are You Scaling Your Network Security Intelligently?

Scalable Network Visibility and Cyber Security Solutions for 100G and 10G networks

Scaling network security can prove to be difficult for organizations that aren’t prepared. Scaling your network security intelligently means being aware of ineffective tactics, understanding ahead of time what you need to scale up or down, and getting professional support when needed. Here’s what you should know.

3 Network Security Scaling Strategies That Don’t Work

Not all network security scaling strategies are effective or successful. Here are three inefficient scaling tactics your organization should avoid:

1. Investing In More Boxes

Many organizations make the mistake of simply adding more of the same physical boxes they are currently using when they need to scale their network monitoring infrastructure. If not done intelligently, this can be costly and inefficient. It is important to properly evaluate the available technology to ensure optimal visibility.

  1. Inspecting Less Traffic and Hoping It’s the Right Strategy

The other option is to select a section of traffic that is the lowest risk and allow it to pass through uninspected. This can lower the cost required to scale your network security solution but this strategy relies on a certain level of trust that you’ve selected the right type of traffic to be inspected and leaves your network vulnerable to specific low and slow types of cyber attacks.

  1. Scaling Without Paying Attention to Cost

Another problem organizations often encounter when scaling is doing so without keeping an eye on cost. It’s easy to scale up and realize later that your organization is unable to sustain the cost to manage and maintain the upgraded monitoring infrastructure.

What Your Organization Needs to Scale Network Security

Beyond examining unsuccessful strategies for scaling network security, it’s also critical to understand what you do need to scale appropriately. This includes but isn’t limited to:

A Scalable Mentality

While scaling can be hard on your existing network visibility infrastructure, it’s crucial that your organization have a scalable mentality. This means investing in continuous evaluation of existing tools and emerging technologies so that you are ready to scale your current network security solution up or down when the need arises.

Proactive Defenses Against Cyber Threats

Responding to cyber threats after your network has been hit typically results in the inefficient use of a security team’s resources. The cost of a reactive approach to mitigating cyber threats can be difficult to even calculate. For cost-effective scaling of any threat identification scheme, organizations should employ proactive defenses against cyber threats to minimize the impact of attacks.

What to Keep In Mind When Upgrading Your Security Controls

Once you’ve scaled your network monitoring infrastructure, you’ll need to adjust or upgrade the security controls you employ to take advantage of those changes. Here are some things to keep in mind:

Security On-Premise and in the Cloud

It’s not uncommon for organizations to address on-premise security while neglecting data they’ve stored on the cloud. When adjusting your security controls, be sure to include both on-site and cloud network tools.

Controls Classified by Session

Where security controls are applied should be done so intelligently. Not all traffic requires the same level of security, in fact, running all security controls for every session can be costly and time consuming to manage.

Consistent Security Controls

After determining the nature of the session, your organization should have the ability to apply consistent security controls to all sessions of that same type. For example, if you’re receiving traffic from an encrypted stream, TLS/SSL decryption software will be your first step. However, you are likely able to avoid more advanced security controls on sessions running between two trusted and secure network segments.

Get Help Scaling Your Network Security Intelligently with NetQuest

Identifying cyber security threats in today’s complex networks is essentially the same as looking for a needle in a haystack. Security operations teams are constantly on the lookout for new ways to protect their networks from malicious attacks as they scale because monitoring full packets at max capacity is expensive and uses too much valuable space in your network infrastructure.

NetQuest is proud to offer a completely scalable, enriched metadata solution that can reduce network traffic to your security tools by nearly 98% while still providing 100% visibility to harmful attacks. Learn more about scaling your network intelligently and protecting your organization from bad actors by contacting NetQuest today.

By Jesse Price, CEO, NetQuest Corporation

Will The Coronavirus Break the Internet?

Scalable Network Visibility and Cyber Security Solutions for 100G and 10G networks

By Jesse Price, CEO, NetQuest Corporation

As the novel Coronavirus has been dominating the news and conversations on a global basis, it also is likely to create some novel issues for the internet as well.   If we consider the scale of what is unfolding, the networks and systems that comprise the internet are likely to exhibit symptoms that are directly related to the virus and some may be acute.  Consider the following:

  • Telecommuting (working from home) is not something new, in fact we have been talking about and doing it for decades. Yet, we are about to scale the use to levels never seen before.
  • Expect increases in business videoconferencing and web conferencing as business travel is dramatically curtailed for sales calls, team collaboration and even industry events.
  • Online Learning is not something that is entirely new although it is constantly evolving to provide a more collaborative learning environment using more bandwidth intensive applications. As expected, the academic community at all levels is rapidly transitioning lesson plans to the use of this technology. The scale in the use of online learning tactics that are about to unfold is unprecedented.
  • Mass reductions of public gatherings, entertainment events and increasing quarantines are causing the entire population to spend more time at home. Expect peaks in streaming video content, online gaming and generic web surfing as people’s desire for both information and diversions escalate.
  • Global stock market volatility is upon us as breaking news is creating wild swings that haven’t been seen in over a decade causing automated trading circuit breakers to trip and halt trading.
  • Social media should expect to see large increases in usage as people replace human to human interactions with online communications services.

All of these factors correlate directly to the amount of bandwidth the network must carry and while users often measure network performance at our own personal point of access (i.e. our phone or wifi connection), it is the core of the network that will be tested as the situation escalates.  But beyond bandwidth, the anatomy of a single modern-day internet session is a complex array of systems and network services all working together in harmony.  A breakdown anywhere in the network has the potential to interrupt or block a critical application or service.

We are entering a bold new period in our ever-evolving world, no one can be certain how systems will behave since this type of situation is impossible to simulate or model.   What we do know is that we are all in this together, large and small countries, rich and poor individuals, those with and without healthcare, the virus is indiscriminate, and it isn’t going away anytime soon.  Here at NetQuest Corporation, we are focusing R&D efforts on securing the highest capacity Internet links on which we’re all becoming more dependent upon.  Rest assured that those responsible for keeping our world connected will be proactive and prepared to respond.

2019 Networking Trends to Affect Cyber Security Tools

Scalable Network Visibility and Cyber Security Solutions for 100G and 10G networks

5 Trends That Will Challenge Existing Network Monitoring Tools

Gene Litt, NetQuest Corporation CTO

The need to protect critical network infrastructure is one of the hottest discussion topics for corporate executives and government leaders. Network monitoring tools face constant challenges as they fight to secure sensitive information and prevent damaging cyberattacks. Unfortunately, the network landscape is constantly changing, forcing industry and government cybersecurity teams to adjust their strategies for enhancing threat detection and other aspects of cyber security. Here are five trends that network monitoring solutions must address in order to ensure network security in 2019.

1. Network traffic will continue to grow dramatically

Anyone hoping for a reprieve from the exponential growth in network traffic will be sadly disappointed. The expansion of ubiquitous mobile access, the rise in network-delivered content, and the growing number of IoT deployments are just some of the applications that are driving traffic growth.

In fact, Cisco’s 2018 Visual Networking Index (VNI) predicts network traffic will continue to grow at 26% CAGR between 2017 and 2022. As a result, there is a critical need for a new wave of network monitoring tools that can process the ever-increasing volume of traffic and efficiently identify cyber threats.

2. Wide Area Network (WAN) technology will significantly increase available bandwidth and lower bit-hauling costs

Rapid advancements in WAN technology are accommodating higher volumes of network traffic growth. The use of coherent optical transport technology in the Optical Transport Network (OTN) has multiplied the amount of bandwidth delivered by a single optical wavelength. Coherent 100G technology deployments have already achieved critical mass in long-haul and metro networks.

In 2019, the cost of coherent 200G technology and the availability of pluggable optics will drive 200G deployments. Furthermore, the latest generation of coherent technology promises to deliver a standardized, pluggable 400G solution, which should begin to mature later in 2019 and significantly reduce the cost of hauling bits around cities and around the globe.

3. Advances in data center switching technology will accommodate traffic increases – inside and between data centers

Rapidly improving data center networking technology can address higher bandwidth demands. Lower-cost optics technology and higher-density merchant switch chips are now driving the migration of switch ports from 10G to 100G, with 200G/400G switching deployments forecasted to arrive in late 2019.

Network visibility applications designed for monitoring data center traffic flows must now support 100G interfaces and scale to meet near-term migration strategies to 200G/400G.

4. White box switches will experience significant growth in the monitoring switch segment

Low-cost white box switches have achieved only modest traction with enterprise customers and smaller cloud service providers (CSP), but they have been widely deployed by top CSPs and hyperscalers such as Microsoft and Facebook. These deployments are being driven by 100G migrations, which doubled in 2018 and could double again in 2019.

Branded vendors are hanging tough in the enterprise market for traditional 100G switching applications, but the need to migrate switches to 100G for monitoring applications will drive broad white box switch adoption in 2019 and disrupt the network packet broker market. While deploying these products in monitoring stacks will provide compelling cost benefits, it will create high-speed visibility challenges. That’s because these switches lack the advanced packet optimization features required by many security and network monitoring tools.

5. Security/Network monitoring solutions will be challenged to keep up with traffic growth causing continued increases in undetected security breaches and service issues

There will be no relief coming for security and network monitoring equipment that is already straining to keep up with growing traffic rates. In fact, monitoring challenges will get worse in 2019 and portions of the network will become “invisible”.

We’ve now entered a window in which networking technology advancements and traffic growth are exceeding the computing platform’s ability to monitor high-speed traffic and secure networks. As this problem takes hold throughout the year, expect new and innovative approaches capable of keeping up with N x 100G packet flows that can filter the “noise” from the “signal” in order to restore visibility, security and service reliability.

To Hunt Cyber Threats on Transport Networks, Intelligence Agencies Need Visibility into an Evolving Landscape

Scalable Network Visibility and Cyber Security Solutions for 100G and 10G networks

To Hunt Cyber Threats on Transport Networks, Intelligence Agencies Need Visibility into an Evolving Landscape

By Mike Seidler, Product Manager, NetQuest Corporation

Defense of cyber-attacks has become a vital piece of any national defense strategy. In order to combat network-based cyber threats, the agencies in charge of searching for them have to keep up with the rapidly-evolving optical transmission technology that now transports Internet traffic across every major continent, including all of the individual countries in Europe.

Changes on the network landscape that continue to unfold are making it exceedingly difficult to sort through rising traffic volume and elevated transmission speeds in order to pinpoint the exact network transaction that could hold critical intelligence about cyberattacks. The veil of complexity that next-generation transport network technologies present to traditional search methods is simply overwhelming. Mounting an effective signal intercept mission amidst this changing landscape takes best of breed approaches in hardware-software integration. Additionally, adaptability, virtualization, big data analytics, and all-optical switching play increasingly important roles.

Cyber intelligence agencies at ISS World Europe were on a mission to help cyber agents advance their approaches and adopt cutting edge-tools and technologies that will help them access and gain visibility into long-haul networks. That’s a tremendously important goal considering that many of these agencies have the legal obligation to conduct intelligence missions on these transport webs.

Network speeds have evolved from 10 Gigabits per second just 5 years ago to more than 100 Gbps, and 400 Gbps deployments are imminent. The 5G mobile evolution promises another layer of complexity. Carriers are aggressively upgrading their networks with new transport technology that allows them to keep pace with the expanding volume of traffic, which is growing at a CAGR of 35 percent per year.

These new technologies are also adding layers of complexity that often obscure the types of network traffic that cyber intelligence agencies are looking for. Next-generation signaling protocols and higher order modulation are being used to boost transmission speeds and improve network efficiency. Adding to this challenge, IP tunneling methods like GTP and GRE are making visibility even cloudier. Modern cyber tools must dig through the entire network protocol stack in order to conduct surveillance and signal intercept missions.

Advances in traffic visibility tools are taking advantage of these recent technology trends and finding ways to utilize insight gained by accessing the physical transport network. Ignored in traditional monitoring applications, there is value that can be gained by analyzing the optical signaling protocols including information identifying the carrier responsible for transport as well as detailed geographical information that could identify the physical source or destination of the monitored traffic flow. Cyber intelligence agents must use all of the information available to them to identify network trends and trigger action when anomalies are detected.

The best of breed technologies that are needed for monitoring today’s networks utilize big data and analytics and all fiber-optic switching, so that cyber intelligence officials can see through the proprietary network transmission protocols carrying terabits of traffic and filter down to the individual traffic flows in order to identify one conversation that can be targeted for further identification and analysis.

In short, the signal intelligence mission for each country’s effort to avert cyberattacks is becoming more difficult because of the increased level of complexity needed to transport higher volumes of traffic at higher speeds. These agencies need better tools to improve their visibility.

Attendees of ISS World Europe were focused on a few innovations in long-haul transport network access and monitoring that improve intelligence gathering in the effort to counter cyber threats.

NetQuest corporation is at the forefront of building best-in-bread solutions for transport optical network access and monitoring. These solutions incorporate mission–optimized access and monitoring hardware, adaptability, big data analytics, all-optical switching, automation, and orchestration.

To learn more, contact us at https://www.netquestcorp.com/about-us/contact-us/.

About the Author: Mike Seidler leads product management for NetQuest Corporation where he directs the development of the company’s automated intercept access and cyber intelligence solutions.