& cplSiteName &

Don't Be the Next DDoS Headline: How Virtualization Can Bolster Service Provider Security

Dilip Pillaipakam
6/14/2017
50%
50%

In this day and age of increasingly sophisticated botnet and malware attacks, today's telcos and communication service providers are more vulnerable to large-scale DDoS attacks than ever.

As DDoS attacks ramp up in volume and scale, it's important that service providers remain vigilant and create safeguards against vulnerabilities. Consumers around the world look to service providers to provide the best-of-breed and most secure connectivity and 24/7 Internet service. The failure to do so can cost providers millions of dollars in lost revenue and brand reputation, not to mention incurring customer wrath and churn. So how can today's service providers protect themselves -- and their subscribers? This can seem like a daunting task, especially as providers already grapple with pressures of mobile device explosion; consumers' always-on expectations; and next-generation demands of flexibility, security and scalability.

Since security is often thought of as a perimeter approach, it may come as a surprise that adopting virtualization technologies can help providers bolster both security and service. By now, we know that network function virtualization (NFV) delivers tremendous benefits as it relates to service agility and improved operating efficiencies leading to lower operating costs; however, one of the less discussed and largely overlooked benefits of NFV is security.

Here are some ways NFV can help improve security in service provider networks:

Distributed security policy enforcement
A key benefit of virtualization is the ability to move functions closer to the subscriber. Not only can this help reduce latency and improve performance of the network, it also improves security by moving the security functions and associated policies closer to the subscribers/users. Via protecting the network at the edge, thwarting attacks closer to the user protects the core from potentially expensive security implementations. Implementing security directly into distributed network functions ensures that security is built in to every virtualized network -- and not bolted on as an afterthought. Minimizing impact at the core is a huge security benefit for NFV.

Scalable, on-demand security
One of the well-established benefits of virtualization is the ability to spin up capacity on the fly. This attribute of NFV can be leveraged to ensure that the security functions also scale up and down as attacks on the networks increase. An often overlooked security vulnerability revolves around DNS-based exploits that bypass traditional security approaches. When thinking about potential DNS-based attacks, many carriers struggle with the challenging decision of over-provisioning the network to be safe or trying to be more cost-conservative. But NFV can help ensure that carriers don't have to make this choice.

As an example, in the event of an attack, an NFV-based network can be architected to add more capacity on demand in response to attack. This can help ensure that networks are not over-provisioned for attacks, thus helping reduce both capex and opex while also providing the flexibility to grow on demand. Additionally, coupling elastic scaling NFV capability with advanced DNS protection can help carriers absorb an initial attack so the security ecosystem can identify flows that need to be blocked or scrubbed.

Using a virtualized DDI (DNS, DHCP and IP Address Management) appliance with elastic scaling capabilities can help providers maintain critical DNS service availability even during malicious attacks. Moreover, it can help providers automate the allocation/de-allocation of IP addresses and DNS host names, cutting down the manual processes for IPAM most providers still rely on. In turn, this boosts efficiencies and lowers costs -- all key benefits of the new NFV paradigm as providers transition from legacy non-dynamic deployments to virtualized ones.

Lower costs to deploy security
Traditionally, advanced security has required specialized hardware and associated software. Thanks to advances in the capabilities of generic processors and virtualization, what was traditionally only possible with proprietary systems is now achievable on generic computing systems with virtualization. This dramatically reduces costs of deploying security and makes security much more accessible to organizations of all sizes -- both for current requirements and future needs.

Moving toward virtualized, secure networks
In summary, utilizing NFV can help service providers 1) Build networks that are distributed to minimize points of failure 2) Deploy networks that are elastic and scale on demand with potential attacks 3) Lower security costs via implementing advanced security capabilities on generic compute architectures.

In today's era of heightened cyberthreats and next-generation network demands, service providers cannot underestimate the importance of keeping subscribers satisfied and safe, and maintaining on-demand service and brand integrity. Fortunately, virtualization can allow today's service providers to keep pace with all of these -- all while boosting security.

Dilip Pillaipakam is vice president and general manager of service provider business at network security company Infoblox. He works closely with Infoblox's large service provider customer base (of more than 200 operators worldwide) to secure and scale their network infrastructures.

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
More Blogs from Column
NFV is still behind in becoming cloud-native. A look at what cloud providers are doing with FPGAs should provide inspiration.
Sensible regulations are needed as smaller radios get installed to facilitate 5G.
Now that communications service providers have reached a crossroads, they must choose quickly to survive.
A merger between Sprint and T-Mobile could help to address the gap between the US and its global peers on mobile broadband speeds.
Mobile networks will transform from now through 2020, more than since the inception of 2G. New 4G capabilities will trigger some of that, however, 5G both enables and encourages more fundamental change.
Featured Video
From The Founder
Light Reading is spending much of this year digging into the details of how automation technology will impact the comms market, but let's take a moment to also look at how automation is set to overturn the current world order by the middle of the century.
Flash Poll
Upcoming Live Events
November 30, 2017, The Westin Times Square
December 5-7, 2017, The Intercontinental Prague
March 20-22, 2018, Denver Marriott Tech Center
May 14-17, 2018, Austin Convention Center
All Upcoming Live Events
Infographics
SmartNICs aren't just about achieving scale. They also have a major impact in reducing CAPEX and OPEX requirements.
Hot Topics
When Will 6G Arrive? Hopefully Never, Says BT's McRae
Iain Morris, News Editor, 11/21/2017
Let's Talk About 5G Efficiency, Not Wacky Services
Iain Morris, News Editor, 11/21/2017
AT&T's Lurie Leaps to Synchronoss as New CEO
Dan Jones, Mobile Editor, 11/17/2017
Wireless Could Arrive Soon in NYC Subway Tunnels
Dan Jones, Mobile Editor, 11/20/2017
Sprint COO Ottendorfer Jumps Ship
Dan Jones, Mobile Editor, 11/17/2017
Animals with Phones
Live Digital Audio

Understanding the full experience of women in technology requires starting at the collegiate level (or sooner) and studying the technologies women are involved with, company cultures they're part of and personal experiences of individuals.

During this WiC radio show, we will talk with Nicole Engelbert, the director of Research & Analysis for Ovum Technology and a 23-year telecom industry veteran, about her experiences and perspectives on women in tech. Engelbert covers infrastructure, applications and industries for Ovum, but she is also involved in the research firm's higher education team and has helped colleges and universities globally leverage technology as a strategy for improving recruitment, retention and graduation performance.

She will share her unique insight into the collegiate level, where women pursuing engineering and STEM-related degrees is dwindling. Engelbert will also reveal new, original Ovum research on the topics of artificial intelligence, the Internet of Things, security and augmented reality, as well as discuss what each of those technologies might mean for women in our field. As always, we'll also leave plenty of time to answer all your questions live on the air and chat board.

Like Us on Facebook
Twitter Feed
Partner Perspectives - content from our sponsors
The Mobile Broadband Road Ahead
By Kevin Taylor, for Huawei
All Partner Perspectives