Efficient operations—Using Security Analytics to optimize your user’s experience
Efficiency often means synergies and savings. It means making good use of resources—both operational manpower, bandwidth and energy—but also time and effort. Running an efficient network is a big challenge as it requires the administrator to take tight control of each packet, analyze it and take appropriate action.
It’s tempting for an IT administrator to use the technology out there to do just that. Implement probes, traffic steering engines, content filtering solutions, network address translation equipment and deep packet inspection technologies to analyze each packet and take action to alter the traffic flow in order to optimize the experience. The problem is—looking multiple times at each packet turns out to introduce a lot of extra latency—not to mention the extra costs—resulting in turn with a bad customer experience.
There is always one system that cannot be compromised on—Network Security. There is no doubt that a firewall is required at any network perimeter. Firewalls require analyzing the traffic thoroughly in order to spot hacking attempts and deviating behavior. Each packet is analyzed in depth and correlated with reference data to match it with “known bad”. Each flow is understood from a behaviorial perspective and the purpose of the transaction is recorded and logged.
This provides opportunity. Instead of dropping every packet through multiple systems, it’s much more efficient to use data mining and retrieve the information from the Network Security infrastructure – that’s looking at the data flow intimately for its protection processes. Firewalls have deep packet inspection engines built in to validate that the traffic is really what it says it is—but at the same time the security analytics system can be fed with intelligence about the traffic. In this way behaviors and traffic usage can be identified and mapped— even though this doesn’t necessarily pose a security threat. The packets are analyzed anyway— the data is there.
Good use of perimeter security infrastructure provides full insights in what users and systems use what applications, utilizing how much resources and map this towards time and location. When miss-usage or over-usage of is detected—the firewall can even implement traffic shaping strategies to mitigate the network usage. For instance—streaming video never over 700 kbit/s per stream/client – in order to avoid 4K content to be flooding your enterprise network. Or proactively block certain traffic types—like Bitcoin or Cryptocurrency mining traffic to stop users from utilizing corporate resources (data processing and energy) for personal gain.
Being able to see what’s happening—in real-time—and taking action on it with proactively defined policies—this is the heart of efficient operations. Utilizing equipment that’s installed for multiple use-cases—security & network usage analytics—is efficient operations.
To learn more:
Check this Clavister Aurora Story about Eagle Shield Bay Municipality. See how IT administrator Peter utilizes IT security analytics to find undesired internet usage behavior at high schools that has a negative impact on the rest of the municipality’s internet users.