Page 61 - Cyber Warnings
P. 61
Ten Tips for Getting the Most from Network MetaData
Jim Meehan, Kentik Director of Solutions Engineering
Nearly every business that uses IP networks generates large volumes of metadata on its
network infrastructure on an hourly basis.
If properly compiled and analyzed, such metadata can provide valuable insights about business
operations.
Metadata is “data about data,” as distinct from the underlying data itself, meaning these records
do not include the actual contents of the conversations.
For telecom networks, metadata includes the call detail records about who talked to whom,
when, and for how long.
For IP networks, the metadata records document the IP addresses, port #s, byte and packet
counts of packet flows.
“Given the right tools, IP network operators can perform powerful retroactive and real-time
analyses of network metadata,” said Jim Meehan, Director of Solutions Engineering for Kentik,
maker of a big data-based network analytics platform.
Here are Jim Meehan’s 10 tips to gain an enterprise edge with metadata analysis:
1. Generate IP traffic metadata pervasively
• Packet capture is highly useful, but expensive enough that it can’t feasibly be done
everywhere
• Metadata such as NetFlow, sFlow, IPFIX can be generated by all network elements, and
offers pervasiveness of visibility with a surprising amount of depth
• The key is to retain the full volume of detailed data
2. Move beyond legacy network monitoring based on “small data” architecture
• Processing and storage constraints in traditional appliance approaches will force you to
discard most of the data details
• Discarded details hold the vast majority of the real, operational value
61 Cyber Warnings E-Magazine December 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
