Cyber Security Edge Analytics

Don Wiggins

For most, “analytics” represents a broad term, and rightfully so. As the prevailing winds of digital transformation continue to push interconnection to the digital edge, a plethora of real-time analytics requirements (and capabilities) have irreversibly raised the ante for immediately available insights on topics as far ranging as petroleum futures and retail purchasing trends to the depths of cyber security counter-intelligence.

In a traditional sense, the industry has defined analytics across four major categories:

  • Descriptive or “what” happened
  • Diagnostic or “why” it happened
  • Predictive or what is “likely” to happen
  • Prescriptive or what you “should do” about what happened

With the proliferation of digital edge services, how exactly is edge analytics defined and how does it differ from traditional analytics? Simply put, edge analytics is the collection, processing and analysis of data at the edge of a network(s), and in proximity to one or more sources of data (e.g., Internet of Things (IoT) sensor(s), cloud services, etc.). With an emphasis on interconnection and the evolution of the IoT, many industries such as retail, manufacturing, transportation and energy are generating vast amounts of data at the edge of the network. Edge analytics is data analytics in real-time, proximally adjacent to where data collection occurs. As a critical junction point for varied sources of data transfer, edge analytics often simultaneously functions as descriptive, diagnostic and/or predictive analytics.

Traditional analytics or, in a broader sense the practice of informatics, is based on the premise of a centralized repository – an isolated enclave of data that renders insights from past or near recent events for interpretation. Ad hoc analytics, the practice of assembling business-driven queries against a data set, has been prevalent across every vertical in both public and private sectors for decades. Edge-based private interconnection, via direct peering with networks, content providers, cloud providers and collaborative communities of interest, provides the proximal adjacency necessary to exponentially accelerate both the accumulation and analysis of data in a more decentralized methodology where transactions actually occur. This proximally adjacent method of transacting has enabled the highly efficient, geo-strategic collaboration and federated analysis necessary to keep pace with ever-increasing rates of data volumes and consumption.

Edge analytics and, in a larger sense, edge services are being driven by a methodical adoption of regionally-distributed versus centralized architecture. Traditional silos of applications and data are now being moved to the edge of networks and clouds in geo-strategic locations to address ever-increasing expectations of performance by disparate stationary and mobile user communities. Speed of light-related latency issues can readily be solved through the adoption of a geo-strategic, regionally distributed IT architecture, coupled with emerging, application-centric, software-defined networking technologies such as SD-WAN. Much like the clouds they interconnect, SDN-enabled, dynamically provisioned network services now make self-orchestrated persistent and/or non-persistent WAN connectivity a game-changing method of edge interconnection.

These strategically placed edge node intersection points provide an efficient alternative to the “trombone” effect of network traffic associated with a traditional centralized IT infrastructure where multiple, vastly distributed end points transact with a single core, offering varied and often poor levels of performance for each endpoint. As shown in the diagram below, all disparate sources of data in a given metro or region can meet and transact in a decentralized fashion across multiple metros and/or regions within geo-proximity of the sources.

Readily apparent with a regionally distributed cyber security edge “stack” to secure both private and public network access, edge analytics represents a critical coupling in capturing, analyzing and rendering real-time insight and/or interdiction to traffic in regionally distributed edge enclaves:

This becomes abundantly apparent for Federal Government networks that often operate with multiple mission partners in varied network classifications with next-generation mission-critical applications. Prescriptive adoption of regionally-distributed digital edge services will invariably accelerate innovation, optimize performance and enable real time edge-based cyber security analytics necessary in today’s ever-evolving geo-politically collaborative and adversarial landscape.

Through observation and collaboration with a diverse ecosystem of customers and technology partners on the world’s largest interconnection platform, Equinix’s advocacy of Interconnection Oriented Architecture™ (IOA™) best practices has been illustrated in a number of IOA digital edge blueprints.

To learn more about how the Public Sector can begin to develop a modernization road map and architect for the digital edge, read the Federal Government Blueprint.