& cplSiteName &

Don't Be the Next DDoS Headline: How Virtualization Can Bolster Service Provider Security

Dilip Pillaipakam
6/14/2017
50%
50%

In this day and age of increasingly sophisticated botnet and malware attacks, today's telcos and communication service providers are more vulnerable to large-scale DDoS attacks than ever.

As DDoS attacks ramp up in volume and scale, it's important that service providers remain vigilant and create safeguards against vulnerabilities. Consumers around the world look to service providers to provide the best-of-breed and most secure connectivity and 24/7 Internet service. The failure to do so can cost providers millions of dollars in lost revenue and brand reputation, not to mention incurring customer wrath and churn. So how can today's service providers protect themselves -- and their subscribers? This can seem like a daunting task, especially as providers already grapple with pressures of mobile device explosion; consumers' always-on expectations; and next-generation demands of flexibility, security and scalability.

Since security is often thought of as a perimeter approach, it may come as a surprise that adopting virtualization technologies can help providers bolster both security and service. By now, we know that network function virtualization (NFV) delivers tremendous benefits as it relates to service agility and improved operating efficiencies leading to lower operating costs; however, one of the less discussed and largely overlooked benefits of NFV is security.

Here are some ways NFV can help improve security in service provider networks:

Distributed security policy enforcement
A key benefit of virtualization is the ability to move functions closer to the subscriber. Not only can this help reduce latency and improve performance of the network, it also improves security by moving the security functions and associated policies closer to the subscribers/users. Via protecting the network at the edge, thwarting attacks closer to the user protects the core from potentially expensive security implementations. Implementing security directly into distributed network functions ensures that security is built in to every virtualized network -- and not bolted on as an afterthought. Minimizing impact at the core is a huge security benefit for NFV.

Scalable, on-demand security
One of the well-established benefits of virtualization is the ability to spin up capacity on the fly. This attribute of NFV can be leveraged to ensure that the security functions also scale up and down as attacks on the networks increase. An often overlooked security vulnerability revolves around DNS-based exploits that bypass traditional security approaches. When thinking about potential DNS-based attacks, many carriers struggle with the challenging decision of over-provisioning the network to be safe or trying to be more cost-conservative. But NFV can help ensure that carriers don't have to make this choice.

As an example, in the event of an attack, an NFV-based network can be architected to add more capacity on demand in response to attack. This can help ensure that networks are not over-provisioned for attacks, thus helping reduce both capex and opex while also providing the flexibility to grow on demand. Additionally, coupling elastic scaling NFV capability with advanced DNS protection can help carriers absorb an initial attack so the security ecosystem can identify flows that need to be blocked or scrubbed.

Using a virtualized DDI (DNS, DHCP and IP Address Management) appliance with elastic scaling capabilities can help providers maintain critical DNS service availability even during malicious attacks. Moreover, it can help providers automate the allocation/de-allocation of IP addresses and DNS host names, cutting down the manual processes for IPAM most providers still rely on. In turn, this boosts efficiencies and lowers costs -- all key benefits of the new NFV paradigm as providers transition from legacy non-dynamic deployments to virtualized ones.

Lower costs to deploy security
Traditionally, advanced security has required specialized hardware and associated software. Thanks to advances in the capabilities of generic processors and virtualization, what was traditionally only possible with proprietary systems is now achievable on generic computing systems with virtualization. This dramatically reduces costs of deploying security and makes security much more accessible to organizations of all sizes -- both for current requirements and future needs.

Moving toward virtualized, secure networks
In summary, utilizing NFV can help service providers 1) Build networks that are distributed to minimize points of failure 2) Deploy networks that are elastic and scale on demand with potential attacks 3) Lower security costs via implementing advanced security capabilities on generic compute architectures.

In today's era of heightened cyberthreats and next-generation network demands, service providers cannot underestimate the importance of keeping subscribers satisfied and safe, and maintaining on-demand service and brand integrity. Fortunately, virtualization can allow today's service providers to keep pace with all of these -- all while boosting security.

Dilip Pillaipakam is vice president and general manager of service provider business at network security company Infoblox. He works closely with Infoblox's large service provider customer base (of more than 200 operators worldwide) to secure and scale their network infrastructures.

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
More Blogs from Column
Status and next steps on spectrum policy for Gigabit LTE and 5G in the US and beyond.
Will social media platforms be the next big disruptor of the pay-TV industry? Could be, but pay-TV providers have ways to respond to this and other threats.
Gigabit LTE is a must-have, not a gimmick, for operators around the globe.
What organizations can expect when becoming GDPR compliant and how they can effectively navigate it.
Is there an upside to Moore's Law slowing down? Actually, there are many.
From The Founder
NFV's promises of automation and virtualization are intriguing, but what really excites service providers is the massive amount of money they could save.
Flash Poll
Live Streaming Video
Charting the CSP's Future
Six different communications service providers join to debate their visions of the future CSP, following a landmark presentation from AT&T on its massive virtualization efforts and a look back on where the telecom industry has been and where it's going from two industry veterans.
Women in Comms Introduction Videos
AT&T's Tech President Preps Workforce for the Future

7|26|17   |   5:47   |   (6) comments


AT&T is focused on the software-defined network of the future and is reskilling its workforce to get ready too, according to AT&T's President of Technology Development Melissa Arnoldi.
Women in Comms Introduction Videos
Cisco: Mentoring Critical to Attract & Retain Women

7|19|17   |   6:40   |   (1) comment


Liz Centoni, senior vice president and general manager of Cisco's Computing System Product Group, shares why mentoring in all its forms is important for women and what Cisco is doing that's made a difference for women in tech.
LRTV Custom TV
Gigabit LTE With Snapdragon 835

7|12|17   |     |   (1) comment


At an event in Wembley stadium, EE used its live network to demonstrate gigabit LTE using a Sony Xperia XZ Premium smartphone with a Qualcomm Snapdragon 835 chip.
LRTV Custom TV
Implementing Machine Intelligence With Guavus

7|12|17   |     |   (0) comments


Guavus unites big data and machine intelligence, enabling many of the the largest service providers in the world to save money and drive measureable revenue. Learn how applying Machine Intelligence substantially reduces operational costs and in many cases can eliminate subscriber impact, meaning a better subscriber experience and higher NPS.
LRTV Custom TV
Unlocking Customer Experience Insights With Machine Intelligence

7|12|17   |     |   (0) comments


When used to analyze operational data and to drive operational decisions, machine intelligence reduces the number of tasks which require human intervention. Guavus invested in Machine Intelligence early. Learn about the difference between Machine Learning and Machine Intelligence.
Women in Comms Introduction Videos
Verizon VP Talks Network, Career Planning

7|12|17   |   4:49   |   (0) comments


Heidi Hemmer, vice president of Technology, Strategy & Planning at Verizon, shares how bold bets and the future of tech define her career.
Telecom Innovators Video Showcase
Masergy's NFV Journey

7|11|17   |     |   (0) comments


Ray Watson, vice president of global technology at Masergy, discusses the advantages and challenges in entering the still-maturing NFV market for the past three years.
Telecom Innovators Video Showcase
Mavenir on RCS Cloud Platform & Multi-ID

7|10|17   |     |   (0) comments


Guillaume Le Mener, head of marketing and corporate development at Mavenir, discussed RCS and the recent launch of Multi-ID, which supports T-Mobile's DIGITS, the revolutionary new technology that breaks down the limitation of one number per phone and one phone per number.
LRTV Custom TV
ADTRAN Executive Outlines Trends in Next-Generation 10-Gigabit Cable Networks

7|10|17   |     |   (0) comments


Hossam Salib, VP of Cable and Wireless Strategy at ADTRAN, outlines key trends as MSOs begin to deploy next-generation Gigabit and 10-Gigabit cable networks. In the interview, Hossam outlines the advantages of a Fiber Deep architecture, FTTH options including EPON and RFoG, and the importance of SDN and NFV in building next-generation high-bandwidth cable networks.
LRTV Interviews
Global Capacity: Bandwidth Demand Driving Ethernet Growth

7|6|17   |   6:37   |   (0) comments


At Light Reading's Big Communications Event in Austin, Texas, Global Capacity's VP of Marketing Mary Stanhope talks about how the demand for bandwidth is changing the way service providers deliver broadband services.
LRTV Interviews
Colt's Services Chief on Digital Delivery

7|5|17   |   16:12   |   (0) comments


Rogier Bronsgeest, the chief customer experience officer (chief CEO!) at Colt, discusses the way in which the service provider interacts with its customers these days and his aggressive net promoter score (NPS) targets.
Women in Comms Introduction Videos
BT VP: Women Should Fill Security Talent Gap

7|5|17   |   6:00   |   (2) comments


By 2020 there will be six security jobs for every qualified worker, and Kate Kuehn, vice president of Security for BT in the Americas, says BT wants to encourage women to fill the shortage in jobs.
Upcoming Live Events
September 28, 2017, Denver, CO
October 18, 2017, Colorado Convention Center - Denver, CO
November 1, 2017, The Royal Garden Hotel
November 1, 2017, The Montcalm Marble Arch
November 2, 2017, 8 Northumberland Avenue, London, UK
November 30, 2017, The Westin Times Square
All Upcoming Live Events
Infographics
With the mobile ecosystem becoming increasingly vulnerable to security threats, AdaptiveMobile has laid out some of the key considerations for the wireless community.
Hot Topics
NFV, SDN, Big Data – It's All About Automation
Craig Matsumoto, Editor-in-Chief, Light Reading, 7/21/2017
AT&T's Tech President Preps Workforce for the Future
Kelsey Kusterer Ziser, Editor, 7/26/2017
What's a Little Throttling Between Friends?
Mari Silbey, Senior Editor, Cable/Video, 7/24/2017
The Hidden (Human) Cost of Automation
Steve Saunders, CEO and founder, Light Reading, 7/26/2017
BBC Head: We Must Reinvent Broadcasting for a New Generation
Aditya Kishore, Practice Leader, Video Transformation, Telco Transformation, 7/21/2017
Like Us on Facebook
Twitter Feed
BETWEEN THE CEOs - Executive Interviews
Following a recent board meeting, the New IP Agency (NIA) has a new strategy to help accelerate the adoption of NFV capabilities, explains the Agency's Founder and Secretary, Steve Saunders.
One of the nice bits of my job (other than the teeny tiny salary, obviously) is that I get to pick and choose who I interview for this slot on the Light Reading home ...
Animals with Phones
Live Digital Audio

Playing it safe can only get you so far. Sometimes the biggest bets have the biggest payouts, and that is true in your career as well. For this radio show, Caroline Chan, general manager of the 5G Infrastructure Division of the Network Platform Group at Intel, will share her own personal story of how she successfully took big bets to build a successful career, as well as offer advice on how you can do the same. We’ll cover everything from how to overcome fear and manage risk, how to be prepared for where technology is going in the future and how to structure your career in a way to ensure you keep progressing. Chan, a seasoned telecom veteran and effective risk taker herself, will also leave plenty of time to answer all your questions live on the air.