In a Network Operations Center, you will often see large monitors with real time alerts and several people monitoring them. In contrast, Network Analytics is about looking at network data (Traffic, Host, Logs etc.) collected over a period, to understand network behavior.
In this post, we will look at different types of Network Analytics and how Machine Learning can be used with them.
Network Analytics: from Reactive to Proactive
Analytics help enterprises and service providers answer key questions about networks, services and security threats to proactively act to address problems in the network.
Is the application response time getting better or worse?
Are we seeing any unusual scanning activity in the network?
What are the network failures lurking under the radar?
Descriptive analytics provides summary statistics for the network for a given period and visualizations of past data trends through charts and graphs. For e.g., Hosts that consumed the most bandwidth in the past month, Number of TCP sessions per source/destination IP. While this is still useful in summarizing network behavior and providing a network baseline, it requires engineers to sort through the data to find patterns.
Diagnostic analytics includes root cause analysis to accurately identify the origin of the network faults and event correlation to minimize the number of alerts. This can be a manual activity where the network engineers correlate the alerts to find the root cause or use Machine Learning to correlate alerts to find the location of the problem and determine the affected components.
Predictive analytics usesMachine Learning to predict what can happen by identifying patterns in the current and historical data. From a network and security perspective, this includes predicting which faults may occur next and estimating time-to-failure, forecasting traffic patterns and potential security threats.
Prescriptive analytics proposes remedial actions for network failures or potential security threats. It can also aid in effective planning and design of future networks and optimize existing network architecture. This can be used for decision support or full automation to remedy failures or design networks and still very much in its infancy.
Why use Machine Learning for Network Analytics ?
Since manual diagnostics and rule-based heuristic algorithms have difficulty scaling, Machine learning can be used to understand the patterns in data from different sources that are difficult to process by humans.
There are three things that are important to using Machine Learning:
Data: The effectiveness of Machine Learning algorithms is directly proportional to the quality of the data.
Algorithms: It is important to select the right algorithm for the problem you are trying to solve.
Assumptions: The right assumptions have to be made regarding the historical data and their efficacy in predicting future outcomes.
Gartner has coined the term AIops to indicate using Artificial Intelligence (more specifically Machine learning) to automate and provide more visibility into IT operations. However, it encompasses a broad area with different set of requirements for each area of IT operations. In upcoming posts, we will delve into more detail on different types of data, algorithms and usecases for using AIops as it relates to Network Operations.