IoT is being leveraged to monitor and protect species that are integral to our global ecosystems, from rhinos to dairy cows to honeybees.
Service Provider
Saving Creatures Big and Small with Cybersecurity
main
Service Provider
What Do Corn, IoT and College Have in Common?
Last week, I drove my oldest to college, which took me through Iowa’s cornfields. As I gazed upon aisle after aisle of corn, the synapses in my brain started firing and I considered how vulnerable farmers are to agricultural IoT attacks that can impact what used to be a simple livelihood.
Then, my brain shifted gears to the college move-in process. As droves of students move (or head back) to college this week, they will undoubtedly bring a sack of connected devices with them. And while parents grapple with concerns over their kids’ physical safety and well being as they transition to campus life, how many are focused on cyber safety? After all, the ubiquitous iPads, smart phones and laptops, along with other IoT devices utilized in higher education, offer numerous opportunities for exploitation and security breaches.
IoT Goes to College
Indeed, many colleges are fully embracing IoT in an effort to improve the learning experience, and participate in the development of new and exciting research. Universities are increasingly relying on IoT devices to create smart campuses, from cameras and sensors that determine waiting lines and temperatures in stadiums, to kiosks that allow students to remotely print from any connected device, to autonomous vehicles for self-driving shuttle services.
[You may also like: Securing the Customer Experience for 5G and IoT]
But let’s face it – IoT is much like the freshman newbie – just trying to survive in what can be an overwhelming entry to maturity. Given the broad range of IoT applications available today, not to mention those that will emerge in the future of academia, it’s critical that all student-operated devices and the data they generate are protected from cyber threat vectors.
From a security perspective, most university IT departments cannot possibly be prepared for the assured expansion of connected devices and the threats – like phishing, malware, ransomware, and password-related cyber crime, for starters – that accompany them.
[You may also like: Ransomware: To Pay or Not To Pay?]
Although some higher education institutions have hired Chief Information Officers and some security staff, most of the 5,300 colleges and universities in the United States still need help.
So Who Can Help?
Fortunately, communications service providers (CSPs) are now adding IoT security services to their expanding portfolio of cloud-based managed security services – and not just for their end users and enterprise customers, but also for higher education institutions.
[You may also like: Don’t Be A “Dumb” Carrier]
With IoT and 5G happening real-time and in parallel, CSPs are in the pole position in the race for effective cyber-defense systems. This provides a win-win solution for all stakeholders: CSPs can apply and extend their best-of-breed security investments to “see, learn, and defend” the network as a whole, while adding a layer of much-needed security to the individual college experience.
At the same time, CSPs can realize a profitable revenue stream that is built upon offering value-added security services on top of their already entrenched connectivity services important to verticals such as education, healthcare, financial services, among others.
In order to assist CSPs with their roll-out IoT security services, analyst firm Heavy Reading, in collaboration with Radware, developed a modeling tool designed to quantify the financial and Return on Investment (ROI) fundamentals of IoT security services. Stay tuned for details on how a service provider can tap into the IoT user community to provide a much-needed security service and create a profitable source of revenue.
Service Provider
Protecting Against Narrowband IoT Security Risks
Narrowband internet of things (NB-IoT) is a low power wide area network (LPWAN) radio technology standard developed by the 3rd-Generation Partner Project (3GPP) to enable a wide range of cellular devices and services.
NB-IoT focuses on low cost, long battery life and high connection density. NB-IoT uses a subset of the long-term evolution (LTE) standard but limits the bandwidth to a single narrowband of 200kHz. In March 2019, the Global mobile Suppliers Association (GSA) announced that over 100 operators have deployed/launched either NB-IoT or long-term evolution for machines (LTE-M) networks.
NB-IoT Security Risks
The NB-IoT network design enables efficient connectivity of mass numbers of connected user equipment (UE), reducing the network overhead associated with every connection request. The new design encapsulates the required data payload (as telemetry data) into the signaling link connection, reducing the need of opening a dedicated bearer (i.e., GTP tunnel) for every single small amount of metering information sent from the network.
The network devices connected over the NB-IoT network are manufactured at a very low cost and can run up to 10 years on a pre-installed battery. The NB-IoT devices serve as sensors or remote telemetry units and are controlled by external services — IoT platforms — that schedule their activity and manage their life cycle through operational control and remote software updates. A single UE on NB-IoT has a very low network footprint and is not a major security risk on its own.
[You may also like: IoT Expands the Botnet Universe]
The risks hidden in NB-IoT devices come from their scale. There is a strong potential for orchestrating denial-of-service (DoS) attacks by harnessing a cluster of devices to send unplanned communication toward designated victims. Such communication can not only cause service interruption on the victims’ servers but also can impact the service provider network and result in service degradation due to a signaling load preventing other non-infected devices from sending their telemetry data or failing to respond to their control requests.
NB-IoT Risks and the IoT Service Economy
The IoT services offered by a service provider are challenged by a very low income per connection compared with regular service plans. We can see examples of IoT connectivity sold at $1 per month, whereby the price point aims to address a market potential of 3.5 billion cellular IoT connections by 2025, including 1.9 billion licensed LPWA connections.
[You may also like: Securing the Customer Experience for 5G and IoT]
With such an aggressive price per connection, service providers require careful selection of technologies that will impact the operating costs per connection. Although security is an important factor in the overall capital investment, the challenging economy of IoT network connectivity prices is also a huge consideration.
Protecting Against NB-IoT Risk
When service providers approach the task of planning a solution to help protect against NB-IoT risks in the network, they face several design questions:
- Should they track individual device operational metrics just to understand when a single device changes its regular behavior?
- How do they define, and should they define, what is “regular” device behavior? How do they measure the behavior of an individual device compared to a group of devices?
- Can they incorporate such massive data processing tasks in the low-compute footprint (and cost structure) that business economics dictates?
- Can they avoid detecting legitimate communication as malicious traffic?
- Can they eliminate the additional staff work required to maintain and operate such a solution?
[You may also like: Consolidation in Consumer Products: Could it Solve the IoT Security Issues?]
The above challenges can be realized with the following solution requirements:
- A system based on self-learning of the behavior of NB-IoT devices
- A solution that reuses existing telemetry streams
- A software-based, low footprint, distributed solution that allows cost-effective, network-wide deployments
- A solution based on automated flows in response to security event detection
- Integration with the existing service provider’s network infrastructure security such as DoS protection and web application firewalls (WAFs)
Even with the best day-one network authentication in place and rigorous IoT-type approval processes managed by the carrier, there will always be unavoidable risks. So much so that such large-scale and varied IoT device communities will become a security liability and a cause of major service interruptions — not only to the compromised IoT devices and services owners, but also to the rest of the customers using the same network resources.
In the competitive economy of mobile carriers, such risks should be avoided before detrimental effects reach beyond the network’s performance and health and result in other negative business consequences.
[You may also like: Don’t Be A “Dumb” Carrier]
Solutions for such IoT risks can be designed and deployed as an overlay solution on top of existing network infrastructure without considerable effort, which will ultimately help the service provider realize new revenue streams while providing peace of mind for its enterprise customers.
DDoS AttacksService Provider
Detecting and Mitigating HTTPS Floods…Without Decryption Keys
What is an HTTPS flood attack? Why is everybody talking about it these days? And is it really such a big threat?
HTTPS flood attack is a generic name for DDoS attacks that exploit SSL/TLS protocols over HTTP communications. Lately, we’ve been hearing much about this specific type of DDoS attack and other SSL/TLS attack vectors; according to our 2018-2019 Global Application & Network Security report, encrypted web attacks were the most commonly reported form of application layer attack in 2018.
And with regards to the last question, there is a simple answer: YES.
The Benefits of Encryption
We all know that encryption is being used almost everywhere today, with more than 70% of the web pages worldwide loaded over HTTPS. Encryption lets us enjoy many of benefits while being connected: We can securely send our private credentials to our bank, shop easily on Amazon without worrying whether our credit card details will be intercepted, and we can text safely and transfer files with peace-of-mind.
[You may also like: HTTPS: The Myth of Secure Encrypted Traffic Exposed]
Basically, by using encryption, or SSL/TLS in more technical jargon, we enjoy authenticity (meaning, to know the source of traffic), integrity (meaning, to know that no one tampered with the data between the two end-points), and of course, confidentiality (encryption turns data into a cypher-text using symmetric and asymmetric key exchanges).
It sounds so good, shut up and take my money!
A Fly in the Ointment
Indeed, data encryption gives us tremendous power over data transfer, but there is a fly in the ointment. All of these incredible capabilities require many system resources, and thus attract hackers and cyber criminals who wish to wreak havoc.
When it comes to the destination server or an organization’s server, the SSL/TLS connection requires even greater amounts of allocated resources – 15 times more than from the requesting host to be exact.
[You may also like: Why You Still Need That DDoS Appliance]
In other words, if a group knows how to manipulate the protocols and vulnerabilities inherent in it, they can cause significant damage by running powerful encrypted DDoS attacks.
Now, there is only one option for organizations that wish to protect against HTTPS DDoS attacks: They must protect their network and infrastructure with dedicated, sophisticated devices that can detect and mitigate HTTPS DDoS attacks.
An Evolving Solution
Traditional protection devices require a copy of the SSL certificates (or keys) in order to decrypt the packets that are being transmitted through the device. However, while doing so, they damage user privacy (especially in the era of GDPR and other worldwide privacy regulations) and add latency. And needless to say, if not handled properly, the process can create additional security risks. What’s more, traditional devices are stateful and thus themselves vulnerable to DDoS attacks.
For service providers and carriers, whose security policies prevent them from holding their network tenants’ decryption keys, this is problematic. Without their network tenants’ keys, traditional off-the-shelf solutions are ineffective.
[You may also like: DDoS Protection Requires Looking Both Ways]
So, how can service providers properly protect their tenants from cyber attacks?
Keyless protection against HTTPS flood attacks based on stateless architecture is ideal for service providers and carriers. Such a solution not only eliminates operational complexity that comes with managing decryption keys, but protects against SSL-based HTTP DDoS attacks at scale without adding latency or compromising user privacy.
Read “The Trust Factor: Cybersecurity’s Role in Sustaining Business Momentum” to learn more.
Service Provider
Network Slicing: Not As Dicey As You Might Think!
Every now and again, we hear a new technical term that requires a cursory Google search to make sure we are current with the times. Sometimes new terms are just recycling old concepts. Right now “Network Slicing” is en vogue, promising to help enable the evolution of modern networks.
At its core, it involves the ability to run multiple virtual networks across a shared physical infrastructure – essentially a separation of data plane and control plane. We have seen these before, for example in Software Defined Networking (SDN) and Network Functions Virtualization (NFV), both of which are inextricably linked to network slicing. Although often used concurrently in 5G discussions, network slicing is, in fact, an architecture paradigm that can exist outside of 5G and provide immense value for service providers in terms of efficient implementation of value-added services that can be monetized as revenue.
[You may also like: 5G: You Can Have Your Slice and Security Too!]
Dedicated Virtual Networks
Network slicing aims to isolate specific application traffic into a dedicated virtual network, whereby each slice carries specific application traffic such as IoT Telemetry or Automotive. Having an isolated virtual network enables different use cases to have unique network characteristics to a diverse end-user community. It also provides an opportunity to match allocated resources for the slice to expected usage patterns and specific value-points of the end-user services.
An example of a slicing application is telemetry sensors. Telemetry sensors that are required to send data every 12 hours may settle for high latency values, low bandwidth, and centralized compute services in the cloud. An industrial IoT which controls the manufacturing floor will require low latency and local compute with high-bandwidth at the far edge. In this case, building a network which is required to share both of the services will not be efficient and will create unbalanced costs. Imagine if you had to build an 8 lane high-way and let bicyclists ride it occasionally!
[You may also like: 5G Security in an API-Driven Economy]
Cyclists vs. Autos
But with network slicing, the service provider can offer a different connectivity based on a dedicated slice, which ensures the service offerings do not overlap. In our example, that would be one road crafted only for cyclists and a different road for autos. Having a dedicated slice (e.g. road) can keep costs and expected revenues better aligned; for example, we assume in our analogy that a truck driver will pay more compared to a motorcyclist.
With respect to slicing implemented around the topic of network security in particular, service providers can offer a security posture that gives them the best chance to keep costs in check while keeping the network safe and affordable to operate.
For more information on this, come hear Radware’s Eyal Yaron speak at 5G World Congress in ExCeL, London on June 12. Details for Eyal’s panel can be found here.
Service Provider
5G Security in an API-Driven Economy
Over the last six years, solution architects have been designing the transformation of Service Provider’s networks to significantly reduce the timing of service and feature deployment lifecycles, standardizing on real-time service provisioning, consumption and end user autonomy. This challenge has been in parallel to delivering highly scalable and cost effective solutions.
These solutions, along with automation, are addressing emerging security challenges while extending tailored outcomes to individual lines of business and customers. The result is better security, user experiences and a broader addressable market.
So how does this hard work improve our execution of 5G transformations?
All About Those Apps
First, the fully automated software delivery model allows us to address the complexity of a widely distributed architecture in a repetitive model. Network and security alignment improves resource allocation while optimizing consumption-based delivery from edge systems.
[You may also like: The Necessary Burden of 5G Security]
The “edge” may have more than one meaning in this discussion, as service delivery platforms are no longer constrained to a single autonomous system. This flexibility leads Service Providers to a new era of content management and monetization as applications are deployed across numerous computing platforms to minimize latency.
It is important to appreciate that these capabilities are all made possible because of application-to-application dialog that transpire over APIs. Traditionally, application and API exposure had been constrained to IDC infrastructure. This meant that a secure DC or security gateway framework was used to harden the exposure of numerous applications in the same physical location. All of these applications communicated to the internet via a common path. In the scope of security design, this was a relatively easy problem to address.
[You may also like: 5G: You Can Have Your Slice and Security Too!]
Now, take a step back to the previous ideology of 5G and it jumps out at you that API and application protections become a key component in modern edge security.
From Security Zones to Network Slices
It is also interesting to recognize that traditional volumetric defense for infrastructure protection is changing rapidly.
Anomalous traffic easily evading netflow detection has been eroding precious core resources for too long. When security functions are built into the network, attacks are automatically addressed locally, avoiding back-hauling attacks and driving efficiency back into the core. This highly scalable infrastructure protection strategy also serves as a point of escalation for more sophisticated or persistent attacks seen in gateways, applications and APIs.
As we transition from security zones to network slices, this multi-tiered approach further lends itself to the decomposition of highly intelligent machine learning algorithms deployed contextually for the relevant protocols and applications.
[You may also like: Safeguarding 5G Networks with Automation and AI]
As an example, IoT anomaly detection on the access edge requires very different algorithms than used for detecting attacks from the internet thru the peering edge. When we speak about application and API protection, protecting a mobile application requires entirely different techniques than addressing behavioral analysis for fraudulent account abuse. Having the ability to protect, adapt and optimize attack lifecycle management in cooperation with the orchestration layer for end-to-end security has been our greatest achievement in modern security design.
The Modern Landscape
Maybe the punchline is becoming obvious at this point but addressing end-to-end security with the ability to escalate application abuse to the edge of the system in a widely distributed architecture has become a modern landscape requirement.
[You may also like: How to Prevent Real-Time API Abuse]
Automation is working on our behalf to drive agility into engineering, provisioning, billing and operations. With predefined workflows, analysts enjoy alert-driven processes and/or fully automated protection strategies designed to meet the high availability demands throughout a complex system.
If you track my work at all, you will appreciate that I have dedicated the last twenty years designing highly adaptive services. If you are curious how you too can maximize security revenue across multiple lines of business, please reach out in the comment section below; service creation is one of my favorite points of discussion.
Service Provider
The Necessary Burden of 5G Security
Today’s infrastructure threats will have major impacts on tomorrow’s 5G commercial networks. 5G network slicing, virtualization and disaggregation introduce new levels of complexity to network security, requiring a high-level of automation in security on-boarding, scale-out and attack mitigation.
5G security is absolutely required to be thought about in a Day 1 network build and ‘weaved’ into the network architecture. Otherwise, the immense job of re-architecting the network afterward will be a cost-prohibitive exercise.
Service providers are faced with a necessary burden of managing security threats in the 5G network.
Your ‘Typical’ Security Solution
A typical network security solution will include several security elements, such as firewalls, DDoS protection devices, IPS/IDS, etc. Each system may require its own domain expertise when it comes to proper configuration and tuning. When a carrier-grade network slice is under attack, dedicated expertise is required for handling changes and setting the proper mitigation actions. With the new paradigm of 5G network slicing coming onto the scene in a highly distributed network, carrier security teams will be challenged.
[You may also like: 5G: You Can Have Your Slice and Security Too!]
Service providers are already in a precarious position of creating healthy profit margins with the onslaught of over-the-top data and video traversing their networks. New revenue streams are tough to come by, and so the other lever available to influence margins is cost control. However, the cost economics do not scale well when contemplating an increase in security staff to prepare for 5G. The new attack vectors are just too complex and too high in volume to adequately address with a bloated Security Operations Center (SOC) of just human oversight and management.
Stronger Visibility
What makes more sense is adoption of a comprehensive security solution used across all network slices to benefit from ease of management and SOC skill sets.
Vendor technology designed around the concept of self-learning with respect to threat detection not heavily dependent on pre-configured rules is the ideal toolkit for service providers. Minimal setup and configuration lower the overall carrier security team effort around system operation. Now, instead of manual provisioning and troubleshooting, the SOC specialist can look at a dashboard to see what was detected by the system and what mitigation actions took place to defend against malicious threats to the system. This yields strong visibility into network security threats across all network functions and slices.
[You may also like: Here’s How Carriers Can Differentiate Their Offerings]
In the new 5G security play, the various security functions are on-boarded per slice in alignment to the required network capabilities and desired distribution. The total investment in security computing resources and licenses aligned with the network slice investment allowing carrier better control on the risks and the costs associated with specific network slice.
Automated attack mitigation capabilities provide the security team with ‘peace of mind’ that all ‘war time’ actions are taken care of in automated manner with no manual intervention by security administrators.
So although 5G carries with it very challenging security issues, service providers can be proactive in creating a security posture that gives them the best chance to keep costs in check while keeping the network safe.
SecurityService Provider
Bot Management: A Business Opportunity for Service Providers
Over half of all internet traffic is generated by bots — some legitimate, some malicious. These “bad” bots are often deployed with various capabilities to achieve their nefarious objectives, which can include account takeover, scraping data, denying available inventory and launching denial-of-service attacks with the intent of stealing data or causing service disruptions. Sophisticated, large-scale attacks often go undetected by conventional mitigation systems and strategies.
Bots represent a clear and present danger to service providers. The inability to accurately distinguish malicious bots from legitimate traffic/users can leave a service provider exposed and at risk to suffer customer loss, lost profits and irreparable brand damage.
In an age where securing the digital experience is a competitive differentiator, telecommunication companies, management services organizations (MSOs) and internet service providers (ISPs) must transform their infrastructures into service-aware architectures that deliver scalability and security to customers, all the while differentiating themselves and creating revenue by selling security services.
[You may also like: Bot Managers Are a Cash-Back Program For Your Company]
Bot Traffic in the Service Provider Network
Bot attacks often go undetected by conventional mitigation systems and strategies because they have evolved from basic scripts into large-scale distributed bots with human-like interaction capabilities. Bots have undergone a transformation, or evolution, over the years. Generally speaking, they can be classified into four categories, or levels, based on their degree of sophistication.
In addition to the aforementioned direct impact that these bots have, there is the added cost associated with increased traffic loads imposed on service providers’ networks. In an age of increased competition and the growth of multimedia consumption, it is critical that service providers accurately eliminate “bad” bots from their networks.
[You may also like: The Big, Bad Bot Problem]
Staying ahead of the evolving threat landscape requires more sophisticated, advanced capabilities to accurately detect and mitigate these threats. These include combining behavioral modeling, collective bot intelligence and capabilities such as device fingerprinting and intent-based deep behavioral analysis (IDBA) for precise bot management across all channels.
Protecting Core Application from Bot Access
Bots attack web and mobile applications as well as application programming interfaces (APIs). Bot-based application DoS attacks degrade web applications by exhausting system resources, third-party APIs, inventory databases and other critical resources.
[You may also like: How to Prevent Real-Time API Abuse]
IDBA is now one of the critical capabilities needed to mitigate advanced bots. It performs behavioral analysis at a higher level of abstraction of “intent,” unlike commonly used, shallow “interaction”-based behavior analysis. IDBA is a critical next-generation capability to mitigate account takeovers executed by more advanced Generation 3 and 4 bots, as it leverages the latest developments in deep learning and behavioral analysis to decode the true intention of bots. IDBA goes beyond analyzing mouse movements and keystrokes to detect human-like bots, so “bad” bots can be parsed from legitimate traffic to ensure a seamless online experience for consumers.
API Exposure
APIs are increasingly used to exchange data or to integrate with partners, and attackers understand this. It is essential to accurately distinguish between “good” API calls and “bad” API calls for online businesses. Attackers reverse engineer mobile and web applications to hijack API calls and program bots to invade these APIs. By doing so, they can take over accounts, scrape critical data and perform application DDoS attacks by deluging API servers with unwanted requests.
Account Takeover
This category encompasses ways in which bots are programmed to use false identities to obtain access to data or goods. Their methods for account takeover can vary. They can hijack existing accounts by cracking a password via Brute Force attacks or by using known credentials that have been leaked via credential stuffing. Lastly, they can be programmed to create new accounts to carry out their nefarious intentions.
[You may also like: Will We Ever See the End of Account Theft?]
As its name suggests, this category encompasses an array of attacks focused on cracking credentials, tokens or verification codes/numbers with the goal of creating or cracking account access to data or products. Examples include account creation, token cracking and credential cracking/stuffing. Nearly all of these attacks primarily target login pages.
The impact of account takeover? Fraudulent transactions, abuse of reward programs, and damage to brand reputation.
Advertising Traffic Fraud
Malicious bots create false impressions and generate illegitimate clicks on publishing sites and their mobile apps. In addition, website metrics, such as visits and conversions, are vulnerable to skewing. Bots pollute metrics, disrupt funnel analysis and inhibit key performance indicator (KPI) tracking. Automated traffic on your website also affects product metrics, campaign data and traffic analytics. Skewed analytics are a major hindrance to marketers who need reliable data for their decision-making processes.
[You may also like: Ad Fraud 101: How Cybercriminals Profit from Clicks]
The Business Opportunity for Service Providers
Regardless of the type of attack, service providers are typically held to high expectations when it comes to keeping customer data secure and maintaining service availability. With each attack, service providers risk customer loss, brand reputation, lost profits and at the worst, costly governmental involvement and the resulting investigations and lawsuits.
These same business expectations apply to service providers’ customers, many of whom require security services. Although large organizations can attempt to develop their own in-house bot management solutions, these companies do not necessarily have the time, money and expertise to build and maintain them.
Building an adaptive bot mitigation solution can take years of specialized development. Financially, it makes sense to minimize capex and purchase a cloud-based bot mitigation solution on a subscription basis. This can help companies realize the value of bot management without making a large upfront investment.
Lastly, this allows service providers to protect their core infrastructure and their own customers from bot-based cyberattacks and provides the opportunity to extend any bot management solution as part of a cloud security services offering to generate a new revenue stream.
Service Provider
5G: You Can Have Your Slice and Security Too!
We have heard it before. Another generation of mobile architecture is upon us and we are euphoric for all the cool things we can do more of. And of course good marketers will swear that you can lasso the moon if you have enough money to pay for it.
Let’s inspect 5G for what it really is, save the hype. It is an upgrade in the mobile architecture that pushes new computing elements and services closer to the edge in order to scale and improve network performance. The 5G specifications rely on virtualized and distributed network functions that span across remote locations, and is heavily dependent on robust, secure interworking between remote and local virtualized network functions.
5G also opens the network to new services using IT protocols and Open APIs – the latter of which introduces significant additional liability on the responsibility of the carrier network security owner.
I’ll Take a Slice of That
The “Network Slicing” concept in 5G aims to isolate specific application traffic into a dedicated virtual network. Each slice carries the traffic originating from a specific application, such as IoT Telemetry and Autonomous Vehicles, Smart City and Smartphone. Each application has its unique network traffic pattern and requires specific security policies. Having an isolated virtual networks brings security benefit and limits security risk impact to the specific slice.
[You may also like: Here’s How Carriers Can Differentiate Their 5G Offerings]
Sharpening the Edge
With this new network paradigm based on service-based architecture (SBA), the previous 3G and 4G network element boxes transformed into a cloud of micro-services functions, distributed and disaggregated based on the carrier coverage needs and specific applications deployed in the carrier network. The new architecture exposes many internet interfaces in various network segments from the core peering link up to the far-edge compute to address scale and low-latency requirements.
Such mass exposure of external internet interfaces significantly raises the cyber security threat level. IoT and its applications running at the far edge provides new services based on vast usage of open, published interfaces based on HTTP\2. On one hand, this enables openness and service agility, and on the other, extensive exposure to attacks tools and tactics using publicly available information to wreak havoc on network infrastructure and services.
In other words, the new 5G security perimeter has widened and expanded far beyond what we are familiar with in LTE and 3G world.
A Call to Arms
A typical network security solution will include various security elements such as firewalls, DDoS protection, web application firewall, etc. Each system may require its own domain expertise when it comes to proper configuration and tuning. When a carrier network is under attack, dedicated expertise is required for handling changes and setting the proper mitigation action.
With the new reality of network slicing and highly distributed network functions carrier security teams will be overburdened unless they employ an automated, self-learning defense mechanism. With the current telecom carriers, the economics of an increase in security staff is not an option when moving toward 5G – it just doesn’t scale from a cost-perspective and it puts human engineers at a disadvantage to ever-increasing machine-based bot attacks.
[You may also like: Here’s How Net Neutrality & Wearable Devices Can Impact 5G]
Automation as Table Stakes
A comprehensive security solution used across all network slices benefit from ease of management and required team expertise. Security vendors must design security products around the concept of self-learning, which is essentially threat detection not heavily dependent on pre-configured rules.
Minimal setup and configuration is required in 5G to lower carrier security team effort around system operation. An automated attack mitigation capability provides security teams with ‘peace of mind’ that all attack time actions taken care without manual intervention by security administrators, with strong visibility into network security threats across all network functions and slices.
SecurityService Provider
Out of the Shadows, Into the Network
Network security is a priority for every carrier worldwide. Investments in human resources and technology solutions to combat attacks are a significant part of carriers’ network operating budgets.
The goal is to protect their networks by staying a few steps ahead of hackers. Currently, carriers may be confident that their network security solution is detecting and mitigating DDoS attacks.
All the reports generated by the solution show the number and severity of attacks as well as how they were thwarted. Unfortunately, we know it’s a false sense of well-being because dirty traffic in the form of sophisticated application attacks is getting through security filters. No major outages or data breaches have been attributed to application attacks yet, so why should carriers care?
Maintaining a Sunny Reputation
The impact of application attacks on carriers and their customers takes many forms:
- Service degradation
- Network outages
- Data exposure
- Consumption of bandwidth resources
- Consumption of system resources
[You may also like: How Cyberattacks Directly Impact Your Brand]
A large segment of carriers’ high-value customers have zero tolerance for service interruption. There is a direct correlation between service outages and user churn.
Application attacks put carriers’ reputations at risk. For customers, a small slowdown in services may not be a big deal initially. But as the number and severity of application attacks increase, clogged pipes and slow services are not going to be acceptable. Carriers sell services based on speed and reliability. Bad press about service outages and data compromises has long-lasting negative effects. Then add the compounding power of social networking to quickly spread the word about service issues, and you have a recipe for reputation disaster.
[You may also like: Securing the Customer Experience for 5G and IoT]
Always Under Attack
It’s safe for carriers to assume that their networks are always under attack. DDoS attack volume is escalating as hackers develop new and more technologically sophisticated ways to target carriers and their customers In 2018, attack campaigns were primarily composed of multiple attacks vectors, according to the Radware 2018–2019 Global Application & Network Security Report.
The report finds that “a bigger picture is likely to emerge about the need to deploy security solutions that not only adapt to changing attack vectors to mitigate evolving threats but also maintain service availability at the same time.”
[You may also like: Here’s How Carriers Can Differentiate Their 5G Offerings]
Attack vectors include:
- SYN Flood
- UDP Flood
- DNS Flood
- HTTP Application Flood
- SSL Flood
- Burst Attacks
- Bot Attacks
Attackers prefer to keep a target busy by launching one or a few attacks at a time rather than firing the entire arsenal all at once. Carriers may be successful at blocking four or five attack vectors, but it only takes one failure for the damage to be done.