Support for Data Capture, Retention, Analysis, and Tasking

One of the precious few advantages of practicing enterprise cyber security in any regulated industry is that spectacular technical challenges will often be tossed your way. This assumes, of course, that you enjoy such big technical challenges – and I’ll conclude that if the onerous title of this article has not scared you away yet, then you are probably in that category.

In global telecommunications, one area where regulatory requirements are particularly challenging involves the legal capture of data traffic for retention, analysis, and tasking. This process begins with lawful requests made by government staff for collected and stored information to support investigations or other legal initiatives. The complexity required to satisfy such requests is easy to underestimate.

I participated recently in a technical review with senior members of Yaana Technologies, including Founder and CEO Raj Puri. The Yanna team offered me a detailed overview of their strategy to support the increasingly tough challenges for service providers. I must say that even with multiple decades of relevant personal experience in this area, I still learned quite a bit from the discussion.

To begin, as you’d expect, people do not just fall into the field of telecommunications data traffic capture, retention, analysis, and tasking. This is super-complicated stuff that can only be properly developed and managed by experts. When it comes to the nuts and bolts of telecommunications, I can attest that the Yaana team is the real deal. The principals of the firm count their experience in decades.

Regarding capture, you already know that every government in the world demands that their service providers build systems for legal collection of network data from telecommunications infrastructure. Yaana includes support for a range of strategies. “We’ve developed advanced techniques for using both active and passive means to extract the data from networks such as LTE,” Raj explained.

Regarding retention, extracted metadata and content must be handled based on complex and sometimes contradictory requirements levied around the world. Every country, for example, has a strong opinion on geo-retention, while remaining quiet on advanced persistent threats (APT) avoidance. Yaana tries to fill in the protection gap using PKI-based solutions to optimize APT security.

Regarding analysis, the best platforms incorporate recent advances from the Big Data and cyber security communities. This is a natural adjacency for Yaana, which has the advantage of deeply understanding traditional processing of telecommunications data. Extending this mature base to deal with modern cyber security threats is non-trivial, but certainly feasible.

Regarding tasking, Yaana offers a platform that helps clarify the supported missions of their customers. “We have developed our tools based on the specific needs of our global service provider customers,” Raj explained. And I believe this makes perfect sense: Vendors are wise to design and develop analysis tools to support specific taskingrequirements from government.

When I asked the Yaana team about expanding their platform base beyond the service provider community, they were enthusiastic: “The capabilities of our solutions, including support for audit, transparency, and traceability are already extending naturally to many other critical infrastructure sectors such as finance,” they explained. This seemed to me a natural extension of what they are doing.

The bottom line is that off-loading capture, retention, analysis, and tasking to an advanced platform such as from Yaana makes it easier for all service providers to develop advanced capabilities quickly. A major reason you should care is because optimizing support for lawful requests from government minimizes operational impact and lowers the cost of telecommunications.

I know that this is a complex and sometimes controversial aspect of our industry. But it is one that must be understood thoroughly to support debate on how countries should optimize lawful requests, as well as how societies should respond to such advanced capability to support enforcement of law. I'm appreciative of the Yaana team for helping me to better understand the nuances.

Let me know what you think.