Downtime costs you
Learn about the costs of downtime — and how to avoid it. Get the free report.
What Is Network Intelligence?
The term “Network Intelligence” refers to the capability of understanding the behavior of users, applications, services, systems, and devices — all by analyzing network traffic.
The key concepts enabling Network Intelligence technologies include:
- Deep packet inspection (DPI) based on standardized hardware and software tools for data collection.
- Proprietary AI algorithms that extract meaningful insights and patterns from this data.
Downstream use cases of Network Intelligence (NI) range from network management and cybersecurity to user experience management and market research. Let’s take a deeper look.
Defining network intelligence
Considered an “enabling technology” by Gartner, network intelligence is a tech concept that is used by communications service providers (CSPs) – that is, all companies that offer services to connect people and devices through networks, enabling the transmission of data, voice, and video. As Gartner states:
Network intelligence (NI) “allows CSPs to capture subscriber-, service- and application-level awareness contained in network traffic. This information is analyzed and exposed for integration with other applications in the back office, allowing CSPs to apply granular policies to influence customer experience and adapt to dynamic shifts in application and service usage. The solution is based on nonproprietary hardware and software platforms and can be used by CSPs on any network.”
The NI concept emerged roughly in the last decade, as we came to understand fully how internet and wireless technologies, those from CSPs, offer both an infinite range of products and services — as well as opportunities for threat actors and hackers to exploit vulnerabilities and commit cybercrime.
As we’ll see in this article, network intelligence offers organizations both a path to cyber defense and an opportunity for growth.
How does network intelligence work?
Data is encoded into a digital format of packets. These packets encapsulate the payload (actual data being transmitted) and metadata (stored in the packet header) that specifies relevant information about:
- The source
- The destination
- Network protocols for secure and reliable packet routing
A Deep Packet Inspection is employed to extract network traffic behavior and environment parameters in real-time. This process is similar to traditional packet filtering at the firewall but it takes place in real-time and accounts for customized data collection policies enforced by the internet service provider (ISP) for network management. Here’s the difference:
- A traditional packet filtering system would simply extract header data and route the packet to its desired destination.
- Deep packet filtering goes further: it integrates with external tools such as intrusion detection systems (IDS) to redirect traffic or discover threats.
Network intelligence builds on top of a similar data collection and analysis mechanism, at a large scale and in real-time. Network Intelligence replaces the simple rules-based filtering system with a highly data-driven real-time decision-making AI algorithm. Real-time network data streams, including network logs and traffic data, are ingested to the AI models, which are also interfaced with external business intelligence (BI) and automation tools.
(Related reading: network data.)
Benefits of network intelligence
Through training on large volumes of real-time information, the Network Intelligence model can learn a lot about behaviors: how the users, applications, network systems, and the business itself behaves. Patterns and correlations within real-time network data can help to:
- Guide business decisions.
- Proactively identify patterns, insights, and trends into traffic data.
Network intelligence use cases & applications
Network Intelligence can assist a variety of use case segments: business, operations, security, and research. Let’s look at how different industry segments and players in the networking industry can take advantage of Network Intelligence:
Telecom and internet services
Telcos and ISPs are uniquely positioned to use network intelligence technologies to better understand user behavior and network traffic demand. Access to granular traffic information allows them to extract feature-rich data points to train Network Intelligence models.
The key differentiation here is visibility into the data that goes through their networks. This allows telcos to offer personalized services and manage the Quality of Experience (QoE) on data that captures a vast audience, in real-time with complete access to customer data.
(Related reading: customer data management.)
Government and security
Telcos and ISPs cooperate with government and law enforcement institutions for lawful interception. This was traditionally achieved by accessing digital switches of target users.
Now that communications take place over the Internet and traffic is routed over dynamically allocated and software-defined network systems, lawful interception requires real-time analysis of network traffic.
Network Intelligence can play an important role in mapping network traffic to malicious threats in real-time. Network Intelligence can be used to analyze packet metadata including:
- Source and destination IP addresses
- Environment variables such as geo-location, time, and duration
- Payload content (if transmitted without encryption)
This information can be used to compare against warrant parameters issued by law enforcement agencies to determine the likely source of security risks.
(Related reading: cyber forensics & the forensic investigator role.)
Cybersecurity
Data breach incidents can remain undetected for nine months, on average. Surely any breach may cause harm in much shorter periods. The upside? Network Intelligence can reduce the time to detection by detecting patterns of anomalous behavior.
ISPs can enforce real-time limitations on network nodes to prevent DDoS attacks and flag unusual traffic behavior to partners and business customers.
ISPs can also maintain extensive log trails for post-incident audits and log analysis. Since the network nodes are directly visible to the network intelligence models, ISPs can enforce security controls to contain damages proactively in event of a successful intrusion at specific network nodes and endpoints.
User experience & market research
Optimizing network performance while growing the user base is a real challenge for CSPs. In the context of network intelligence, downstream tasks such as traffic management and congestion control can help these organizations improve end-user experience.
- User behavior analysis and user-specific Quality of Service (QoS) can help deliver personalized services.
- Automated troubleshooting and fault prediction can help organizations maintain their systems before a downtime incident impacts the end-users.
Since Network Intelligence can capture feature-rich information on end-users, CSPs and cloud vendors can develop Network Intelligence systems to accurately model market trends and forecast user demands and preferences.
The balance with data privacy and integrity
Privacy and data integrity is another important consideration for organizations using Network Intelligence technologies.
Once trained on sensitive user information, Network Intelligence tools can accurately profile an end-user, manipulate data traveling over their networks and degrade services based on demographic groups and segments. Unauthorized data collection for training Network Intelligence models is another key consideration of privacy from a user perspective.
The challenge for telcos and cloud vendors leveraging Network Intelligence is delivering improved end-user experience, service quality, and security — all while adhering to their data privacy standards and expectations.
See an error or have a suggestion? Please let us know by emailing ssg-blogs@splunk.com.
This posting does not necessarily represent Splunk's position, strategies or opinion.
