To Strengthen Network Security, Give Us Slick Algorithms – and a Crazy Amount of Data
June 8, 2017 | by Kim Keating, Vice President – Data Science
The goal: Make sure grandma (or your regional sales director) never clicks on a spear-fishing link.
The method: Analyze 5 billion web events per second to help isolate problems before they spread.
That’s not a typo. We can now scan 5,000 network events per microsecond for anomalies – or 5 billion in a single second. It’s the biggest of Big Data projects, and we think it’s going to make the web a safer place.
This is the new cybersecurity. It involves 3 key parts: parallel computing, fast algorithms and a whole lot of data.
It’s not uncommon these days for major institutions to string together 100 to 300 processors in parallel, coordinating all their computing power at once. It’s sophisticated, but not unique.
And we’re pleased with the algorithms our data scientists are revving up. These are sets of logical instructions to detect unusual events within the stream of data.
But data itself is the key. Few people beyond particle-colliding physicists see the amount of data that crosses the AT&T global network. Nearly 150 petabytes flow through our network on the average business day.
How big is that? A single petabyte is like streaming an HD movie for 45 years.
When we talk about an “event” in cybersecurity, we’re not talking about the content. We’re talking about just its outer shell – the connection between 2 points and how much data is transferred. We screen about 750 billion of these events a day. We search for patterns that may indicate malware, viruses or hacking.
This approach is already at the heart of our Threat Intellect platform, which fuels our managed security solutions for business customers. But increasingly, this data-powered approach will become a basic part of our software-defined network for everyone.
Indeed, this year we’ve introduced the concept of AT&T Network 3.0 Indigo, our next generation network. As we build it out, it will become more like a platform. It will harness its own data patterns for key functions like network optimization and cybersecurity.
This is exciting because machine learning and artificial intelligence get better with more data to train on – such as 150 petabytes a day and growing.
We’ve recently run tests in which we’ve detected zero-day attacks weeks before they’ve been published by major security firms. Using new and unique algorithms, we’re also making important advances in detecting malicious domains.
It’s good for our customers and it’s good for us. With fast algorithms, we can move cybersecurity forward without needing to bulk up with more computing power. We’ll need less space, less power and fewer resources.
And we’ll provide a more secure network.