Blog :: Network Operations :: Security Operations

2017: The Year of Massive Network Traffic Volumes

mike

The volume of traffic on our networks in the last year has exploded. More than ever before we are seeing every kind of computer and handheld device make Internet connections to send information out of the company. IoT devices are some of the worst offenders of this privacy taking. We can’t call it theft because we all agreed to it in the End User License Agreement (EULA) that we didn’t read and agreed to when we installed the application. What are they taking and why?

Companies like Microsoft, McAfee, Apple, Plantronics and hundreds of others are often taking details from our devices such as the contacts we have stored. This includes full names, email addresses, phone numbers and anything else they could find useful. In some cases they grab your calendar, your pictures, and details about each telephone call that you make. Other vendors scan your device to see what other applications you have installed and possibly take the data that they collect as well. Other vendors grab details on the websites you visit, what you click on and could even be downloading your keyboard strokes.

The big data demand to collect all of this information is a new way to push profits in a world where software by itself is diminishing in value. The ability to learn a person’s behavior is worth potentially even more than the software being used by the end user. If these companies can mine that and learn a person’s behaviors, they can sell the ability to reach an individual buyer with targeted advertising. For example, perhaps a company learns that a person is a runner—that they like to compete in races and that they prefer Nike shoes. Since they have their calendar and see that they have a race coming up, Adidas might be particularly interested in reaching that consumer with an ad for new running sneakers.

If a company has invested in hundreds of Plantronics’s headsets and they learn from collecting the employee data that the organization is running an antiquated CRM for customer management, they could potentially sell this information to Salesforce, who may have their business development team target the organization to make a sale. This rush to collect information from customers is not only exposing details about our lives, it is creating massive amounts of network traffic.

The volume of Internet uploads from a single application can be as frequent as every minute or more. This increase in traffic volume is putting additional overhead on firewalls and routers. In some cases, certain types of Deep Packet Inspection (DPI) can’t be turned on due to the sheer volume of traffic. This can be unfortunate because DPI is used to look inside encrypted traffic to verify the safety of connections. It is also creating more logs for the SIEM and more NetFlow or IPFIX for the Network Traffic Analytics system. Ultimately, the IT operational costs are going up due to big data collection. What can we do?

In some cases, vendors allow the data collection to be turned off. However, beware of upgrades that turn it back on, as in the case of Plantronics, where they removed the ability to turn off the data collection. Blocking the domains these devices upload to may not work as they can default to 2nd and 3rd alternative domains and what’s worse is that the software could stop working if the phone home isn’t allowed to occur.

The best recourse is testing the software the business depends on and using network traffic analytics to confirm its Internet-related behavior. Asking the vendors what information they are taking is another good practice. Unfortunately, end users that are allowed to put personal devices on the corporate network will still cause a significant increase in traffic volumes. Due to the diversity of applications and their widespread deployment, investigation into every application simply isn’t feasible.

One solution is to prevent employees from installing applications on any type of device that gets on the corporate network. Company-owned laptops and mobile phones would fall into this category.  Without some sort of throttling in place, 2017 will easily prove to be the biggest year in network traffic volumes and the following years to come will continue to be record breakers. Companies need to be ready to bear the cost to support it. Network Traffic Analysis solutions will at least allow IT teams to investigate problems as they arise.