Data privacy, infrastructure protection, traffic monitoring and performance tools all require traffic input from network links. As network tools advance in speed and performance, the visibility tools that feed them must also keep pace.
AI and Machine Learning
Typically, security tools are pre-programmed with algorithms to detect and block certain types of malware. Monitoring tools are designed to look at traffic volumes and patterns. Configuration, deployment and changes are achieved by command line or GUI interaction with a live person.
AI and Machine learning in network tools bring many benefits to networks. AI and machine learning provide tools with power to automatically gain experience from data they see. Machine learning tools can execute processes without manual pre-programming. Artificial intelligence (AI) allows tools to make decisions without pre-defined instructions. Network security tools, armed with these technologies can use live network traffic to learn normal patterns, detect anomalies and automatically make decisions about how and when to block potential attacks. Many tools can actually predict potential vulnerabilities and make adjustments prior to the actual occurrence of a security breach.
TAPs and Packet Brokers
TAPs and Packet Brokers connect tools to network links, make a copy of the traffic on a link and pass that traffic to the tools. TAPs and Packet Brokers can filter out traffic that the monitoring tools do not need and can also be programmed to send a predefined set of traffic to specific ports on the tools. This parsing of traffic increases the speed and efficiency of monitoring tools by eliminating filter and mapping functions from their processes.
The Age of Tool Specialization
Network speed and complexity continues to grow. Applications and compute power can be housed in a local data center, somewhere off in a distant cloud or a combination of both. Access to stored information is equally complex. Information is not always locked away in a protected server. Laptops, thumb drives, cloud storage and other devices make protecting confidential information a growing challenge. Further, current network speeds in the 25/40/100Gbps range makes the evaluation of network traffic more complex.
As a result of this growing complexity, network tools are becoming more specialized. There are tools for Data Loss Protection, Firewall and Intrusion Protection, Adware and Spyware Protection, Authentication Devices, Endpoint Detection, Malware Threats and many more specialized network threats. In fact, a recent Phoenix NAP article was titled, “35 Network Security Tools You Should Be Using.” How can network engineers deploy and manage the complex network of specialized tools required to protect and monitor networks?
The answer is the incorporation of Machine Learning and AI into these tools. These advancements eliminate the human interaction required to continually program, instruct and update tools to keep up with the ever changing threat landscape.
Network managers lose much of the speed and agility of AI tools if they are still required to manually search for alarms and manually program TAPs and Packet Brokers that provide traffic data to the advanced tools. Network Critical has solved that dilemma with the introduction of an integrated Application Programming Interface (API) in the SmartNA-PortPlus. The API is a set of functions and procedures that allows tool makers to write programs that automatically access and control features on the PortPlus. By allowing a direct program interface between the tool and the PortPlus, features such as filtering and port mapping can be controlled by the tools without human interaction.
Visibility automation has many benefits for networks and those with the responsibility to mange and protect those networks. The learning and decision making capability of new network tools allows much quicker response to anomalies in traffic patterns. The tools also may directly request to see additional sets of data or change the type of incoming traffic to be analyzed. If a human interface is required to make these critical changes, the process is delayed, making response time to a potential event less effective. By automatically manipulating the output from the PortPlus without human intervention, there can be a true dynamic interchange of data between the network and the tools.
This dynamic, automatic control over the network traffic data not only increases the effectiveness of network tools, it also can dramatically reduce OPEX by eliminating much of the manual system management required to develop and manage filter and mapping rules. While this is one important example of the benefits of automated visibility there are many other Packet Broker features that can be automated with the SmartNA-PortPlus integrated API.
To learn more about Automated Visibility and how this new approach completes the AI promise go to www.networkcritical.com.