Nokia seeks to solve network security issues
America’s T-mobile reported two months ago that it was the victim of cybercrime, with personal data of up to two million customers exposed.
T-mobile was just the latest example of telecommunication service providers being targeted by cybercriminals all over the world. Talktalk in the UK, Swisscom in Switzerland and True Corp in Thailand have all admitted to hacking this year alone.
And those are just the ones we know of. Telcos are attractive targets for cyber threats because they possess valuable personally identifiable information (PII). They also appeal to politically motivated attackers and nation-state hacking, observes Moiz Baig, head of security solutions, Nokia MEA. They are also increasingly being used as entry points for malicious actors to launch secondary attacks, he adds.
“The most attractive telcos’ targets include user equipment, access networks, high-value data as well as mobile core and IP networks. Advance persistent threat (APT) is another growing attack methodology, which is focused on either data exfiltration or impacting the network service,” Moiz explains.
“With the onset of 5G and with the uptake of technologies such as virtualisation and cloud, telcos have to revisit securing all aspects of services being offered to customers -- not just limited to traditional users but endpoints including machines and devices,” Moiz adds.
The recent increase in sophisticated, targeted security threats such as advanced persistent threats (APTS) and ransomware by both insiders and external attackers has raised the awareness and urged communication service providers for comprehensive security strategies and framework.
To combat such threats, network security framework should be able to help security operation teams to streamline and accelerate business processes, reduce costs, and proactively prevent, pinpoint, and address security threats before they result in breaches. To stay ahead of these threats, the right balance between proactive and reactive security best practices are required warns Moiz.
Network security is very much a collaborative effort. Various stakeholders, including service providers, equipment manufacturers, suppliers and thirdparty service providers need to work together to ensure holistic network security, says Moiz. “All relevant stakeholders are required to work in tandem to have robust security controls at various layers for building an in- depth network security methodology,” he adds.
Service providers can play a front-end role towards subscribers, regulators and shareholders while vendors with advanced technologies like Nokia can feedin with best-in-class security solutions to service providers to have comprehensive future-proof security architecture coupled with security solutions for endpoints, network elements, applications, and others. “In view of today’s growing trend of advanced threats, vendors are expected to
An expanded security management solution enables security operations teams to automate and prioritise activities and report data to inform better business decision making.” MOIZ BAIG, HEAD OF SECURITY SOLUTIONS, NOKIA MEA
work as trusted partners to help service providers for improving network security continuously to keep network secure and compliant all the time,” says Moiz.
Nokia Netguard ACTIVE security helps security teams identify and limit cybersecurity risks, detect more attacks and respond faster. “Nokia ACTIVE security covers the complete cycle of many security incidents starting from detection, prioritisation, responding and predicting any malicious event in an end-to-end network. It also touches areas of organisational security policies and enables service providers to assess and measure security KPIS all the time,” Moiz explains.
The traditional mitigation approach is largely based on manual processes without a centralised management system. This is still a reasonable approach for some organisations, but the increasing sophistication of attacks and growing regulatory complexity mean this will not be a tenable approach in the medium term, Moiz warns.
What is required is an expanded security management solution with security orchestration, analytics, and response (SOAR) with support workflow management, automation and reporting. This would enable security operations teams to automate and prioritise activities and report data to inform better business decision making.
“Replacing today’s manually-intensive approaches with security management systems built on three pillars -- security analytics, machine learning and automation, as reflected in Nokia’s security solution – is vital to mitigate the threats,” Moiz says.
Security analytics correlates data from across the network, devices and cloud layers to spot suspicious anomalies and provides insight into the nature of the threat, the associated business risk and the recommended response. In a device functioning correctly but leaking data, security analytics could spot trouble by detecting CPU activity spikes or unusual levels of keep-alive signalling.
With machine learning, on the other hand, the effectiveness to identify communication patterns of viruses and threats would increase continuously.
Tying everything together is a set of best practices that should be in every security manager’s toolkit. “Good governance is needed to educate employees on security risks, as not even the best tools, processes and systems can avoid security breaches caused by human errors and oversights,” Moiz concludes.
Access networks are another attractive target.
The right balance between proactive and reactive security best practices are required, warns Moiz.
Telcos targeted as they hold valuable personal information.