Security and IoT

The Mirai malware DDoS attack on the managed DNS provider, DYN, in October 2016, was not the first DDoS attack carried out using a combination of IoT devices and cloud servers, but it received widespread media attention due to its scale and impact. Internet services were disrupted for millions of users in many areas of North America for several hours. 

If there were a silver lining to the Mirai attack, it would be the attention brought to the lack of security of many IoT devices and the problems they pose for network security overall. For example, IoT devices do not effectively provide reporting statistics like network equipment does. They are clients of the network, and the volume of these devices — and their unfortunate lack of security — make them a liability. 

Big data is crucial in understanding how myriad devices utilize the network, providing a historical record of device interactions and requests so as to answer questions about whether particular devices are operating normally or not. For instance, in the Mirai case, even the manufacturer of the hijacked devices could not understand what was happening because it could only see that they were sending traffic, not what kind of traffic or where.

As it turned out, because of a back door left open by the manufacturer in the firmware, Mirai was able to bypass the users' password controls and gained access to the root level of the devices, which was subsequently used to carry out the DDoS attack on DYN. The nature of this event in particular is additionally complicated since the attackers targeted DYN with a flood of DNS requests, making it incredibly difficult to decipher between the good traffic and the bad. 

Network analytics based on a big data view of the network would have understood immediately that the half million infected devices were acting out of character, sending repeated DNS requests to servers that they normally would have no business contacting.

Protecting against next-generation DDoS attacks requires this type of contextual awareness. There needs to be visibility into services, CDNs and sites — not just IP addresses. The increasing complexity and frequency of attacks requires an ability to reduce false positives and negatives with the highest accuracy and enable real-time, surgical mitigation, otherwise, the cost to operators will balloon and response times will be inadequate to stop the damage. 

Big Data, Better Analytics

The mesh of technologies, players, applications, and protocols is increasing the complexity of network operations — and it is only getting more complex with time. However, the tools available to manage this complexity have been evolving as well. For example, advances in database technologies, such as streaming vector, column-store databases, make it possible to map out the entire internet, using only publicly available data of the same type that Google collects. Through this, the database can create a catalog of the structure of the internet and how services are delivered, leveraging it in ways that are tremendously useful and valuable to network operators.

As a result, this data — combined and correlated with network telemetry and enterprise data — becomes a crucial enabler in solving the biggest challenges facing networks today.

The next generation of network analytics, based on standardized developments such as streaming telemetry and big data, are already proving critical for network operators. Looking to the future, they will be foundational for realizing the promise of software-defined networks, providing the real-time analytics for correlating quality of service, routing costs and traffic demands to automatically optimize paths through the network dynamically.