'Analyse Traffic Moving Over The Network For Enhanced Security'

Yogi Mistry, senior vice president, Worldwide Engineering, Narus, talks about the growing security concerns in cyberspace and the role real-time traffic intelligence plays on the security front.

What are the methods through which enterprises can foresee and understand, in specific detail, the traffic moving over the network?

Historically, service providers and government organisations have taken a siloed approach to monitoring and managing their networks, installing applications incrementally to address specific needs and to solve specific problems. This approach led to a dispersion of information across many products that would never interact with each other and further required a large operational investment to manage and maintain.

Today’s more forward-looking organisations are adopting a more holistic and cost-effective approach by deploying real-time Traffic Intelligence systems. These next-generation systems provide the knowledge necessary to protect and manage large, diverse and widely distributed networks. These systems help in:

* Monitoring traffic from the network layer through the application layer from many sources to discover abnormalities and threats

* Creating actionable knowledge by finding unique traffic patterns and utilising the innovative algorithms and scalable system correlation capabilities

* Analysing traffic at macro and micro levels by targeting specific or aggregate traffic and further providing complete forensic analysis of traffic and subsequently providing insight to increase confidence in policy setting

* Taking informed mitigation actions based on business and operational policies to prevent anomalous traffic from propogating through the network

What are the major threats in cyberspace at the moment?

In cyberspace, cyber security is a vital concern for organisations worldwide. Web-based attacks are now the primary vector for malicious activity over the Internet. The continued growth of the Internet and the number of people increasingly using it for an extensive array of activities presents attackers with a growing range of targets as well as various means to launch malicious activity.

The range of criminal activities that the Internet supports is vast, from consumer threats (for example, becoming a bot, ID theft and child endangerment etc), to enterprise threats (for example, the theft of personally identifiable information, DDoS attacks to shut down the network, etc), to government threats (for example, information warfare, stealing confidential military information etc).

The ‘dark individuals’ and their associated communities continue to loom over the cyber world as we speak. Berthed in a wild fashion with no watchful eyes of regulatory or legislative bodies (at the national level or through international agreements) over it, and evolving at an unprecedented rate, the cyber world today represents one of the most complex telecommunications networks operated by the most advanced systems ever built by the human race.

What are the ways to combat these security issues?

There is a need to have secure, dynamic and resilient solutions to minimise risks. In order to begin to manage and protect today’s large, complex IP networks, service providers and government organisations need to first be able to understand, in specific detail, what traffic is actually going over the network.

How have you seen the threats and user behaviour in cyberspace evolve over the years?

Today, cyber warfare is on our threshold, and goes far beyond the type of ‘college enthusiast hacking’ seen just a year ago. Organised crime and state-sponsored cyber attacks are becoming prevalent. This phenomenon occurs in a parallel virtual world, and essentially represents the ’new cold war’. Managing and protecting large IP networks has become nothing short of a nightmare for service providers and government organisations due to the increasing complexity of these networks. Defending against a gamut of innovative and sophisticated network attacks adds to the complexity.

What new threats do you see emerging?

More than ever before, attackers are concentrating on compromising end users for financial gain. According to an Internet Security Threat Report, in 2008, 78 percent of confidential information threats exported user data, and 76 percent used a keystroke-logging component to steal information such as online banking account credentials. Additionally, 76 percent of phishing lures targeted brands in the financial services sector and this sector also had the most identities exposed due to data breaches. Similarly, 12 percent of all data breaches that occurred in 2008 exposed credit card information.

Governments have increasingly expressed their concern about public safety and national security and have re-iterated the fact that we are not doing enough to address this problem. Over the past year, websites in India – including government sites – have been assaulted by foreign hackers. For example, in April 2008, according to published reports, Indian intelligence agencies detected hackers breaking into the network of the Ministry of External Affairs. Additionally, the country of India has mandated that all service providers offering broadband solutions provide IP intercept capabilities to the government of India in order to provide services.

To manage and protect today’s large, complex IP networks, service providers and government organisations must first be able to understand in detail what kind of traffic is traversing their network. They need traffic intelligence: insight into traffic patterns, paths and types, and payload information. Many service providers and government organisations – like Sify – are now using traffic intelligence to protect and manage their networks, to intercept targeted traffic of interest and enable data retention compliance, to analyse for network planning, and to mitigate unwanted and malicious IP traffic.