BETA
This is a BETA experience. You may opt-out by clicking here
Edit Story

How Do Big Data Analytics Enhance Network Security?

Huawei

Big Data and Big Data analytics have become hot topics in recent years. Unlike traditional methods of cause and effect deduction, Big Data analytics generate predictions based on such enormous volumes of data, that only the tools of association and inference are useful for finding relevance or meaning.

An interesting case study on the use of Big Data analytics was the prediction of a flu pandemic in the United States by Google . The Internet giant detected the spread of a flu virus before any medical organization or national agency based on search results data that showed people researching flu symptoms and remedies. Google’s findings were completely aligned with the health authority reports filed after the flu pandemic occurred.

Big Data analytics enables us to generate reliable analyses, even in the absence of clear links or causes.

So why so long before we could begin to leverage the value of Big Data? For one, the processing and analysis of large volumes of data required advanced computing and storage resources not yet available.

New types of database management systems have also needed to be devised. Traditional databases use data synchronization techniques to determine causality and, while Big Data analytics do not require the use of synchronization for the same purpose, it gives rise to other challenges in the areas of networking, storage, and computational architecture.

The Challenges of Internet of Things

The Internet of Things (IoT) is another popular topic in the ICT industry. Expected to connect everything around the globe programmatically, the IoT infrastructure will enable greater degrees of centralized Big Data collection and analysis. The result will be a wider adoption of Big Data analytics.

Reliable and secure data transmission is a critical concern for the IoT. In addition, a sharp increase in network access nodes will require expanded bandwidth.

Protecting Networks with Big Data Analytics

So how can enterprises enhance network security to tackle these challenges? Software-Defined Networking (SDN)-based controllers and Big Data analytics within and about the data network itself are tools designed to provide a comprehensive overview of each and every network, which allows network administrators to detect more threats when compared with the capabilities of threat detection from a single access point. For example, many hospitals use behavior analysis software to prevent the misuse of patients’ personal information by using software that detects abnormal network behavior to identify employees who may be leaking patient information.

Big Data analytics enables network administrators to predefine policies and actions of the controller to reduce maintenance workload and ensure secure network operations. Preset rules can ensure that suspicious traffic is imported to the security center and eliminated, as appropriate.

Another benefit of Big Data analytics is its ability to process large amounts of data quickly to generate real-time results. It analyzes network security attacks and potential risks immediately, which prevents security breaches.

The Technical Details

For enhanced security, enterprises should have an agile switch that supports the next-generation firewall service board. Security protection functionality, such as an Intrusion Prevention System (IPS), Intrusion Detection System (IDS), and anti-DDoS software is also needed. An aggregation switch at the aggregation layer is required to analyze various security events.

Let’s look at an example: Network traffic traveling through some of the agile switch ports at the aggregation layer suddenly increases due to a DDoS attack. The security behavior analysis module of the controller has predefined rules for importing suspicious traffic; therefore, when the traffic volume reaches a threshold, the agile switch alerts the controller. When the controller receives the alert, it conducts Policy-Based Routing (PBR) for traffic forwarded to the aggregation switch and importing of suspicious traffic to the security center. The security center then cleans the DDoS traffic and returns it to the aggregation switch. The result is to prevent any attack from spreading across the network. Other policies, such as a drop policy, can also be configured.

Alternatively, enterprises can configure the system to alert the administrators first, whereby the administrators configure policies accordingly to address potential breaches. The advantage of this method is to prevent risks when the preconfigured policies turn out to be incorrect, which can interrupt network operations.

Network administrators can also choose to automate the entire process. This choice is intended to improve efficiency and further reduce IT costs. Similar to the maturity now found in the computer automation and industrial control fields, we believe that the automation of network management will continually improve over time.

Because network administrators have authority to access and manage networks, enterprises are vulnerable to operational errors, incorrect configurations, or intentional damage by a network administrator, which can seriously impact networks. To protect against these issues, audits can be conducted to monitor network administrators.

The power of Big Data is limitless. It enables information analysis for early detection even if there is no apparent cause. For network security, enterprises can leverage Big Data to effectively detect and quickly remove threats to ensure that their user data and networks are protected.

To find out more about our case studies and white papers, click here.

To learn more about Huawei Agile Switches, click here.