Network intelligence

Last updated February 14, 2023

Network intelligence (NI) is a technology that builds on the concepts and capabilities of deep packet inspection (DPI), packet capture and business intelligence (BI). It examines, in real time, IP data packets that cross communications networks by identifying the protocols used and extracting packet content and metadata for rapid analysis of data relationships and communications patterns. Also, sometimes referred to as Network Acceleration or piracy.

NI is used as a middleware to capture and feed information to network operator applications for bandwidth management, traffic shaping, policy management, charging and billing (including usage-based and content billing), service assurance, revenue assurance, market research mega panel analytics, lawful interception and cyber security. It is currently being incorporated into a wide range of applications by vendors who provide technology solutions to Communications Service Providers (CSPs), governments and large enterprises. NI extends network controls, business capabilities, security functions and data mining for new products and services needed since the emergence of Web 2.0 and wireless 3G and 4G technologies.^[1]^[2]^[3]^[4]

Background

The evolution and growth of Internet and wireless technologies offer possibilities for new types of products and services,^[4]^[5] as well as opportunities for hackers and criminal organizations to exploit weaknesses and perpetrate cyber crime.^[6]^[7]^[8] Network optimization and security solutions therefore need to address the exponential increases in IP traffic, methods of access, types of activity and volume of content generated.^[9]^[10] Traditional DPI tools from established vendors have historically addressed specific network infrastructure applications such as bandwidth management, performance optimization and quality of service (QoS).

DPI focuses on recognizing different types of IP traffic as part of a CSP's infrastructure. NI provides more granular analysis. It enables vendors to create an information layer with metadata from IP traffic to feed multiple applications for more detailed and expansive visibility into network-based activity.

NI technology goes beyond traditional DPI, since it not only recognizes protocols but also extracts a wide range of valuable metadata. NI's value-add to solutions traditionally based on DPI has attracted the attention of industry analysts who specialize in DPI market research. For example, Heavy Reading now includes NI companies on its Deep Packet Inspection Semi-Annual Market Tracker.^[4]

Business Intelligence for data networks

In much the same way that BI technology synthesizes business application data from a variety of sources for business visibility and better decision-making, NI technology correlates network traffic data from a variety of data communication vehicles for network visibility, enabling better cyber security and IP services. With ongoing changes in communications networks and how information can be exchanged, people are no longer linked exclusively to physical subscriber lines. The same person can communicate in multiple ways – FTP, Webmail, VoIP, instant messaging, online chat, blogs, social networks – and from different access points via desktops, laptops and mobile devices.

NI provides the means to quickly identify, examine and correlate interactions involving Internet users, applications, and protocols whether or not the protocols are tunneled or follow the OSI model. The technology enables a global understanding of network traffic for applications that need to correlate information such as who contacts whom, when, where and how, or who accesses what database, when, and the information viewed. When combined with traditional BI tools that examine service quality and customer care, NI creates a powerful nexus of subscriber and network data.

Use in telecommunications

Telcos, Internet Service Providers (ISPs) and Mobile Network Operators (MNOs) are under increasing competitive pressures to move to smart pipe business models. The cost savings and revenue opportunities driving smart pipe strategies also apply to Network Equipment Providers, Software Vendors and Systems Integrators that serve the industry.

Because NI captures detailed information from the hundreds of IP applications that cross mobile networks, it provides the required visibility and analysis of user demand to create and deliver differentiating services, as well as manage usage once deployed.

Requirement	Purpose	Example Applications
Customer Metrics	Understand customer demand	Audience measurement User behavior analysis Customer segmentation Personalized services
Network Metrics service ( Delivery ) events	Identify / deliver / manage services	Bandwidth / resources optimization Content / application-aware billing Quality of Experience (QoE) analysis VoIP fraud monitoring Regulatory compliance

NI as enabling technology for smart pipe applications

Customer metrics are especially important for telecom companies to understand consumer behaviors and create personalized IP services. NI enables faster and more sophisticated Audience Measurement, User Behavior Analysis, Customer Segmentation, and Personalized Services.

Real-time network metrics are equally important for companies to deliver and manage services. NI classifies protocols and applications from layers 2 through 7, generates metadata for communication sessions, and correlates activity between all layers, applicable for bandwidth & resource optimization, QoS, Content-Based Billing, quality of experience, VoIP Fraud Monitoring and regulatory compliance.

Use in cloud computing

The economics and deployment speed of cloud computing is fueling rapid adoption by companies and government agencies.^[11]^[12]^[13] Among concerns, however, are risks of information security, e-discovery, regulatory compliance and auditing.^[14]^[15]^[16] NI mitigates the risks by providing Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS) vendors with real-time situational awareness of network activity, and critical transparency to allay fears of potential customers. A vendor can demonstrate hardened network security to prevent Data Leakage or Data Theft and an irrefutable audit trail of all network transaction – communication and content – related to a customer's account, assuming compliance to regulation and standards.

Use in government

NI extracts and correlates information such as who contacts whom, when where and how, providing situational awareness for Lawful Interception and Cyber Security. Real-time data capture, extraction and analysis allow security specialists to take preventive measures and protect network assets in real time as a complement post-mortem analysis after an attack.

Use in business

Because NI combines real-time network monitoring with IP metadata extraction, it enhances the effectiveness of applications for Database Security, Database Auditing and Network Protection. The network visibility afforded by NI can also be used to build enhancements and next-generation solutions for Network Performance Management, WAN Optimization, Customer Experience Management, Content Filtering, and internal billing of networked applications.

Related Research Articles

Quality of service (QoS) is the description or measurement of the overall performance of a service, such as a telephony or computer network, or a cloud computing service, particularly the performance seen by the users of the network. To quantitatively measure quality of service, several related aspects of the network service are often considered, such as packet loss, bit rate, throughput, transmission delay, availability, jitter, etc.

In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.

Voice over Internet Protocol (VoIP), also called IP telephony, is a method and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet. The terms Internet telephony, broadband telephony, and broadband phone service specifically refer to the provisioning of communications services over the Internet, rather than via the public switched telephone network (PSTN), also known as plain old telephone service (POTS).

A virtual private network (VPN) is a mechanism for creating a secure connection between a computing device and a computer network, or between two networks, using an insecure communication medium such as the public Internet. A VPN can extend a private network, enabling users to send and receive data across public networks as if their devices were directly connected to the private network. The benefits of a VPN include security, reduced costs for dedicated communication lines, and greater flexibility for remote workers. VPNs are also used to bypass internet censorship. Encryption is common, although not an inherent part of a VPN connection.

Deep packet inspection (DPI) is a type of data processing that inspects in detail the data being sent over a computer network, and may take actions such as alerting, blocking, re-routing, or logging it accordingly. Deep packet inspection is often used to baseline application behavior, analyze network usage, troubleshoot network performance, ensure that data is in the correct format, check for malicious code, eavesdropping, and internet censorship, among other purposes. There are multiple headers for IP packets; network equipment only needs to use the first of these for normal operation, but use of the second header is normally considered to be shallow packet inspection despite this definition.

<span class="mw-page-title-main">Internet security</span> Branch of computer security

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

A content delivery network, or content distribution network (CDN), is a geographically distributed network of proxy servers and their data centers. The goal is to provide high availability and performance by distributing the service spatially relative to end users. CDNs came into existence in the late 1990s as a means for alleviating the performance bottlenecks of the Internet as the Internet was starting to become a mission-critical medium for people and enterprises. Since then, CDNs have grown to serve a large portion of the Internet content today, including web objects, downloadable objects, applications, live streaming media, on-demand streaming media, and social media sites.

In computing, Internet geolocation is software capable of deducing the geographic position of a device connected to the Internet. For example, the device's IP address can be used to determine the country, city, or ZIP code, determining its geographical location. Other methods include examination of Wi-Fi hotspots, a MAC address, image metadata, or credit card information.

PacketExchange is a British multinational network services provider based in London. Founded in 2002 by Jason Velody and Kieron O'Brien who were supported by Nigel Titley, Giles Heron, and Katie Snowball as the founder team, its network connected 45 points of presence across Europe, Asia and the United States over a private backbone consisting primarily of multiple 10 Gigabit Ethernet links over dedicated wavelengths on a fiber-optic mesh.

An application delivery network (ADN) is a suite of technologies that, when deployed together, provide availability, security, visibility, and acceleration for Internet applications such as websites. ADN components provide supporting functionality that enables website content to be delivered to visitors and other users of that website, in a fast, secure, and reliable way.

Edge STPs are networking hardware devices embedded with software that performs routing, signaling, firewall, and packet conversion functions. Their primary purpose is to unify networks that use various transports and signaling protocols – such as SS7, SIP, SIGTRAN, TDM, IP, etc. – into cohesive service environments. Unified environments are simpler for telecommunications companies to manage, and also enable them to cost-effectively transition to next-generation networks based on the Internet Protocol (IP).

Continuous Computing was a privately held company based in San Diego and founded in 1998 that provides telecom systems made up of telecom platforms and Trillium software, including protocol software stacks for femtocells and 4G wireless / Long Term Evolution (LTE). The company also sells standalone Trillium software products and ATCA hardware components, as well as professional services. Continuous Computing's Trillium software addresses LTE Femtocells and pico / macro eNodeBs, as well as the Evolved Packet Core (EPC), Mobility Management Entity (MME), Serving Gateway (SWG) and Evolved Packet Data Gateway (ePDG).

Deep content inspection (DCI) is a form of network filtering that examines an entire file or MIME object as it passes an inspection point, searching for viruses, spam, data loss, key words or other content level criteria. Deep Content Inspection is considered the evolution of Deep Packet Inspection with the ability to look at what the actual content contains instead of focusing on individual or multiple packets. Deep Content Inspection allows services to keep track of content across multiple packets so that the signatures they may be searching for can cross packet boundaries and yet they will still be found. An exhaustive form of network traffic inspection in which Internet traffic is examined across all the seven OSI ISO layers, and most importantly, the application layer.

In digital communications networks, packet processing refers to the wide variety of algorithms that are applied to a packet of data or information as it moves through the various network elements of a communications network. With the increased performance of network interfaces, there is a corresponding need for faster packet processing.

Software-defined networking (SDN) technology is an approach to network management that enables dynamic, programmatically efficient network configuration in order to improve network performance and monitoring, making it more like cloud computing than traditional network management. SDN is meant to address the static architecture of traditional networks. SDN attempts to centralize network intelligence in one network component by disassociating the forwarding process of network packets from the routing process. The control plane consists of one or more controllers, which are considered the brain of the SDN network where the whole intelligence is incorporated. However, centralization has its own drawbacks when it comes to security, scalability and elasticity and this is the main issue of SDN.

Traffic classification is an automated process which categorises computer network traffic according to various parameters into a number of traffic classes. Each resulting traffic class can be treated differently in order to differentiate the service implied for the data generator or consumer.

DDoS mitigation is a set of network management techniques and/or tools, for resisting or mitigating the impact of distributed denial-of-service (DDoS) attacks on networks attached to the Internet, by protecting the target, and relay networks. DDoS attacks are a constant threat to businesses and organizations, by delaying service performance, or by shutting down a website entirely.

The Physical Security Interoperability Alliance (PSIA) is a global consortium of more than 65 physical security manufacturers and systems integrators focused on promoting interoperability of IP-enabled security devices and systems across the physical security ecosystem as well as enterprise and building automation systems.

A software-defined wide area network (SD-WAN) is a wide area network that uses software-defined network technology, such as communicating over the Internet using overlay tunnels which are encrypted when destined for internal organization locations.

Data center security is the set of policies, precautions and practices adopted at a data center to avoid unauthorized access and manipulation of its resources. The data center houses the enterprise applications and data, hence why providing a proper security system is critical. Denial of service (DoS), theft of confidential information, data alteration, and data loss are some of the common security problems afflicting data center environments.

References

↑ Jessica Schieve (2011-02-23). "Light Reading report: Network Acceleration - Managing Data Growth". Light Reading. Archived from the original on 2011-05-11. Retrieved 2011-03-15.
↑ Brian Partridge (2010-05-17). "Network Intelligence is Key to Profiting from Anywhere Demand". Yankee Group Anchor Report. Retrieved 2010-06-15.
↑ Thibaut Bechetoille (2009-03-25). "The Everyday Relationship Between You and 'Your' Information: What's Out There on the Internet". TMCnet. Retrieved 2010-06-15.
1 2 3 Simon Sherrington. "Deep Packet Inspection Semi-Annual Market Tracker". Heavy Reading. Retrieved 2010-06-15.
↑ Aditya Kishore (2008-07-21). "Market Research: New Opportunity for Service Providers?". Light Reading. Retrieved 2009-07-27.
↑ Shireen Dee (2009-02-03). "Qosmos Network Intelligence Helps Development of Smart Pipe Solutions". TMCnet. Retrieved 2009-07-27.
↑ "MessageLabs Intelligence: 2008 Annual Security Report" (PDF). MessageLabs. 2009. Retrieved 2009-07-27.
↑ "Big Data and Bigger Breaches With Alex Pentland of Monument Capital Group". 2015. Retrieved 2015-01-14.
↑ "2008 Internet Security Trends". IronPort. 2008. Retrieved 2009-07-27.
↑ Jordan Golson (2009-07-21). "A Brave New World: 700M New Net Users Seen By 2013". GigaOM. Retrieved 2009-07-27.
↑ Stacey Higginbotham (2009-07-21). "Will P2P Soon Be the Scourge of Mobile Networks?". GigaOM. Retrieved 2009-07-27.
↑ "IDC Finds Cloud Computing Entering Period of Accelerating Adoption and Poised to Capture IT Spending Growth Over the Next Five Years". IDC. 2008-10-20. Archived from the original on 2009-11-23. Retrieved 2009-07-28.
↑ Tom Sullivan (2008-03-29). "More Cash for Cloud Computing in 2009". PC World. Retrieved 2009-07-28.
↑ Henry Sienkiewicz (2008-04-30). "DISA's Cloud Computing Initiatives". Government Information Security Podcasts. Retrieved 2009-07-28.
↑ Ephraim Schwartz (2008-07-07). "The dangers of cloud computing". Info World. Retrieved 2009-07-28.
↑ Jon Brodkin (2008-07-02). "Gartner: Seven cloud-computing security risks". Info World. Archived from the original on 2009-03-18. Retrieved 2009-07-28.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[jschieve-1] Jessica Schieve (2011-02-23). "Light Reading report: Network Acceleration - Managing Data Growth". Light Reading. Archived from the original on 2011-05-11. Retrieved 2011-03-15.

[partridge-2] Brian Partridge (2010-05-17). "Network Intelligence is Key to Profiting from Anywhere Demand". Yankee Group Anchor Report. Retrieved 2010-06-15.

[bechetoile-3] Thibaut Bechetoille (2009-03-25). "The Everyday Relationship Between You and 'Your' Information: What's Out There on the Internet". TMCnet. Retrieved 2010-06-15.

[sherrington-4] 1 2 3 Simon Sherrington. "Deep Packet Inspection Semi-Annual Market Tracker". Heavy Reading. Retrieved 2010-06-15.

[kishore-5] Aditya Kishore (2008-07-21). "Market Research: New Opportunity for Service Providers?". Light Reading. Retrieved 2009-07-27.

[dee-6] Shireen Dee (2009-02-03). "Qosmos Network Intelligence Helps Development of Smart Pipe Solutions". TMCnet. Retrieved 2009-07-27.

[messagelabs-7] "MessageLabs Intelligence: 2008 Annual Security Report" (PDF). MessageLabs. 2009. Retrieved 2009-07-27.

[bigdata-8] "Big Data and Bigger Breaches With Alex Pentland of Monument Capital Group". 2015. Retrieved 2015-01-14.

[ironport-9] "2008 Internet Security Trends". IronPort. 2008. Retrieved 2009-07-27.

[golson-10] Jordan Golson (2009-07-21). "A Brave New World: 700M New Net Users Seen By 2013". GigaOM. Retrieved 2009-07-27.

[higginbotham-11] Stacey Higginbotham (2009-07-21). "Will P2P Soon Be the Scourge of Mobile Networks?". GigaOM. Retrieved 2009-07-27.

[idc-12] "IDC Finds Cloud Computing Entering Period of Accelerating Adoption and Poised to Capture IT Spending Growth Over the Next Five Years". IDC. 2008-10-20. Archived from the original on 2009-11-23. Retrieved 2009-07-28.

[sullivan-13] Tom Sullivan (2008-03-29). "More Cash for Cloud Computing in 2009". PC World. Retrieved 2009-07-28.

[sienkiewicz-14] Henry Sienkiewicz (2008-04-30). "DISA's Cloud Computing Initiatives". Government Information Security Podcasts. Retrieved 2009-07-28.

[schwartz-15] Ephraim Schwartz (2008-07-07). "The dangers of cloud computing". Info World. Retrieved 2009-07-28.

[brodkin-16] Jon Brodkin (2008-07-02). "Gartner: Seven cloud-computing security risks". Info World. Archived from the original on 2009-03-18. Retrieved 2009-07-28.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]