A six-hour outage for Facebook, Instagram and associated platforms resulted in losses running into billions for the US company Facebook Inc. But how do such problems occur and how can they be detected and remedied at the earliest possible juncture? Fraunhofer IGD has been looking into this complex set of issues for several years now and, in association with the ATHENE research center, is working towards making network data more intelligible. This will enable more users to assess what is happening within their own network. Current and future developments in visual analytics are intended to simplify the work of security experts.
“The sheer quantity of cyber security alerts that are flagged up in corporate networks is almost unmanageable,” says Professor Jörn Kohlhammer, ATHENE scientist at the Fraunhofer Institute for Computer Graphics Research IGD. “The problem is that a large number of these messages consist of warnings that are generated by peculiarities in network traffic that pose absolutely no danger. This can cause the messages that actually require action to be drowned out by these false positives. Uncertainty about which alerts to prioritize is a pressing problem here.”
Another example of confusion caused by masses of data is the Border Gateway Protocol (BGP). This is the routing protocol that connects autonomous systems and enables cross-border data traffic on the worldwide web. The importance of this was demonstrated by the outage of Facebook services in early October. Due to maintenance work being done by Facebook, the connections of the DNS servers to the data center were interrupted. The servers then withheld BGP announcements, as there appeared to be a faulty network connection, and the servers were unavailable for a longer period of time. This could have been prevented with a better overview of the BGP announcements. BGP announcements could have prevented this. However, the unmanageability of the data volumes makes it difficult for smaller companies to keep track and to ensure their cybersecurity. Fraunhofer IGD sees the solution as lying in the targeted visualization of security-relevant data and information. The thinking is that, the more straightforward the display of network data, the more readily users can assess what is happening in their own network.
In association with the National Research Center for Applied Cybersecurity (ATHENE), Fraunhofer IGD is working on solutions for the visualization of cybersecurity data. Manufacturers of cybersecurity software are able to benefit from this accumulated expertise, with improved visualization software increasing the effectiveness and user satisfaction of solutions that already have good functionalities. The objective is to create user interfaces that support the processing of very large amounts of data and which have been specifically designed with the tasks and responsibilities of network administrators and security experts in mind.