The most attractive telcos targets include user equipment, access networks, high-value data as well as mobile core and IP networks. The traditional mitigation approach is largely based on manual processes without a centralized management system. This is still a reasonable approach for some organizations, but the increasing sophistication of attacks and growing regulatory complexity mean this will not be a tenable approach in the medium term.
An expanded security management solution with security orchestration, analytics, and response (SOAR) would support workflow management, automation and reporting. This would enable security operations teams to automate and prioritize activities and report data to inform better business decision making.
Recent attacks that have had a global impact are a warning call for users, corporations, and governments alike. Yet, with the kinds of security management systems I’ve described, they could have been prevented. It’s time to act before further damage is caused.
What gives end-users/customers the confidence in an operator’s network in terms of security?
There are many layers at work to provide the end user with high degree of trust. For example, there are endpoint security solution that can identify malware behaviors when they are trying to attack equipment or other users in the network, by identifying these behaviors, malicious communication between the affected device and the service can be isolated. Using machine learning to recognize the communication patterns of viruses and threats, it is possible to perform behavioral analytics for threat and anomaly detection. Identifying anomalies can help flag connections, isolate devices, app/services, identify sources of threats and ultimately help increase the level of trust at the customers and network communication level before data breach occurred.
So, it’s vital to secure the network to gain subscribers’ trust with a robust endpoint security solution such as Nokia’s Nokia NetGuard Endpoint Security, which is a network-based anti-malware solution for fixed, mobile and IoT devices. This solution has been protecting billions of subscribers across the globe and Middle East and Africa as a number of leading telecom operators across the region has deployed this. For example, Zain Saudi, among other key operators, deployed this to monitor and analyze mobile network activity in Jeddah and Makkah and protected millions of subscribers from malware threats to online transactions and mobile applications.
With 5G technology expected to increase the number of applications in IoT and smart city areas, can we also expect increased security threat?
Yes, 5G technology will bring a range of new use cases and applications, and associated network security threat. To support each use case in an optimal way, security capabilities will need to be more flexible. For example, security mechanisms used for ultra-low latency, mission-critical applications may not be suitable for massive Internet of Things (IoT) deployments where mobile devices are inexpensive sensors that have a very limited energy budget and transmit data only occasionally.
Another driver for 5G security is the changing ecosystem. LTE networks are dominated by large monolithic deployments―each controlled by a single network operator that owns the network infrastructure while also providing all network services. In contrast, 5G networks may be deployed by a number of specialized stakeholders providing end-user 5G network services.
The new 5G architecture itself introduces new types of security threats and an increased attack surface. The potential for dynamic configurations in 5G requires new, dynamic and flexible security architectures. 5G network slices must be appropriately secured for different use cases, and as a result, telcos must focus on measurable security management and assurance.
Network security solutions must adapt to this new 5G architecture. To support the dynamic network requirements of 5G, firewalls must not only be virtualized. They must also be cloud-native to meet the performance demands of virtual networks and to support other requirements, such as elastic scaling. A holistic view of the entire mobile transport network and client nodes is necessary so that network operators can apply sufficient security measures, with optimal network placement and design.
What do the telcos need to do protect their networks?
The answer is to replace today’s manually-intensive approaches with security management systems built on three pillars - security analytics, machine learning and automation, as reflected in Nokia’s security solution.
Security Analytics correlates data from across the network, devices and cloud layers to spot suspicious anomalies and provide insight into the nature of the threat, the associated business risk and recommended response. In our example of a device functioning correctly but leaking data, security analytics could spot trouble by detecting CPU activity spikes or unusual levels of keep-alive signaling. With Machine Learning, the effectiveness to identify communication patterns of viruses and threats would increase continuously.
Security Automation is essential. There is a global shortage of cybersecurity experts that is forecast to grow to around two million unfulfilled jobs by 2019. Furthermore, current approaches are inefficient, with up to 33 percent of incident response time spent on manual processes, leading to delays. Combined with alert fatigue and time wasted on false alerts, many security breaches can go undetected. Security automation that encompasses business processes, regulations and security policies will be essential to keep pace with the rapid rise in attacks that will inevitably accompany the growth in IoT.