Webinar: Top Tips for Effective Cyber Threat Hunting Watch Now
FlowTraq > Blog > Network Security and Visibility > Network Behavior Intelligence For The Age Of Big Data

Network Behavior Intelligence For The Age Of Big Data

Gurdev Sethi
By | July 15, 2015


Solutions architected for yesterday’s data volumes can’t keep up with “today-sized” networks

Since the digital revolution began, the amount of data we produce daily has grown exponentially. Today there is more data out there than ever before. According to IDC, we created 2.8 zettabytes (ZB), or 1.8 trillion GBs, of information in 2012, and they estimate that we will generate 40 ZB by 2020, essentially doubling the amount of data every 18 months. Given the unprecedented growth of big data, network behavior intelligence systems that could once handle typical data volumes can no longer keep up. So how can you ensure that you’ll be able to keep up with the growth of big data in the future?

1. Scalability
While lots of systems talk about how fast they are, what’s even more important is your system’s ability to scale and handle more bandwidth, without latency. Older systems were built to handle yesterday’s data volumes. But modern day systems have multiple processors that allow you to scale based on increasing bandwidth needs. When it comes to network behavior intelligence systems, ideally you want to look for speed and scalability – but if you have to choose, scalability will give you the most throughput and enable you to get more tasks done at one time. Older systems just can’t keep up, even if you buy more and more of them.

2. Finding a Needle in a Haystack
While it’s never been easy to find the proverbial needle in a haystack – the network threat that flies under the radar – it’s actually gotten harder because the haystack has gotten bigger. Not just wider, but higher and deeper as well. As data volumes continue to explode, the ability to identify network anomalies has become more challenging because the needles haven’t gotten any bigger, just the haystacks. All it takes is one hacker to get through or one data leak to put your network at risk. To defend your network effectively, you can no longer rely on linear analysis of old systems. Twenty years ago, network analysts could keep up with the volume, but with millions of flows per second running through your network today, it’s impossible with old technology. A gap has formed between what’s easily trackable and what’s not, and perpetrators have taken advantage of that gap, requiring you to spend more time identifying network threats. Old systems cannot bridge that gap, but new systems can. They are designed to handle huge volumes so you can protect your network and find those needles in your haystacks, before they cause too much damage.

3. Big Picture View
In this age of big data and growing networks, many companies choose to purchase more copies of their old network behavior intelligence systems. But this creates a new problem – no one is looking at the big picture. You can hire 1,000 network analysts to study their piece of the network(s) – but network attacks are very subtle and smartly disguised to look like normal network behavior. For instance, if you are a huge government organization and have 500 computer networks across the U.S., you might have multiple individuals who are monitoring each network individually, but at what cost? Without a big picture view, no one will notice that an attacker is hitting 500 of your networks at the same time. Or, if you are a hosting company and have 100 customers with 100 different networks and 100 different copies of an old network behavior intelligence tool, the same attacker might scan all your networks at once. And if your analysts perform security investigations on those networks in an isolated fashion, they may miss the big picture. With a unified view you can see the simultaneous attacks and address them on the spot. Older systems don’t give you this ability, but newer systems let you see the big picture with one login and one complete dashboard – even as you continue to scale and add more units.

4. Forensics
Increased data flow not only makes it challenging to identify network anomalies, it also makes it harder to figure out what happened after an attack, because there’s so much more information to sort through. And performing forensics after a breach is critical to determining where your network is vulnerable. In our experience, it can take up to five weeks to identify a data breach, and the challenge with older systems is that they can’t store that much data – only a few hours or so. So even if you do perform forensics, you don’t have the information you need to figure out what happened. The truth is so many organizations are consumed with what’s happening in the moment that they miss the point that network security should be a continuous process, and forensics is a big piece of that. But to do it right you need a newer system that is architected to enable you to use complete data in real time.

5. Higher Accuracy
When you’re trying to find that needle in a haystack, superficial data doesn’t help you. You need granular, historical data, and you need all the information, not just a sampling of network traffic. Older tools are limited in their accuracy, while newer tools are more detailed and let you drill down into data to investigate attacks and better protect your organization from network threats. Newer network behavior intelligence systems allow you to learn from the past to determine what could happen in the future. And they have figured out how to use speed and scalability of modern architecture to protect today’s networks – today and tomorrow.

Is your network behavior intelligence solution able to keep up with your “today-sized” network? If you want to learn more, reach out to us at or take FlowTraq for a spin with a free trial.