We read a lot about Big Data driving market analysis and purchasing decisions – but its impact on internal applications is going to be equally significant. Gartner estimates that this year, 25 per cent of large global companies will have adopted Big Data analytics for a security purpose. Here, Amit Bathla, Director and Head of Marketing, APAC, at ALE discusses how Big Data can be deployed to complement traditional security information and event management solutions (SIEM) and secure corporate networks.
Developments such as the Internet of Things (IoT) are generating greater levels of data on corporate networks than ever seen before. Much of this data such as activity logs and error reports can provide valuable insight into network operations if tapped into correctly. Businesses that have already put in place Big Data operations providing external market analytics, are perfectly placed to use this data to analyse their own internal network security. It is the granularity and contextuality of Big Data that allows us to manage our network security far more accurately than with previous methods.
This is becoming more important as attacks on corporate networks are becoming both elaborate and frequent. With much malware going undetected on corporate networks for weeks or even months, enhanced detection of abnormal network activity can reduce the length of this dangerous exposure significantly.
At first sight it might see that there are a number of obstacles to using this Big Data for network security – the sheer volume and velocity of application data, made worse by the diversity of data formats. But with a sensible introduction of tools designed specifically for handling and processing Big Data, such as the Hadoop software framework and MapReduce, businesses can look to use data gathered on the network to establish statistical norms and baselines for network operations.
Harnessing Big Data at the hardware level
Let's take a look at the network infrastructure required to support Big Data analytics, and the role that it actually plays in the process.
Switches are responsible for gathering traffic data, and act as probes on a subscription-based service for several thousand application signatures to identify the corresponding applications. This is done through Deep Packet Inspection on a co-processor. To avoid becoming the weakest link in the Big Data process, switches must be able to offer extremely low latency and features such as data center bridging to ensure data is continually transferred from devices and applications into storage. The new generation of switches make all this possible.
In order to support the Big Data analysis itself, switches can now offer high availability and resiliency, and should ideally be 10G-capable or greater. This will support scalability of operations for companies looking to start small and expand as more devices are introduced onto the network.
As we see more and more devices appearing on enterprise networks, encouraged by trends such as IoT, wearables and BYOD, the right switches positioned at the network edge will be invaluable in supporting increased demand for bandwidth and application visibility. A network strategy that focuses on managing the provisioning of edge switches and provides dynamic tuning of overall network performance is vital in ensuring the right data can be securely delivered to the right endpoint, with minimal packet loss.
Tying together data streams
Achieving complete network visibility has been a primary concern of CIOs in recent years – and now the arrival of tools to exploit network data to a far greater level provide security teams with the opportunity. Detailed Big Data analytics techniques enable a transition from an entirely reactive to a more proactive approach to network management. By allowing IT departments visibility of devices - and crucially applications - across the network, the rise of workplace trends such as BYOD can be safely controlled.
This increase in devices and applications of course results in more data on the enterprise network. Advanced analytics can provide actionable insight into the network by harnessing this data to record normal network and device operating conditions to act as acceptable parameters. These can then be used as an early warning to identify and isolate specific issues, such as data transfer bottlenecks or malicious device and application usage.
Big Data analysis can detect these anomalies far more accurately than traditional security systems and can then establish more accurate standard operating baselines and eliminate unhelpful false positives – a time-consuming issue that plagues many security teams.
Working with SIEM
The strength of Big Data lies in its ability to provide previously unavailable context to security threats and intrusions, whereas standard SIEM tools struggle with the large amounts of unstructured data required for this – something that is becoming an inevitability on corporate networks.
Data analysis, performed in near real-time, is collected and consolidated in a central network management system (NMS) on an hourly basis. Network administrators are able to view Big Data analysis in a 'single pane of glass' display available in the NMS for intuitive monitoring. Moving away from security, administrators can also use this analysis to configure user policies for specific applications limiting bandwidth or Quality of Service, such as bittorrent streaming applications.
Baby steps for Big Data security?
Will Big Data analytics replace traditional security methods such as firewalls? Probably not. Big Data is already being used for various external business purposes, but by turning it inward it can make a powerful security supplement.
I believe the granularity on offer with the new generation of switches and routers that can help detect abnormal network activity, is a particularly compelling reason for adoption. And as the cost of these tools reduce further, it will be interesting to see how quickly SMEs adopt internal Big Data analytics.
Without the right network infrastructure in place, internal applications of Big Data simply won't succeed. Pursuing tighter security should not mean neglecting the switches and routers that will handle the bulk of data transfer and provide valuable extra functionality.