SE­CU­RITY RE­PORT

Nokia seeks to solve net­work se­cu­rity is­sues

Network Middle East - - CONTENTS -

Amer­ica’s T-mo­bile re­ported two months ago that it was the vic­tim of cy­ber­crime, with per­sonal data of up to two mil­lion cus­tomers ex­posed.

T-mo­bile was just the lat­est ex­am­ple of telecom­mu­ni­ca­tion ser­vice providers be­ing tar­geted by cy­ber­crim­i­nals all over the world. Talk­talk in the UK, Swiss­com in Switzer­land and True Corp in Thai­land have all ad­mit­ted to hack­ing this year alone.

And those are just the ones we know of. Tel­cos are at­trac­tive tar­gets for cy­ber threats be­cause they pos­sess valu­able per­son­ally iden­ti­fi­able in­for­ma­tion (PII). They also ap­peal to po­lit­i­cally mo­ti­vated at­tack­ers and na­tion-state hack­ing, ob­serves Moiz Baig, head of se­cu­rity so­lu­tions, Nokia MEA. They are also in­creas­ingly be­ing used as en­try points for ma­li­cious ac­tors to launch sec­ondary at­tacks, he adds.

“The most at­trac­tive tel­cos’ tar­gets in­clude user equip­ment, ac­cess net­works, high-value data as well as mo­bile core and IP net­works. Ad­vance per­sis­tent threat (APT) is an­other grow­ing at­tack method­ol­ogy, which is fo­cused on ei­ther data ex­fil­tra­tion or im­pact­ing the net­work ser­vice,” Moiz ex­plains.

“With the onset of 5G and with the up­take of tech­nolo­gies such as vir­tu­al­i­sa­tion and cloud, tel­cos have to re­visit se­cur­ing all as­pects of ser­vices be­ing of­fered to cus­tomers -- not just lim­ited to tra­di­tional users but end­points in­clud­ing ma­chines and de­vices,” Moiz adds.

The re­cent in­crease in so­phis­ti­cated, tar­geted se­cu­rity threats such as ad­vanced per­sis­tent threats (APTS) and ran­somware by both in­sid­ers and ex­ter­nal at­tack­ers has raised the aware­ness and urged com­mu­ni­ca­tion ser­vice providers for com­pre­hen­sive se­cu­rity strate­gies and frame­work.

To com­bat such threats, net­work se­cu­rity frame­work should be able to help se­cu­rity op­er­a­tion teams to stream­line and ac­cel­er­ate busi­ness pro­cesses, re­duce costs, and proac­tively pre­vent, pin­point, and ad­dress se­cu­rity threats be­fore they re­sult in breaches. To stay ahead of these threats, the right bal­ance be­tween proac­tive and re­ac­tive se­cu­rity best prac­tices are re­quired warns Moiz.

Net­work se­cu­rity is very much a col­lab­o­ra­tive ef­fort. Var­i­ous stake­hold­ers, in­clud­ing ser­vice providers, equip­ment man­u­fac­tur­ers, sup­pli­ers and third­party ser­vice providers need to work to­gether to en­sure holis­tic net­work se­cu­rity, says Moiz. “All rel­e­vant stake­hold­ers are re­quired to work in tan­dem to have ro­bust se­cu­rity con­trols at var­i­ous lay­ers for build­ing an in- depth net­work se­cu­rity method­ol­ogy,” he adds.

COL­LAB­O­RA­TION

Ser­vice providers can play a front-end role to­wards sub­scribers, reg­u­la­tors and share­hold­ers while ven­dors with ad­vanced tech­nolo­gies like Nokia can feedin with best-in-class se­cu­rity so­lu­tions to ser­vice providers to have com­pre­hen­sive fu­ture-proof se­cu­rity ar­chi­tec­ture cou­pled with se­cu­rity so­lu­tions for end­points, net­work el­e­ments, ap­pli­ca­tions, and oth­ers. “In view of to­day’s grow­ing trend of ad­vanced threats, ven­dors are ex­pected to

An ex­panded se­cu­rity man­age­ment so­lu­tion en­ables se­cu­rity op­er­a­tions teams to au­to­mate and pri­ori­tise ac­tiv­i­ties and re­port data to in­form bet­ter busi­ness de­ci­sion mak­ing.” MOIZ BAIG, HEAD OF SE­CU­RITY SO­LU­TIONS, NOKIA MEA

work as trusted part­ners to help ser­vice providers for im­prov­ing net­work se­cu­rity con­tin­u­ously to keep net­work se­cure and com­pli­ant all the time,” says Moiz.

Nokia Net­guard AC­TIVE se­cu­rity helps se­cu­rity teams iden­tify and limit cy­ber­se­cu­rity risks, de­tect more at­tacks and re­spond faster. “Nokia AC­TIVE se­cu­rity cov­ers the com­plete cy­cle of many se­cu­rity in­ci­dents start­ing from de­tec­tion, pri­ori­ti­sa­tion, re­spond­ing and pre­dict­ing any ma­li­cious event in an end-to-end net­work. It also touches ar­eas of or­gan­i­sa­tional se­cu­rity poli­cies and en­ables ser­vice providers to as­sess and mea­sure se­cu­rity KPIS all the time,” Moiz ex­plains.

The tra­di­tional mit­i­ga­tion ap­proach is largely based on man­ual pro­cesses with­out a cen­tralised man­age­ment sys­tem. This is still a rea­son­able ap­proach for some or­gan­i­sa­tions, but the in­creas­ing so­phis­ti­ca­tion of at­tacks and grow­ing reg­u­la­tory com­plex­ity mean this will not be a ten­able ap­proach in the medium term, Moiz warns.

What is re­quired is an ex­panded se­cu­rity man­age­ment so­lu­tion with se­cu­rity or­ches­tra­tion, an­a­lyt­ics, and re­sponse (SOAR) with sup­port work­flow man­age­ment, au­to­ma­tion and re­port­ing. This would en­able se­cu­rity op­er­a­tions teams to au­to­mate and pri­ori­tise ac­tiv­i­ties and re­port data to in­form bet­ter busi­ness de­ci­sion mak­ing.

“Re­plac­ing to­day’s man­u­ally-in­ten­sive ap­proaches with se­cu­rity man­age­ment sys­tems built on three pil­lars -- se­cu­rity an­a­lyt­ics, ma­chine learn­ing and au­to­ma­tion, as re­flected in Nokia’s se­cu­rity so­lu­tion – is vi­tal to mit­i­gate the threats,” Moiz says.

Se­cu­rity an­a­lyt­ics cor­re­lates data from across the net­work, de­vices and cloud lay­ers to spot sus­pi­cious anom­alies and pro­vides in­sight into the na­ture of the threat, the as­so­ci­ated busi­ness risk and the rec­om­mended re­sponse. In a de­vice func­tion­ing cor­rectly but leak­ing data, se­cu­rity an­a­lyt­ics could spot trou­ble by de­tect­ing CPU ac­tiv­ity spikes or un­usual lev­els of keep-alive sig­nalling.

With ma­chine learn­ing, on the other hand, the ef­fec­tive­ness to iden­tify com­mu­ni­ca­tion pat­terns of viruses and threats would in­crease con­tin­u­ously.

Ty­ing ev­ery­thing to­gether is a set of best prac­tices that should be in every se­cu­rity man­ager’s tool­kit. “Good gov­er­nance is needed to ed­u­cate em­ploy­ees on se­cu­rity risks, as not even the best tools, pro­cesses and sys­tems can avoid se­cu­rity breaches caused by hu­man er­rors and over­sights,” Moiz con­cludes.

Ac­cess net­works are an­other at­trac­tive tar­get.

The right bal­ance be­tween proac­tive and re­ac­tive se­cu­rity best prac­tices are re­quired, warns Moiz.

Tel­cos tar­geted as they hold valu­able per­sonal in­for­ma­tion.

Newspapers in English

Newspapers from UAE

© PressReader. All rights reserved.