Service Providers in the new digital era
Undoubtedly, the post-pandemic world has escalated the demand for online services, new and better quality of experience (QoE), and the never-ending chase after digital bandwidth created a need for new, agile, flexible and responsive networks.
To address this need, service providers are shifting to the public cloud to enjoy its flexibility and scalability while using virtualized networking solutions like 5G to enable new services demand (VR, autonomous vehicle, and online gaming).
Historically, service providers were always evolving, and those that delivered the required performance and service prevailed. Large customers (enterprises and organizations) have their own digital transformation and cloud migration, affecting the evolution velocity and timing.
Why Cybersecurity Should Be a Top Priority
These new technologies and architectures drive new revenue opportunities but also increase threats. Cybersecurity must be a top priority because it directly affects service provider’s core business and customers.
The relationship between a service provider and its customers is fragile. Data theft, service downtime, and degraded performance can be the result of cybersecurity fallout. After handling the direct and indirect cost of attacks (e.g., lawyers, fines, professional services, etc.), the real impact will be damaged reputation, revenue loss, customer loss, and an overall negative impact on investors and partners.
The First Question To Ask A Security Vendor
Service providers should prefer vendors that provide a detailed service level agreement (SLA) with specific commitments for time to mitigate, time to detect, time to alert, time to divert, consistency of mitigation, and service availability. When service providers are under attack having a professional on their side makes all the difference, and the service level agreement should reflect that.
The second question should be about regulations. When dealing with sensitive customer data complying with data regulators (GDPR, PCI-DSS, HIPAA, US SSAE16) is extremely important. Service providers should confirm the solution they chose considers the specific regulations and compliance related to their business.
Four focus areas for solution implementation
#1: Ensure Network Availability
When we think about network availability, distributed denial-of-service (DDoS) is still the most persistent and damaging cyberattack. These attacks mainly focus on north/south traffic and core network attacks from the access network (mobile devices, IoT, end-users).
[You may also like: Disaster Recovery: Data Center or Host Infrastructure Reroute]
Service providers’ Layer 3 – 7 DDOS mitigation is done, usually using a local scrubbing center. NetFlow will detect abnormalities and diverts the data (BGP or MPLS) to the scrubbing center. The best mitigation solutions will offer real-time behavioral analysis to differentiate between legitimate and malicious traffic accurately. Your solution should leverage machine-learning algorithms and automation to mitigate zero-day attacks accurately. In addition, it should cover advanced threats, including burst attacks, encrypted attacks, and DNS-based attacks.
[Like this post? Subscribe now to get the latest Radware content in your inbox weekly plus exclusive access to Radware’s Premium Content. ]
It’s essential to choose a security vendor that offers you flexibility in deployment; whether it’s hybrid, on-demand, or always-on cloud service, you should be able to select the implementation that best fits your need or even a combination of different options.
#2: Protect Your Data & Application
Network layer attacks and other volumetric attacks can be handled by DDoS protection, but the impact of an application data breach on service providers can be destructive. Application attacks are more sophisticated, and hackers are constantly searching for new ways to find vulnerabilities.
Service providers should look at implementing a Web Application Firewall (WAF) solution that provides full OWASP Top-10 coverage and leverages both negative and positive security models to stay ahead. Bot management will prevent account takeover, provide web scraping, denial of inventory, and API protection. Exploiting IOT devices for attacks is a known strategy, and the ability to distinguish bad bots from good bots is crucial.
#3: Secure Your Public Cloud Environments
Cloud is the new normal. Organizations are migrating to the cloud, and some are even born-in-the-cloud. The DevOps methodology has created the reality that today, production applications are running mainly in the cloud, as reflected in The State of Web Application and API Protection – 70% of production applications are hosted in private clouds or by public cloud providers.
Most service providers had to adapt to this reality and today, all face the same cloud security challenge.
Public cloud threats are different from those in an on-premise environment; the attack vectors are different. For example, east-west attacks, permission management and API vulnerabilities are more common. The need for cross-cloud security orchestration is critical to mitigate an attack. Although detecting is important, the ability to connect all the different sporadic activities is critical. Service providers should choose a vendor with a flexible cross-cloud security solution, multiple delivery options (SaaS and virtual appliances), and with single visibility and management platform. This will ensure the ability to fit any environment, especially when multi-cloud vendor implementation is the common architecture.
#4: Help Your Customers Stay Protected
A good service provider will make an effort to protect his infrastructure, data, and applications, but a great service provider will assist his customers with their own assets’ protection. Offering a complete solution to customers using a managed security service will enhance customers’ loyalty and satisfaction while generating a new revenue stream.
[Check out the latest edition of Hacker’s Almanac Series 1:The Threat Actors]
Keep The Sacred Bond – Reliability, Availability and Speed
Service providers sell services based on reliability, availability and speed; when this bond is broken and fueled by bad PR, there could be a long-lasting negative effect on the service provider.
Main points every service provider should remember to follow:
- Implementing DDoS protection with behavioral analysis to enable fast and quality mitigation.
- Flexibility in DDoS protection deployment – always on, on-demand or hybrid.
- Comprehensive protection of web applications, mobile apps, data, and APIs using precise WAF, bot management & intelligence solution.
- Public cloud security solution – covering the unique public cloud threats and mitigation challenges, especially when using multi cloud vendor infrastructure.
- Protecting customers assets – offering a complete security solution to customers using a managed security service should be on every service provider agenda
- Detailed SLA to guarantee quality, availability, and obligations from the vendor
- Comply with known data regulations (GDPR, PCI-DSS, HIPAA, US SSAE16)