Big data or big data analytics has become a hot topic in recent years. Unlike traditional analysis methods where the law of cause and effect applies, big data analytics generates predictions based on large amounts of data, often meaning that links leading to results are not immediately evident.
An interesting real-life case study on the use of data analytics is Google’s prediction of a flu pandemic in the United States . The national medical agencies tried to collect information on patients to predict trends and prevention. But the collection and analysis of this data is a slow and difficult process. However, search engine giant Google detected the spread of a flu virus before any medical organization by analyzing search data. The data showed that many people conducted Google searches to learn about flu symptoms and remedies. Google’s findings were completely aligned with the health authorities’ reports filed after the flu pandemic.
This is the amazing ability of big data analytics. It enables us to generate reliable analyses, even if there are no clear links or causes.
So why didn’t we start leveraging big data analytics earlier? The processing and analysis of huge volumes of data requires advanced computing and storage resources that were not available in the past. Big data analytics has a significant impact on databases. Traditional databases typically synchronize data to determine the causality between the data. While big data analytics does not have these requirements, it presents new database-related challenges, which requires a new type of database. From the networking, storage, and computing architecture perspective, the impact of big data is relatively low.
The Challenges of Internet of Things
The Internet of Things (IoT) is also a popular topic in the ICT industry. IoT is expected to connect everything around the globe, which will enable centralized big data collection and analysis. Therefore, a rise in the use of IoT will result in wider adoption of big data analytics.
IoT is expected to present major challenges to the bandwidth, reliability, and security of networks. With a sharp increase in the number of network access nodes, expanded bandwidth is required. The reliability and security of data transmission pipes is also extremely important for the IoT.
Protecting Networks with Big Data Analytics
So how can enterprises enhance network security to prepare for this? We have discovered that with a comprehensive overview of an entire network, network administrators can detect more threats compared with threat detection from a single access point. Enterprise can achieve this with software-defined networking (SDN)-based controllers and big data analytics. For example, many hospitals use behavior analysis software to prevent the misuse of patients’ personal information. Behavior analysis software is used to detect abnormal network behavior to identify employees that may be leaking patient information.
Big data analytics also enables network administrators to predefine the policies or actions of the controller to reduce maintenance workload and ensure secure operations throughout the entire network. It can preset rules to ensure that suspicious traffic is imported to the security center and eliminated, as appropriate.
In addition, another benefit of big data analytics is its ability to process large amounts of data quickly to generate real-time results. It can analyze network security attacks immediately, detect network security problems, and discover potential security risks to prevent security disasters.
The Technical Details
For enhanced security, an agile switch that supports the next-generation firewall service board and multiple security protection functions including an Intrusion Prevention System (IPS), Intrusion Detection System (IDS), and anti-DDoS is needed. The aggregation switch at the aggregation layer will be required to analyze various security events.
Let’s look at an example. In network operations, the traffic traveling through some of the agile switch’s ports at the aggregation layer may suddenly increase due to DDoS attacks. When traffic volume reaches a threshold, the agile switch alerts the controller. The security behavior analysis module of the controller predefines rules for importing suspicious traffic. After receiving the alert, the controller conducts Policy-Based Routing (PBR) for traffic importing to the aggregation switch and imports suspicious traffic to the security center. The security center then cleans the DDoS traffic and sends the traffic to the aggregation switch. This way, network attacks are not spread across the network. Other policies, such as a drop policy, can also be configured.
Alternatively, enterprises can let the system alert the administrator first, and then have the administrator configure policies accordingly to address the potential breach. The advantage of doing this is to prevent risks in case preconfigured policies are incorrect, which can interrupt network operations.
Network administrators can also choose to automate the entire process. This helps improve efficiency and reduce IT costs. We believe that the automation of network management will happen over time, similar to automation of the computer and industrial control fields.
In addition, enterprises also need protective measures against its network administrators, who have the authority to access and manage its networks. Operational errors, incorrect configurations, or intentional damage by network administrators can have a seriously impact on networks. An audit can be conducted to monitor network administrators.
The power of big data is limitless. It enables information analysis for early detection even if there is no apparent cause. For network security, enterprises can leverage big data to effectively detect and quickly remove threats to ensure that their user data and networks are well protected.
By Swift Liu, President, Switch & Enterprise Communications Product Line, Huawei
The post How Does Big Data Analytics Enhance Network Security? appeared first on Huawei Enterprise Blog.