& cplSiteName &

BlackHat's Red Flags for CSPs

Patrick Donegan
8/8/2016
50%
50%

The vibe from the conference and exhibition floor at this year's event in Las Vegas left this first-time attendee in no doubt that BlackHat is well and truly growing up. The spirit of subversive hackery that filled BlackHat's attendee lists in the early days is certainly still there. But according to exhibitors and delegates alike there has been a clear shift in the attendee profile towards operational and commercial types charged with buying and implementing network security solutions for their businesses.

Not much of the conference or exhibition content was focused directly on the telecom sector that Heavy Reading serves. Key themes at BlackHat did nevertheless highlight some potentially key opportunities for communications service providers (CSPs) relating to security and data protection -- as well as some potential red flags.

One of the opportunities for CSPs was inadvertently highlighted in a day one keynote by Dan Kaminsky, one of the world's leading security researchers. Consistent with the pitching of the BlackHat community as a partner in a coalition of business, government and voluntary interests intent on protecting the Internet, Kaminsky lauded the work of America's National Institute of Standards and Technology (NIST). He praised the organization for its substantial contribution to Internet security by collecting all of the vulnerabilities of C and Java into a single program via the Software Assurance Metrics and Tool Evaluation (SAMATE) project.

Kaminsky even called for a cybersecurity equivalent of the US National Institute of Health (NIH) to help lead and drive research into cybersecurity. No scourge of government, he. Until, that is, he turned to what he called the "terrifying" drift towards greater Internet regulation unleashed by the Snowden revelations.

He alluded to the drive in Europe and elsewhere to block, restrict or otherwise regulate access to the cloud services of America's world-leading web-scale Internet companies (WICs) such as Microsoft Corp. (Nasdaq: MSFT) and Amazon Web Services Inc. . From a business and economic development perspective Kaminsky denounced these efforts as the computing equivalent of "stuffing dollar bills under the mattress."

Whatever the merits of that position, CSPs have been aggressively pursuing a more level regulatory playing field with the WICs for many years. So let's face it, any European CSP that doesn't see an opportunity to leverage its trusted, regulated, status to its advantage in this post-Snowden landscape is clearly missing a trick. That could take the form of Europe's CSPs attempting to compete with the WICs in cloud services, of course. Perhaps more likely it could take the form of greater collaboration between leaders among the two groups of companies.

Turning to red flags for the telecom sector, speed emerged as another key theme at BlackHat -- in the keynotes as well as on the exhibition floor. It's increasingly front and center in network security thinking that the more rapidly security policies or outcomes can be implemented or achieved, the smaller the window of opportunity for breaches to inflict extensive damage (or for them to occur in the first place).

As BlackHat Founder and Director Jeff Moss pointed out in his keynote, speed also matters in the commercial environment in the sense that measurements of speed are metrics that are concrete, persuasive and easily understandable to C-Level executives. As Moss put it, making consistent progress in reducing the time it takes to detect this, apply that, or patch the other maps well -- and looks good -- on any CEO’s dashboard.

Vendor marketing messages relating to speed were therefore very much in evidence everywhere at BlackHat. Cisco Systems Inc. (Nasdaq: CSCO) boasted of having reduced its mean time to detection from two days a year ago to 14 hours today, courtesy of its Advanced Malware Protection (AMP) product. Check Point Software Technologies Ltd. (Nasdaq: CHKP) said that its Sandblaster sandbox solution can create an instant copy of a suspect file in one second and deliver a verdict on whether it's safe or not within two minutes. SparkCognition Inc., a company that includes Verizon Ventures among its backers, pitched its SparkSecure security analytics application as performing "five times faster than traditional SIEMs."

Since there's no reason why a CSP can't benefit from the speed offered by these, as well as numerous other, security solutions how on earth can the theme of speed be interpreted as a red flag for CSPs coming out of BlackHat?

Quite simply because it's one thing to be able to spot a threat or vulnerability quickly, it's another thing altogether to be able to act on that and fix, remediate or mitigate the vulnerability quickly. And CSPs are a long way behind the WICs with respect to the software programmability -- hence the agility -- of their network infrastructure. They're a long way behind many enterprises too.

In that respect the legacy network architectures of the CSPs are a barrier to them not just being able to grow their networks at web scale but to be able to protect them at web speed. Considered from this perspective, a key take-away from BlackHat for CSPs is that the rigidities and long cycle times built into their operational model are emerging as a fundamental security vulnerability. Over time they risk becoming their single biggest vulnerability.

Some other reddish flags also emerged during BlackHat. Very recent sets of consumer survey data were released or cited during the event. Some data pointed to a rise in the number of American consumers having personal experience of suffering harmful cyber attacks. Other data pointed to some Americans becoming less willing than they once were to consume online applications due to cyber threats.

You might think that would go hand in hand with an uptick in the level of cyber hygiene practiced by Americans. The evidence presented by Google (Nasdaq: GOOG) researcher Elie Bursztei, suggested otherwise. He recently performed the old trick of randomly scattering 297 USB drives around the campus of the University of Illinois' Urbana-Champaign.

How many of these USB drives do you suppose "called home" to the Google researchers having been picked up and inserted into a laptop by one of Illinois' brightest, tech-savviest, young adults? A couple of dozen, perhaps? Think again. No less than 135 -- fully 45% of them -- called home.

It would seem unlikely that continued growth in aggregate demand for Internet services is materially at risk from cyber threats. But, left unchecked, the negative trends cited in consumer experience outlooks and behaviors do suggest that the angle of elevation of growth in Internet traffic will under-achieve relative to its potential. And that's surely an outcome that CSPs and their vendors should be motivated to try and prevent.

In a similar vein, a number of vendor exhibitors sought to position security threats as the key barrier preventing the Internet of Things (IoT) from growing in line with the very high expectations driven by some high-tech industry leaders (including some in the telecom sector).

I don’t actually buy that, not so far as the telecom sector is concerned anyway. There's certainly something in it. But the fact that most CSPs, besides the biggest Tier 1 players, have only dipped their toe in the water of the IoT market up until now has more to do with broader business model and ROI issues. It's not as if you resolve the security concerns and that alone then triggers the IoT market to take off.

LogRythm ran an ad throughout the Las Vegas airport and Mandalay Bay Convention Center inviting BlackHat delegates to "Improve Your Chances" of avoiding a breach. CSPs, other service providers and enterprises have a great opportunity to do the same again with our own "Service Provider & Enterprise Security Strategies" event in New York on December 1. Who knows? In the spirit of a coalition of the willing, it might even be nice to see some hackers join us this time too.

— Patrick Donegan, Chief Analyst, Heavy Reading

(1)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
harron
50%
50%
harron,
User Rank: Light Beer
8/12/2016 | 10:38:52 AM
Amazing techniques
It would seem unlikely that continued growth in aggregate demand for Internet services is materially at risk from cyber threats. That was really a wonderful technological and interesting things. Thanks.
More Blogs from Heavy Lifting Analyst Notes
Challenging the dominance of coherent detection, direct detection modulation has re-emerged as an economically viable option in metro data center interconnection (DCI).
Designed-for-purpose, private LTE systems are emerging as the preferred wireless platform for enterprises with production-critical automation and mobility needs.
The 'cloudification' phase ain't no walk in the park.
Robotic process automation (RPA) combined with AI can significantly increase the scope for automation in telecom service operations.
While there is little debate that fiber-based fronthaul is the future, there is concern that the CPRI protocol, as it stands, does not scale to the demands of 5G.
From The Founder
Kicking off BCE 2017, Light Reading founder Steve Saunders lays blame for NFV's slow ramp-up and urges telecom to return to old-fashioned standards building and interoperability.
Flash Poll
Live Streaming Video
Charting the CSP's Future
Six different communications service providers join to debate their visions of the future CSP, following a landmark presentation from AT&T on its massive virtualization efforts and a look back on where the telecom industry has been and where it's going from two industry veterans.
Women in Comms Introduction Videos
Cisco: Mentoring Critical to Attract & Retain Women

7|19|17   |   6:40   |   (1) comment


Liz Centoni, senior vice president and general manager of Cisco's Computing System Product Group, shares why mentoring in all its forms is important for women and what Cisco is doing that's made a difference for women in tech.
LRTV Custom TV
Gigabit LTE With Snapdragon 835

7|12|17   |     |   (1) comment


At an event in Wembley stadium, EE used its live network to demonstrate gigabit LTE using a Sony Xperia XZ Premium smartphone with a Qualcomm Snapdragon 835 chip.
LRTV Custom TV
Implementing Machine Intelligence With Guavus

7|12|17   |     |   (0) comments


Guavus unites big data and machine intelligence, enabling many of the the largest service providers in the world to save money and drive measureable revenue. Learn how applying Machine Intelligence substantially reduces operational costs and in many cases can eliminate subscriber impact, meaning a better subscriber experience and higher NPS.
LRTV Custom TV
Unlocking Customer Experience Insights With Machine Intelligence

7|12|17   |     |   (0) comments


When used to analyze operational data and to drive operational decisions, machine intelligence reduces the number of tasks which require human intervention. Guavus invested in Machine Intelligence early. Learn about the difference between Machine Learning and Machine Intelligence.
Women in Comms Introduction Videos
Verizon VP Talks Network, Career Planning

7|12|17   |   4:49   |   (0) comments


Heidi Hemmer, vice president of Technology, Strategy & Planning at Verizon, shares how bold bets and the future of tech define her career.
Telecom Innovators Video Showcase
Masergy's NFV Journey

7|11|17   |     |   (0) comments


Ray Watson, vice president of global technology at Masergy, discusses the advantages and challenges in entering the still-maturing NFV market for the past three years.
Telecom Innovators Video Showcase
Mavenir on RCS Cloud Platform & Multi-ID

7|10|17   |     |   (0) comments


Guillaume Le Mener, head of marketing and corporate development at Mavenir, discussed RCS and the recent launch of Multi-ID, which supports T-Mobile's DIGITS, the revolutionary new technology that breaks down the limitation of one number per phone and one phone per number.
LRTV Custom TV
ADTRAN Executive Outlines Trends in Next-Generation 10-Gigabit Cable Networks

7|10|17   |     |   (0) comments


Hossam Salib, VP of Cable and Wireless Strategy at ADTRAN, outlines key trends as MSOs begin to deploy next-generation Gigabit and 10-Gigabit cable networks. In the interview, Hossam outlines the advantages of a Fiber Deep architecture, FTTH options including EPON and RFoG, and the importance of SDN and NFV in building next-generation high-bandwidth cable networks.
LRTV Interviews
Global Capacity: Bandwidth Demand Driving Ethernet Growth

7|6|17   |   6:37   |   (0) comments


At Light Reading's Big Communications Event in Austin, Texas, Global Capacity's VP of Marketing Mary Stanhope talks about how the demand for bandwidth is changing the way service providers deliver broadband services.
LRTV Interviews
Colt's Services Chief on Digital Delivery

7|5|17   |   16:12   |   (0) comments


Rogier Bronsgeest, the chief customer experience officer (chief CEO!) at Colt, discusses the way in which the service provider interacts with its customers these days and his aggressive net promoter score (NPS) targets.
Women in Comms Introduction Videos
BT VP: Women Should Fill Security Talent Gap

7|5|17   |   6:00   |   (2) comments


By 2020 there will be six security jobs for every qualified worker, and Kate Kuehn, vice president of Security for BT in the Americas, says BT wants to encourage women to fill the shortage in jobs.
LRTV Interviews
Colt Sales Exec on Services Trends

7|4|17   |   12:59   |   (0) comments


Colt's sales director for enterprise, James Kershaw, sheds some light on the services currently in demand and how network upgrades are influencing customer demand.
Upcoming Live Events
September 28, 2017, Denver, CO
October 18, 2017, Colorado Convention Center - Denver, CO
November 1, 2017, The Royal Garden Hotel
November 1, 2017, The Montcalm Marble Arch
November 2, 2017, 8 Northumberland Avenue, London, UK
November 30, 2017, The Westin Times Square
All Upcoming Live Events
Infographics
With the mobile ecosystem becoming increasingly vulnerable to security threats, AdaptiveMobile has laid out some of the key considerations for the wireless community.
Hot Topics
Mobile to Power Online Video Consumption – Zenith
Aditya Kishore, Practice Leader, Video Transformation, Telco Transformation, 7/19/2017
Can Mushroom Sprout in Crowded SD-WAN Field?
Carol Wilson, Editor-at-large, 7/18/2017
AI Will Be Ubiquitous in 2020 but Overhyped in 2017 – Gartner
Sarah Thomas, Director, Women in Comms, 7/18/2017
Facing the Facebook Video Threat
Gary Miles, Chief Marketing Officer, Amdocs, 7/17/2017
Brocade, Broadcom Merger in Doubt
Iain Morris, News Editor, 7/19/2017
Like Us on Facebook
Twitter Feed
BETWEEN THE CEOs - Executive Interviews
Following a recent board meeting, the New IP Agency (NIA) has a new strategy to help accelerate the adoption of NFV capabilities, explains the Agency's Founder and Secretary, Steve Saunders.
One of the nice bits of my job (other than the teeny tiny salary, obviously) is that I get to pick and choose who I interview for this slot on the Light Reading home ...
Animals with Phones
Fuzzy Quick Fix Click Here
If you can't access it, is it really broken?
Live Digital Audio

Playing it safe can only get you so far. Sometimes the biggest bets have the biggest payouts, and that is true in your career as well. For this radio show, Caroline Chan, general manager of the 5G Infrastructure Division of the Network Platform Group at Intel, will share her own personal story of how she successfully took big bets to build a successful career, as well as offer advice on how you can do the same. We’ll cover everything from how to overcome fear and manage risk, how to be prepared for where technology is going in the future and how to structure your career in a way to ensure you keep progressing. Chan, a seasoned telecom veteran and effective risk taker herself, will also leave plenty of time to answer all your questions live on the air.