Everybody’s talking about blockchain these days, but as real-world use cases of the technology are still in early stages of implementation, it’s understandable if network engineers don’t see how blockchain affects them just yet. Let’s cut to the chase: Blockchain technology has the potential to radically improve network security.
But before we get ahead of ourselves, you should know some basics about blockchain. The decentralized, distributed technology is best known for powering cryptocurrencies such as Bitcoin. But the real killer apps are going to be in the enterprise blockchain space. Private blockchain networks can be used to facilitate trust and transactions among business partners, institutions and consumers. Every participant in the network helps verify and record events to create one true record. We’re just starting to see what blockchain can do, but Cisco expects it to transform the business world.
And blockchain is also going to transform the way network engineers operate. Let’s say you’ve got a standard packet capture file in front of you, generated by a network analysis tool such as Wireshark. You’re checking out the traffic, making sure everything’s hunky dory. All in a day’s work.
But what if the server, computer or application that you’re using to read or write the PCAP is compromised and you don’t know it? If the PCAP file is missing data, or someone’s tampered with it, or the file is simply corrupted, your analysis of the traffic would be flawed. You’ve got just one vantage point on the data, one set of eyes. And if the network engineer can’t trust the data, the head of IT or operations can’t trust the subsequent analysis.
That’s where blockchain can help. What if dozens, hundreds or thousands of observers could capture serialized packet events to create a consensus of the network’s traffic? In a blockchain network, activity must be verified by a majority of the participants before being added to the permanent, encrypted record. In that way, the observers would confirm the data for the network engineer and the network itself would become the PCAP capture tool.
With a blockchain-based network, PCAP playback would be assembled from across the entire network, and because of the signed serialization, it would be ordered and re-assembled accurately every time from completely random data sources. That would make the network analysis more effective, and give the network engineer a higher degree of confidence in that analysis.
Using decentralized, serialized data verified with cryptographic proofs would remove any doubt about the quality of the analysis. Pushing the integrity of the analysis onto the network itself would make the data verifiable and auditable, resistant to change and tamper-proof. That’s music to the ears of network engineers.
I’d love to hear your thoughts on using blockchain for network traffic analysis. You can leave a comment or drop us an email to firstname.lastname@example.org. To learn more about Cisco’s take on blockchain, you should read our free white paper at cisco.com/go/blockchain.