By: Jesse Price
Today’s networks are under attack. Whether the target is a commercial network such as Equifax or the networks for the U.S. elections, cyber-attacks are capable of penetrating the most sophisticated security architectures without detection. Operators and government agencies are increasingly seeking out ways to identify threat trends and patterns by using real-time data derived from advanced network monitoring applications. However, these cyber intelligence tools often miss the critical information that can be gathered from the optical transport network. Modern cyber intelligence missions require comprehensive optical network analytics to pair with their current cyber security tools in order to maximize their success rate.
Optical networks complicate standard threat detection applications. Today’s long-haul and regional optical networks are rapidly evolving in order to handle the growing bandwidth demands and required high-speed access. As new technology emerges, network service providers are adopting new transport mechanisms including SD-WAN, DWDM, OTN, and 100G+ coherent technologies in order to make the most efficient use of the deployed fiber network. In many cases, despite the growing presence of new signaling methods, legacy communications protocols can also live in the optical network for many years and this presents a unique challenge for the service providers as they are tasked with managing many different protocols within their networks. Carrying different technologies deeply tunneled within the fiber network creates large multi-layered networks that complicate threat detection. It is now common for optical networks to carry anywhere from up to 5 to 10 different signaling technologies on a single fiber, as shown in Figure 1.
Figure 1: Optical networks support a complex mix of framing and transport technologies.
Global Optical Transport Networks Are Evolving Rapidly
|
Today, cyber intelligence missions often require monitoring access to long-haul and regional optical networks. Modern surveillance architectures already require a deep understanding of the network infrastructure in order to decode the optical transport mechanism and remove the layers of WAN protocols. But is potentially valuable information being dropped as these network layers are removed? Despite the complexity of the evolving optical transport network, there is valuable metadata that can be extracted from the optical transport signaling protocols that may provide information critical to the success of the cyber intelligence mission.