Spot alerts in network topologies with graph visualization

12th March, 2018

Understanding big, complex systems such as IT infrastructure or telecoms networks is a challenging task. With the help of graph visualization, it doesn’t need to be.

For example, take the identification of alerts. Alerts might be generated from detectable behaviors, like traffic to blacklisted addresses or downtime within the network; or could be manually raised by administrators. Whether it’s fault management in a physical communications network or cyber threat detection in your corporate IT setup, one of the first challenges is knowing where the problems lie.

In this blog post, we’ll show you how graph visualization can make alert detection and investigation more effective, and help you gain a clearer understanding of your infrastructure.

In particular, we’ll focus on combos – KeyLines’ powerful node-grouping functionality that reduces clutter and makes it easier to see the bigger picture and gain deeper insight.

Why use graph visualization for alerts?

If it’s your job to understand and respond to alerts in a network, you need fast insight to see problems as they arise. There’s a series of questions you need to answer:

  • Do I have any problems? Most of the time, you need to start with an ‘at-a-glance’ view, to quickly spot alerts and pinpoint their general location.
  • What is the problem? If there are alerts, you need to be able to ‘drill down’ into the network topology to understand exactly which systems are affected and where they’re located.
  • What’s the impact going to be? Now you’ve identified the problem, explore outwards again to understand how it will impact the wider network.

Data visualization is already common in network management platforms, but often what’s missing is the interactivity, performance and advanced analysis features of a graph visualization technology like KeyLines. As well as supporting the reactive response to alerts outlined above, it gives you the tools to gain a greater understanding of your network structure. You can spot bottlenecks or structural deficiencies, and be proactive about defending against threats.

Let’s see how it works.

Reduce clutter and increase insight with combos

Combos are a game-changer for those needing to understand large, complex IT/infrastructure network data. Exclusive to KeyLines, the functionality allows you to combine multiple nodes into groups, and organize those groups into hierarchies. It helps you to eradicate chart clutter and navigate complicated networks effectively, at the right level of detail for the situation. It’s an intuitive new way to explore networks, without data overload.

Creating a simple combo
Creating a simple combo

Get detail on demand

KeyLines combos can really help when you need to understand connections between different tiers or sections of a network.

The example below shows a corporation’s IT network. There are offices at different locations and various subnets within them, all communicating to a central server though which common services are accessed. Links represent communication between any two machines. We’ve used combos to group network assets by subnet and location, so at the high level we get a really simple view of the topology:

Basic IT network
Basic IT network

We can see two alerts have been raised, shown in red. The red link alerts us to a potentially dangerous connection between the Paris and Cambridge offices. Let’s drill down by ‘opening’ some combos:

Drilling down into the network topology
Drilling down into the network topology

It turns out that the alert was triggered by insecure data travelling between two devices. Using nested combos, we can see this detail when we need it but easily switch back to a high-level view when we’re trying to understand the general picture.

Tips and techniques for great alert visualization

As well as combos, this example uses other techniques to make it easier for users to understand what’s happening:

  • Glyphs on nodes and links, to show alert warnings, port numbers, etc.
  • Automated pan and zoom to focus on selected alerts
  • Ping animated effects to focus attention on key items
  • ‘Revealing links’ to show how a particular node in the network is connected to its neighbors
  • Contrasting colours on important nodes and links

These features work well in our example corporation’s IT network. When the user asks for more information about the alert in the ‘Edinburgh’ network, we run a smooth animated sequence to drill down, identify the specific problem (a ‘blacklisted’ application) and reveal all the assets the compromised machine is talking to.

Highlighting a blacklisted application alert in an IT network using open combos. The blue ‘revealed’ links show which network assets the compromised machine is talking to.
Highlighting a blacklisted application alert in an IT network using open combos. The blue ‘revealed’ links show which network assets the compromised machine is talking to.

In this way, we’ve gone from a very high-level alert (“There’s a problem in Edinburgh”) to a very specific set of actionable intelligence about which parts of the network may have been compromised.

Power your graph visualization with combos

To truly understand the power of combos, you need to try the functionality for yourself. Are you ready to unleash combos into your data visualization?

Sign up for a free KeyLines trial here.

Subscribe to our newsletter

Get occasional data visualization updates, stories and best practice tips by email