Keith Bromley
Sr. Manager, Product Marketing at Ixia
Blog

Supercharge Your Network With Application Intelligence

October 12, 2016 by Keith Bromley

Constantly changing network security threats, an emphasis on customer quality of experience, and a greater need to measure internal and external SLA’s (especially for cloud networks) have become increasingly important topics for IT. These requirements are forcing IT to gain an even better insight and understanding of the network to maximize performance.

Application intelligence is a fundamental capability that IT can deploy to help them supercharge network functionality. It uses context-aware data processing to amplify the value of monitoring data. These following capabilities can enhance any IT department by making the network and applications running on it more secure, stronger, and more resilient: 

  • Expose indicators of compromise (IOC)
  • Conduct application filtering for security and monitoring tools
  • Perform proactive troubleshooting
  • Providing geolocation of attack vectors
  • Combat SSL encrypted threats
  • Strengthen regulatory compliance initiatives

What is application intelligence?

In short, application intelligence is basically the real-time visualization of application level data. This includes the dynamic identification of known and unknown applications on the network, application traffic and bandwidth utilization, detailed breakdowns of applications in use by application type, and geo-locations of users and devices while accessing applications.

Maximizing network security and tool efficiency with application filtering

Properly designed visibility architectures can deliver the critical intelligence needed to boost network security protection, reduce troubleshooting costs, create more efficiencies, and extend the life and utility of monitoring tools. This context-aware data processing delivers a level of insight that helps mitigate network security threats from suspicious applications and locations. It also allows IT engineers to spot trends in application usage which can be used to predict, and then prevent, congestion.

Here are just three of the many example use cases for application intelligence:

  • IT can use application filtering to screen traffic before it is sent to an intrusion detection system (IDS). For instance, information that does not require screening (e.g. voice and video) can be routed downstream and bypass IDS inspection. In the case of networks where voice and video traffic like Netflix and Pandora are in use, this can make your IDS solution up to 35% more efficient. See the University of Texas case study for an example.
  • Context-aware data processing can identify suspicious behavior by correlating indicators of compromise with geographic location and known bad sites. For instance, maybe there is a user in North Korea that is hitting an FTP server in Dallas, TX and transferring files off of the network. If you have no authorized users in North Korea, this should be treated as highly suspicious. Early detection of breaches using application intelligence reduces the loss of personally identifiable information (PII) and reduces the cost of a breach. See this solution brief for an illustration.
  • Geolocation capability can be used to help quickly locate geographic outages and potentially narrow troubleshooting efforts to specific vendors that may be causing network disruptions. This reduces troubleshooting costs and improves customer Quality of Experience. See this solution brief for an example.

One key factor to keep in mind is that the user interface is a critical component of the solution. Useful data that is hard to get and understand won’t help much. You need quick and easy access to this data. For instance, a drag and drop user interface (UI) that allows an administrator to create and modify application level filters can be five to ten times (or even more) faster than a command line interface (used for writing regular expressions) and a cookbook with page long examples of commands the admin will need to write.

Which would you prefer, drag and drop capability for filter creation or to be given a command line interface (CLI) and a "cookbook" so you can write your own applications with all of the extra time you have?

More Information on Application Intelligence

In summary, application intelligence can provide the following benefits for most enterprises:

  • A stronger, more resilient security architecture
  • Faster mean time to repair
  • Decreased costs for breaches and network failures
  • Better support for regulatory compliance
  • Better efficiency for monitoring tools

In addition, Ixia’s ATI Processor provides other context-aware information like geo-location, browser type, and device type. The Ixia solution delivers critical intelligence to reduce troubleshooting costs and boost network security protection (especially for indicators of compromise). As new network security threats emerge, the ATI Processor helps IT improve their overall security with better intelligence for their existing security tools. 

More information on application intelligence and context-aware data processing and the plethora of use cases for it is available here and in this whitepaper.