main

Service Provider

5G Security in an API-Driven Economy

May 15, 2019 — by Travis Volk0

5G_API-960x640.jpg

Over the last six years, solution architects have been designing the transformation of Service Provider’s networks to significantly reduce the timing of service and feature deployment lifecycles, standardizing on real-time service provisioning, consumption and end user autonomy.  This challenge has been in parallel to delivering highly scalable and cost effective solutions. 

These solutions, along with automation, are addressing emerging security challenges while extending tailored outcomes to individual lines of business and customers. The result is better security, user experiences and a broader addressable market. 

So how does this hard work improve our execution of 5G transformations? 

All About Those Apps

First, the fully automated software delivery model allows us to address the complexity of a widely distributed architecture in a repetitive model.  Network and security alignment improves resource allocation while optimizing consumption-based delivery from edge systems. 

[You may also like: The Necessary Burden of 5G Security]

The “edge” may have more than one meaning in this discussion, as service delivery platforms are no longer constrained to a single autonomous system. This flexibility leads Service Providers to a new era of content management and monetization as applications are deployed across numerous computing platforms to minimize latency. 

It is important to appreciate that these capabilities are all made possible because of application-to-application dialog that transpire over APIs.  Traditionally, application and API exposure had been constrained to IDC infrastructure. This meant that a secure DC or security gateway framework was used to harden the exposure of numerous applications in the same physical location. All of these applications communicated to the internet via a common path. In the scope of security design, this was a relatively easy problem to address. 

[You may also like: 5G: You Can Have Your Slice and Security Too!]

Now, take a step back to the previous ideology of 5G and it jumps out at you that API and application protections become a key component in modern edge security. 

From Security Zones to Network Slices

It is also interesting to recognize that traditional volumetric defense for infrastructure protection is changing rapidly.

Anomalous traffic easily evading netflow detection has been eroding precious core resources for too long.  When security functions are built into the network, attacks are automatically addressed locally, avoiding back-hauling attacks and driving efficiency back into the core. This highly scalable infrastructure protection strategy also serves as a point of escalation for more sophisticated or persistent attacks seen in gateways, applications and APIs. 

As we transition from security zones to network slices, this multi-tiered approach further lends itself to the decomposition of highly intelligent machine learning algorithms deployed contextually for the relevant protocols and applications. 

[You may also like: Safeguarding 5G Networks with Automation and AI]

As an example, IoT anomaly detection on the access edge requires very different algorithms than used for detecting attacks from the internet thru the peering edge. When we speak about application and API protection, protecting a mobile application requires entirely different techniques than addressing behavioral analysis for fraudulent account abuse. Having the ability to protect, adapt and optimize attack lifecycle management in cooperation with the orchestration layer for end-to-end security has been our greatest achievement in modern security design.

The Modern Landscape

Maybe the punchline is becoming obvious at this point but addressing end-to-end security with the ability to escalate application abuse to the edge of the system in a widely distributed architecture has become a modern landscape requirement. 

[You may also like: How to Prevent Real-Time API Abuse]

Automation is working on our behalf to drive agility into engineering, provisioning, billing and operations. With predefined workflows, analysts enjoy alert-driven processes and/or fully automated protection strategies designed to meet the high availability demands throughout a complex system.

If you track my work at all, you will appreciate that I have dedicated the last twenty years designing highly adaptive services.  If you are curious how you too can maximize security revenue across multiple lines of business, please reach out in the comment section below; service creation is one of my favorite points of discussion. 

2018 Mobile Carrier Ebook

Read “Creating a Secure Climate for your Customers” today.

Download Now

Attack MitigationSecurity

Looking Past the Hype to Discover the Real Potential of AI

January 22, 2019 — by Pascal Geenens1

AI-960x439.jpg

How can organizations cut through the hype around AI to understand the most important issues they should be addressing? How can they incorporate AI into their security strategies now to take advantage of the technology’s ability to detect and mitigate attacks that incorporate the same capabilities? Pascal Geenens, Radware’s EMEA security evangelist, weighs in.

What is the threat landscape, and how disruptive is it likely to be?

In the near term, cybercriminals will mainly use AI to automate attacks and improve evasion capabilities against detection systems and to increase the scale and reach of the threats. Expect to see AI used to automatically breach defenses and generate more sophisticated phishing attacks from information scraped from publicly accessible web sources. The scale of attacks will quickly escalate to volumes that we have never experienced before.

On the evasive side, machine-learning systems such as generative adversarial networks (GANs) can automatically create malware that is harder to detect and block. This technique has already been demonstrated by researchers. The MalGAN research project proposed a GAN to create evasive malware that goes undetected by all modern anti-malware systems, even the systems based on deep learning.

[You may also like: How Cyberattacks Directly Impact Your Brand: New Radware Report]

In the first phase, AI will be used to improve current attack tools to make them more harmful and difficult to detect.

Machine learning and automation can be leveraged to find new vulnerabilities, especially in large public clouds where cloud native systems are being built based on widely reused open-source software frameworks. Platforms running this software will become primary targets for vulnerability scanning.

Given that open-source code is readable and accessible by both criminals and security researchers, this platform may become the next battlefield with an associated “arms race” to  discover, abuse or fix vulnerabilities.  Deep learning will provide an advantage  in discovering new vulnerabilities based on code. While open source is an easier target, even closed-source software will not escape automated attacks based on the learning process of the attack program.

Looking further ahead, I can imagine large cybercrime organizations or nation-states using AI. Where machine learning was previously used mainly for automating attacks, now AI systems such as genetic algorithms and reinforced learning will be used to automatically generate new attack vectors and breach all kinds of systems, whether cloud, IoT or ICS. Then, combine this capability with the automation of the first stage. We will face a fully automated, continuously evolving attack ecosystem that will hack, crack and improve itself over time with no limits in scale or endurance.

[You may also like: DevOps: Application Automation? The Inescapable Path]

Cybercriminals could move from being the actual hackers, performing the real attack and penetrating defenses, to becoming maintainers and developers of the automated AI hacking machine. Machines will do the hacking; humans will focus on improving efficiency of the machines.

What vulnerabilities will make targets more attractive to criminals once AI is incorporated in their tools? How will it affect corporate espionage?

Ultimately every organization will be digitally transformed and become a primary target for automated attacks. Which targets are chosen will be solely dependent on the objective of the attack. For ransom and extortion, every organization is a good candidate target. For corporate espionage, it depends how much organizations are willing to pay to secure intellectual property in certain areas. It’s fair to say that, by definition, every organization can — and, at some point, will — be a target.

What about politically motivated cyberattacks initiated at the national level?

We’ve already witnessed attacks meant to influence public  opinion and the political landscape. Such attacks are likely to grow and become more difficult to identify early in the process and to protect against once attackers leverage deep learning and broader AI technologies. Attackers have already produced automatically generated messages and discussions, as well as “deep fake” videos that are created by AI algorithms.

[You may also like: Hacking Democracy: Vulnerable Voting Infrastructure and the Future of Election Security]

Influencing what topics are important and  manipulating opinions are becoming new weapons of choice for nation-states. Social platform providers need to take a stance and remain as clean as possible by dedicating much of their own AI-assisted automated detection systems to stay ahead of cybercriminals and others that create and improve AI-assisted automated systems for fake content creation.

From a defense perspective, what types of AI-based products will be used to combat more technologically savvy cybercriminals?

There’s a saying in our industry that “you cannot stop what you cannot detect.” Cybersecurity has become automated for the sake of the detection of new, increasingly complex and continuously adapting threats, and deep learning is improving that capability. AI, in the broad sense of the term, will probably come into play in the near-term future rather than immediately. The current state of AI in the defense discussion is confined to the traditional machine learning, and while deep learning shows a lot of promise, it is still too challenged to be used for automated mitigation. More intelligent and self-adaptive systems, the domain of AI, are still further out when it comes to automating our cyberdefenses.

Will the use of AI-based attacks by cybercriminals drive adoption of AI-based mitigation solutions by enterprises, organizations and institutions?

Yes, but not necessarily at the same pace. There are three factors to consider — the attack vector, its speed and its evasion technique:

  1. For example, using AI for phishing does not affect the victim in terms of change in attack vector, but it does increase the scale and number of targets, compelling every organization to improve its This protection might include AI-based systems, but not necessarily.
  2. On the other hand, as attacks get more automated, organizations will have to automate their security to ensure that they keep on top of the rising number and accelerated speed of attacks.
  3. When new evasion techniques based on AI are leveraged by cybercriminals, it will ultimately lead to the use of better detection systems that are based on AI.

Read “The Trust Factor: Cybersecurity’s Role in Sustaining Business Momentum” to learn more.

Download Now

DDoSSecurity

Machine Learning Algorithms for Zero Time to Mitigation

June 21, 2018 — by Amir Dahan0

zero-time-to-mitigate-960x747.jpg

DDoS attacks are growing in complexity and volume and represent a major threat to any organization. Service providers and enterprises require expertise and knowledge to successfully deal with these threats. While large organizations have the budget to develop in-house expertise to address DDoS attacks, there are still administrative burdens associated with protecting computing and infrastructure resources.