Hardware Vendors are Providing Better Network Monitoring Than Most Software Vendors
Thomas LaRock
Author and data professional with 25+ years of expertise in data advocacy, data science, SQL server, Python ~ Microsoft MVP ~ Relationship builder with Microsoft & VMware ~ M.S. in Data Analytics (2025) and Mathematics ~
One of my earlier articles this week referenced a survey where 70% of enterprises today are using a private cloud. Within that 70% are likely companies who have public facing websites. This would imply there is a percentage of companies who are responsible for their own network security for things like DDoS attacks. Of course, preventing DDoS attacks is something faced by a lot of corporations, large and small. But larger companies have far more resources to provide defense, which is one of the main selling points for turning to a cloud service provider like AWS or Azure for help in this area.
Solving for network attacks effectively requires two things. First, you want to be able to review network traffic as close to the source as possible. This means intercepting packets as they arrive. Second, you need the ability to intercept, detect, and alert at what is called "line speed", or the speed at which traffic is flowing through the network switch, which could be terabytes of data per second.
Thankfully, Broadcom has stepped up to help provide a solution. Their new Trident5-X12 chip provide a neural-network inference engine called NetGNT (Networking General-purpose Neural-network Traffic-analyzer). This engine is able to capture packets, analyze and detect, and label the packet as it flows through the switch. This allows for real-time detection of anomalous activities which are flagged and sent as an alert to the operations team. It should also be possible to reroute the anomalous traffic in real time as well, perhaps sending the traffic into a digital twin of the network where the bad actor can do no harm.
The only caveat to this is the fact that Broadcom is not training the model, they only provide the inference engine inside the Trident5-X12 chip. It is up to customers to collect data, train a model, and deploy. This is a bit more complex than, say, building a model to know if you would have survived the Titanic. You need a person, or team, with an understanding of network traffic and the skills to build a neural net capable of identifying anomalous traffic patterns. As if that were not enough, the model also needs a way to classify what we call "unknown unknowns", or traffic patterns not seen before but are not benign. This is highly specialized work.
Still, this is a tremendous step forward with a hardware maker applying a software solution to tackle an issue faced by their customers. Placing an inference engine on the chip itself is brilliant in its simplicity. Customers, as well as network monitoring software providers, will benefit from this feature.
领英推荐
#CFD19 博通